A New Twist to Sextortion
We began to publish articles about sextortion emails back in the summer of 2018. People were bombarded by fabricated emails claiming that malware had been installed on their computers allowing a cybercriminal to take control of their computer camera. The extortionist goes on to say that he has captured an embarrassing video of the computer owner “pleasuring himself” while watching pornography of underage girls. Of course, he threatens to publish the video unless the email recipient pays him in Bitcoin. This is obviously a form of blackmail. It is also a complete lie. Here is the latest variation...
In this variation, the extortionist provides the full name, email and home address of the recipient. He even includes a phone number which he threatens to post WITH the embarrassing video. However, the recipient of this bogus threat confirmed for us that the phone number doesn’t belong to him. Also, to increase the feeling of a personally targeted threat, the attached pdf file uses the name of the victim and the victim is told to use his first and last name as the password to open the file. Here is a screenshot of the text contained in this pdf, after removing the personal details of the recipient:
Though this is the first sextortion scam with an attached password-protected pdf file we have seen, there have been many variations of this scam. In one effective variation, the scammer has found old passwords for people on darknet markets amongst hacked/stolen website data. The scammer then sends this password in the email to his victim, claiming it is proof that he has malware installed on the victim’s computer, recording many things…. Including this password. Using the victim’s real name, a real password, or using a correct address is meant to build credibility for the claim about malware capturing an embarrassing video. However, logic would suggest that the best evidence to convince the recipient of such a video is to send a still shot SHOWING the face of the victim. This real proof of a video NEVER happens because the video doesn’t exist!
What makes this bogus extortion threat feel real and believable are several points...
According to various sources, a large percentage of men and women view online pornography. Here is one article of interest on this topic from FightTheNewDrug.org. (Published 10/2020)
Most people rarely update their passwords, and when they do, they choose passwords that are not considered strong. MOST importantly though, people typically use the same password for multiple websites and online services. So when one service/website is hacked and passwords are stolen, it puts ALL your other accounts at risk! (Read our article about how to create a set of strong passwords that are also easy to remember!)
Though rare, it has been possible for some malware to take control over the cameras on many different types of computers, tablets and smartphones, including Apple computers! Here are a few articles about these threats:
Keep in mind that online services are routinely hacked and data is stolen! This has included Yahoo, Microsoft Windows accounts, Steam (a gaming community) and Snapchat servers, as well as Macy’s, Marriott Hotels, Lord & Taylor, and Saks Fifth Avenue, for example. Most adults who have had online accounts for at least ten years have probably had five or more accounts compromised by hackers. You can actually see a list of many of these accounts by visiting the outstanding website called HaveIBeenPwned.com and enter your various email addresses. (Yes it is safe to do this! And yes, we recommend you do this at least every 6 months!) For example, one of Doug’s email addresses has been compromised 9 times between 2013 and 2020. Personal details have been stolen and posted on various darknet markets.
We dug under the hood of that pdf file and learned that it was actually created on June 13 using a pdf creator called SYLD, version 6.39. This seems to be a really obscure pdf creator and, as far as we can tell, associated with foreign countries like Germany and Sweden. However, this assessment is based on only a few breadcrumbs we were able to find across the Internet.
Finally, we don’t recommend scanning the QR code of any suspicious email because such a scan will automatically send your browser to a scammer’s website. This site may have REAL malware waiting to infect your device!
As we always say, don’t believe everything you read online! Especially a bogus threat meant to intimidate you into paying extortion money for a threat that doesn’t actually exist!
Daily Scam Home Page