For a couple of years, people have been receiving extortion emails in which the intended victim is told that his or her computer and web cam have been hacked and that the scammers have video of you watching porn online. They threaten to send the videos to people on your contact list unless you pay a ransom in Bitcoin or some other cryptocurrency. The truth is that while it is possible to hack into someone’s webcam, these letters are being sent out as mass mailings without the videos they claim to have. The scammers’ hope is that some people will be fearful enough to send the ransom. Now the scam has evolved whereby in order to appear as a more legitimate threat, the scammer includes in the email a password you have used. Again, however, this email extortion threat is baseless.  The password that is included in some versions of this email scam is indeed one that you have used. It was obtained by the scammer from one of the many data breaches in which passwords were stolen. This emphasizes the need to have unique passwords for all of your online accounts so that if there is a data breach in which your password is compromised, it will not pose a threat to all of your online accounts.

This scam also illustrates the vulnerabilities of webcams to being hacked. There have been a number of scams of which I have reported in which people’s webcams have been hacked and compromising videos taken. Often when people install webcams, they use default logins and passwords.  These default passwords are easy to find online.  Generally, when you hook up anything wireless to your router, it comes with a password and login so it is critical that whenever you install any of these Internet of Things devices, you change the password and login to protect yourself, which leads us to my second concern – routers.  A study by security company Avast found that about 80% of Americans do not properly secure their routers, leaving themselves vulnerable to being hacked.  Many people still use either default passwords or easily guessed passwords, such as “password” for their routers.

Today’s Scam of the day concerns an email sent to me by a Scamicide reader.  While this email does not provide a password you used in the past, it does try to frighten people into thinking that the scammer has hacked your computer and has compromising photos, videos and information.  The scammer is bluffing.  One indication that this is a mass emailed scam is the fact that there is no salutation with the name of the person receiving the email and the email has no details whatsoever.  The email does, however point up some important considerations for all of us.

Here is the email that the Scamicide reader received.

Hello my nickname in darknet is P4nd3r0
I’ll begin by saying that I hacked this mailbox (please look on ‘from’ in your header) more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $800 is quite a fair price to destroy the dirt I created.

Send the above amount on my bitcoin wallet: 13VQu3vDixov5jV1zi4GCJgfrzsuwD29hK 
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 24 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!

Police or friends won’t help you for sure …

Good luck! 

TIPS

As we connect to the Internet through more and more devices that are a part of the Internet of Things, it becomes increasingly important to be cognizant of maintaining proper security in all devices including, of course, routers and webcams.  Laziness can have dire consequences.  Never use default logins and passwords.  As soon as you install any device that accesses the Internet, make sure that you protect yourself with secure logins and passwords.

It is not difficult to hack into the webcam of a computer from afar.  The same types of tricks used to get people to unwittingly download keystroke logging malware that enables the hacker to gather all of the personal information from your computer to be used to make you a victim of identity theft can be used to get you to download the malware that enables the hacker to  take control of your webcam.  Never click on links in emails or download attachments unless you are absolutely positive they are legitimate.  They may be riddled with malware.  Also, install and maintain anti-malware and anti-virus software on your computer and other electronic devices.  For external webcams that are not a built-in component of your computer, a red light will signal that the camera is operating.  Be aware of this.  It is a good idea to merely disconnect the external webcam when you are not using it or merely take a post-it and cover the webcam’s lens whenever you are not using it.   Last year a photograph taken in 2015 was made public showing Pope Francis using his iPad with a sticker over the built in web camera.  This simple technique is also used by Mark Zuckerberg,  former FBI Director James Comey and me.  It is a simple and easy solution.   For built in webcams, they too will generally have a blue light to indicate that it is operating, however, again, it is a good idea to merely cover the lens when you are not using it.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”