It was just a few weeks ago that I warned you again about extortion emails in which the intended victim is told in the email that his computer and web cam have been hacked and that the scammers have video of him watching porn online.  A Scamicide reader recently forwarded to me a new sextortion email received by the Scamicide reader that I will share with you today.   As with all of the sextortion emails that have been sent in the last few years this one threatens to send the videos to people on his contact list unless he pays a ransom in Bitcoin or some other cryptocurrency.   Recent figures from the FBI’s Internet Crime Complaint Center (IC3) indicate that the instances of this scam dramatically increase 242% over the previous year.  The truth is that while it is possible to hack into someone’s webcam, these emails are being sent out as mass mailings without the videos they claim to have. The scammers’ hope is that some people will be fearful enough to send the ransom. In the Scam of the day for January 27, 2019 I wrote about how the scam had evolved whereby, in order to appear as a more legitimate threat, the scammers sometimes include in the email a password the targeted victim had used. Again, however, this email extortion threat is baseless.  The particular email received by the Scamicide reader did not contain a password used by the reader, however, many versions of this sextortion email do contain passwords.The passwords that have been included in some versions of this email scam are indeed ones that the targeted extortion victims have used, however, they was obtained by the scammer from one of the many data breaches in which passwords were stolen.

This scam also illustrates the vulnerabilities of webcams to being hacked. There have been a number of scams about which I have reported in which people’s webcams have been hacked and compromising videos taken. Often when people install webcams, they use default logins and passwords.  These default passwords are easy to find online.  Generally, when you hook up anything wireless to your router, it comes with a password and login so it is critical that whenever you install any of these Internet of Things devices, you change the password and login to protect yourself, which leads us to my second concern – routers.  A study by security company Avast found that about 80% of Americans do not properly secure their routers, leaving themselves vulnerable to being hacked.  Many people still use either default passwords or easily guessed passwords, such as “password” for their routers.

Here is a copy of the email received by the Scamicide reader.

“Hello!
I am a hacker who has access to your operating system.
I also have full access to your account.
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is:  3EkXTj9dLkRZwvu5cBez7px1QUJJRMXvRU
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!”
I must admit that I do find it amusing that the scammer ends the email with “Best regards!”

TIPS

As we connect to the Internet through more and more devices that are a part of the Internet of Things, it becomes increasingly important to be cognizant of maintaining proper security in all devices including, of course, routers and webcams.  Laziness can have dire consequences.  Never use default logins and passwords.  As soon as you install any device that accesses the Internet, make sure that you protect yourself with secure logins and passwords. It is not difficult to hack into the webcam of a computer from afar.  The same types of tricks used to get people to unwittingly download keystroke logging malware that enables the hacker to gather all of the personal information from your computer to be used to make you a victim of identity theft can be used to get you to download the malware that enables the hacker to  take control of your webcam.  Never click on links in emails or download attachments unless you are absolutely positive they are legitimate.  They may be riddled with malware.  Also, install and maintain anti-malware and anti-virus software on your computer and other electronic devices.  For external webcams that are not a built-in component of your computer, a red light will signal that the camera is operating.  Be aware of this.  It is a good idea to merely disconnect the external webcam when you are not using it or merely take a post-it and cover the webcam’s lens whenever you are not using it.   Two years ago a photograph taken in 2015 was made public showing Pope Francis using his iPad with a sticker over the built in web camera.  This simple technique is also used by Mark Zuckerberg,  former FBI Director James Comey and me.  It is a simple and easy solution.   For built in webcams, they too will generally have a blue light to indicate that it is operating, however, again, it is a good idea to merely cover the lens when you are not using it.

Finally, this scam provides a good example as to why you should have a unique password for all of your accounts.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”