Porn Scam Emails Use Passwords to Attempt to Coerce Victims into Paying are Making the Rounds Online
The pair of porn scam emails are circulating, but this time one is threatening a rather unique malware infection. The firstborn scam email is a common modus operandi where the hacker threatens to release the video of you watching porn and send it to all of your contacts Amazon ransom is paid. In the second porn scam email hackers use similar content as the first version, but this time the hacker threatens to infect you and your family with the coronavirus or COVID-19. Interesting.
Both porn scam emails use a password that the victim had previously used in a legitimate online account to make the threat scarier and more credible.
The rogue emails try to blackmail victims, or sextort, them out of their hard-earned cash.
In both porn scam emails hackers claim to have hacked into the victim’s computer webcam and obtained videos of them watching porn. They then demand ransom payable in Bitcoin.
To make themselves sound more credible, the hackers include a real password that the victim has used previously. For the porn scam emails reported to Krebs on Security, the victim reports that the password is real and that is one they’ve used online.
However, the password used as blackmail, in all cases, is about ten years old. That’s why it’s important not to use the same password across multiple online accounts and to change passwords often. If you can’t remember a unique password for each online account and use a password vault to help you manage them.
It’s common for hackers to use information from social engineering to make their scam emails seem more legitimate. It’s likely the hackers sniffed the passwords from nonsecure WiFi or bought them on the dark web from a previous data breach.
Porn Scam 1- Sextortion
The first porn scam attempts to blackmail the victim with a webcam video. If a ransom is not paid, the hacker threatens to send a webcam video of the target watching porn to their contacts including relatives, and coworkers.
To make the email more credible and the threats more credible, the hacker includes a password used by the victim on another website.
The porn scam email states:
“Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
The hacker demands a ransom of $1400 USD payable in Bitcoin to keep the videos private. The ransom must be paid within 24 hours.
Porn Scam 2 COVID-19 Themed
As many are working from home online now and have become savvier about dodgy cyberattacks, hackers must retool their scam emails to keep bringing into cash money. In this revision, the hacker threatens not to infect your computer with malware, but to infect you and your family if the ransom is not paid.
This porn scam was first reported by cyber security researchers at Sophos. The content of the porn scam email is similar to the first scam except that the threat is not to release videos of you watching porn, it’s to infect you with the Coronavirus. The hackers again cite a password the target had actually used for an online account. To make the email scam more intimidating, the hackers say they have “every dirty little secret about your life.”
“Tο sταrt with, I κηοw all of yοur passwords. I αm awαre of your whereαbοuτs, what yοu eaτ, wιth whοm you tαlk, every liττle τhing yοu do in α day,” the email continues.
Whoever then rather than threatening to release webcam videos the target watching pornography, the hackers threaten to infect the reader and their family with a Coronavirus.
“Ι wιll iηfect eνery member οf your family with τhe CοronαVιrus. No matter how smart yοu αre, belieνe me, ιf Ι waητ to αffect, Ι caη,” the note concludes. “Ι will also gο αheαd aηd reνeαl yοur secreτs. Ι will comρletely ruiη yοur lιfe.”
The full text of the porn scam can be seen on the Sophos post and on the image below.
Hackers demand that a ransom of $4000 in Bitcoin be paid within 24 hours.
The hackers use tactics to bypass malware and email filters, you should still use antivirus protection software to protect your computer and filter out potentially harmful emails.
Other Coronavirus themed phishing emails have tried to trick the recipient into clicking on links, downloading attachments, or looking at a malicious version of the Coronavirus map. If the reader opened any of the email attachments, they launched a malware attack that compromised their computer. This type of malware attack may be filtered out by using a reputable antivirus app on your phone and computer.
What is a Porn Scam?
A porn scam is when a scammer demands money is known as sextortion. This occurs when a scammer threatens to make sensitive information about you public. Often they threaten to send it to your friends, family, and all of your email contacts. Sextortion hackers are looking for a ransom to be paid in exchange for withholding the hurtful information which is often sexual in nature.
How Avoid to Porn Scams
According to the National Crime Agency, thousands of people fall victim to porn scams each year. Here are some things you can do to avoid becoming a victim of a porn scam:
- Don’t watch porn. This one’s a little obvious. If you don’t watch porn and the hackers have nothing on you and you’ll know their threat is just a stone-cold lie
- Never send sensitive images, photos, or videos to anyone no matter how much you trust them. Hackers can intercept internet messages and emails. It’s especially easy when you’re using nonsecure Wi-Fi like that found in a coffee shop or a hotel
- Always use a virtual private network or VPN to protect all the information sent from your computer or phone A VPN encrypts your messages, emails, and images to keep them private
- Never open email attachments from people you don’t know
- Verify that the sender of any email is who they say they are. If you have any doubt, call the person before opening the email or any attachments or clicking links
- Be wary of emails that try to rush you or scare you into taking action
- Turn off and cover web cameras when you are not using them
