Password ‘Sextortion’ and Ransomware

13th December 2018

The ‘sextortion’ email scam has been doing the rounds more than ever recently and we have encountered many businesses and individuals who have all received something of a similar nature.

They all follow the same routine, but will be worded slightly differently and usually in very poorly written English.

An email will land in your inbox and read something along the lines of this:

 

Hello! I have very bad news for you.

On…..D/M/YYYY…. I hacked your OS and got full access to your email account ******@*****.com

Your password was *******

You can change your password but my malware intercepts it every time and tells me what it is.

 

The email will then go on to explain how they got into your system and planted their malware.

You will then be told they have access to your entire address book of contacts and all your email accounts etc.

Finally, they will say you have been visiting adult sites and there is video proof of you enjoying them, as they were watching and recording you, through your own webcam.

They will ask for payment by Bitcoin and provide instructions on how to do so. If you don’t pay, your private and unintentionally famous video will be sent to each and every person within your email account.

 

Pretty scary huh?

Often your own email address and a password you used will be written in full as ‘proof’.

This email works on many levels, as it seems so far-fetched at first, yet so real after reading it, given the fact they have your email address and the password associated with it!

So, whether you actually have visited adult sites or not, the simple fact your password is in their hands is enough to scare most people and therefore it still works. It’s a mixture of social engineering and blackmail.

This scam has now developed even further recently, where there will be a link to click on to what is supposed to be an online hosted PowerPoint presentation of the ‘video proof’.

So, you know they have your password for sure, maybe they are telling the truth? Our instincts tell us that clicking links in emails is very dangerous these days, however they have trapped you into fearing every word in that email and its too tempting not to click the link and see the supposed footage.

Unfortunately, as soon as that link is clicked, a piece of ransomware is injected into your system and all files will be encrypted (locked out).

You’ll then have a message on the screen saying you need to pay £500 within 24/48 hours for some unique file decryption software, or your system files will be completely redundant and unusable.

 

So how do they get your email address and password?

What these criminals do is obtain databases of known email addresses and passwords from the dark web. These are sold daily to anyone who wants to pay for them. Once into the wrong hands, they can either use the information provided to actually breach your email account, or get used for extortion scams such as these. Pretty simple really, yet scarily effective and unfortunately people are paying the demands.

 

How can you combat this?

Firstly, it goes without saying that if the password in the email is one that you use for any accounts you should immediately change the passwords for these.

Secondly, passwords should be changed often and never repeated between accounts. Its so common for people to use the same or variants of the same password for everything,

Consider using a password management tool such as Dashlane, it really will change the way you secure your accounts and make life so much easier, you don’t even have to remember your passwords.

Thirdly, you should make sure you are using 2 Factor Authentication on every account possible. This works (as it states) in 2 ways, it will ask for the password, but you’ll also have to enter a code that is generated on your smartphone, or sometimes sent as an SMS to you. This means the password alone is not enough to gain access to the account.

 

How do you know when your details make it onto the dark web?

The problem with this is, you won’t, not until it’s too late. We utilise some very advanced tools to continuously monitor the depths and crevasses of the dark web and alert us if your credentials make it onto one of their databases – should this happen, we’ll immediately tell you and a password change would be all that’s needed to have peace of mind again. So this continuous monitoring, along with 2 Factor Authentication and a password manager, make for an excellent combination!

 

For a complimentary scan of your company’s domain email, get in touch with us and we’ll gladly carry it out for you….it could save your business.