There is a new email scam to watch out for. Over the last few weeks you may have received an email that tells you that your account has been hacked, that malware has been placed on your machine to capture data and that you’ve been recorded watching adult content.
Then comes the bitcoin extortion with varying amounts. To prevent this webcam video from being made public on your social networks or shared with your contacts.
It is, of course, a classic sextortion scam. There is no malware and no video, they are just aiming to install an element of fear in the hope that you’ll pay anyway. The clever part here is that the hackers have used publicly available breach data to make the message look genuine by including a real-life old password from a previous data breach.
Many of these passwords appear to date from the large scale LinkedIn breach of 2012 which goes to show you that this compromised data has a long shelf life on the dark web. However, using data that’s at least six years old does mean there’s less chance of these details still being in use and consequently less chance of you falling for the scam.
Researchers at the Cisco Talos threat intelligence group have today released the results of their analysis of these attacks. One campaign began on August 30th, and a second campaign began on October 5th, both are still active. The researchers find that more than half of them originate from just five countries.
Over 200,000 email messages have been sent as part of these spam campaigns, however, the number of unique recipients is fairly low. Talos has found only 15,826 distinct victim email addresses.
Talos has also identified 58,034 unique Bitcoin wallet addresses associated with these spam campaigns. Only 78 of this 58 thousand Bitcoin wallets have positive balances, which add up to a combined value of $143,429.38. This proves that at least some people are paying up.
Some variants of the messages have used phone numbers rather than passwords to try to convince you that this is a legitimate hack. Other variations include threatening to disclose supposed evidence of cheating on a partner, or offering to sell evidence of a partner cheating on you. This is not a legitimate threat and you should not attempt to make any payment.
You can read more about these scams and how they work on the Talos blog.
If you are using an old password, it is advised to check your password on Troy Hunt’s password tool: Have I been pwned.