Internet criminals reaching new lows
The internet brings many amazing things but also awfulness of epic proportions that makes you want to disconnect from the madness.
Most people are by now familiar with phishing. Not that they should have to be, but who hasn’t had deceptive emails used by attackers to trick people into handing over sensitive information or money?
Phishing at internet scale means it only takes a small percentage of people to fall for the scam for it to be lucrative and the campaigns are becoming increasingly aggressive.
The latest nasty phishing scourge tries to “sextort” money with attackers claiming they have video recordings of victims obtained from their computers.
Emails sent by attackers claim that they have planted malware on victims’ computers that can record what’s on their screens, and activate their webcams.
The malware supposedly arrived via compromised ads displayed on adult websites, and it has also copied all the target’s contacts to the attacker.
Next, the attacker threatens to send the video to all the victim’s contacts unless US$3000 ($4419) in Bitcoin is paid to erase the recording.
To make the extortion attempts believable, the attacker quotes the victims’ passwords in the phishing email as if the malware has actually captured the login credentials. This is most likely not the case.
Instead the password comes from one of many data breaches such as the massive LinkedIn hack a few years ago.
The extortion messages have somehow sneaked through via a trusted email service so they weren’t marked as phishes and filtered out. Also, many were sent to corporate email addresses.
As pseudonymous security researcher Krypt3ia found, the psychological manipulation of the phish has fooled a number of people and earned the attackers US$$185,500 in Bitcoin.
By itself the sextortion phishing is bad enough and could cause enormous distress for people at a personal and professional level.
It is likely to get worse though, with attackers attempting to actually plant malware on people’s computers in order to obtain recordings and their contacts to blackmail them for real. It’s easy to fake potentially embarrassing videos as well.
Protect yourself and be careful with emails especially if they contain attachments, avoid dodgy websites, don’t reuse passwords and cover up your webcam.
There seems to be no end to how disgusting people exploit information for their sick purposes.
Wired wrote about how a supposedly legit #MeToo support group on Facebook became a trolls’ lair where women who had opened up about sexual abuse and sought each other’s support were harassed and threatened.
That’s lower than low, the epitome of harmful digital communication as New Zealand law has it.
It’s hard to understand how people can deliberately want to hurt others as per the above examples. They do though, and halting such abuse before it gets to the stage that connecting to the internet becomes too dangerous personally and professionally should be a priority.
There seems to be no end to how disgusting people exploit information for their sick purposes.