ALERT OVER PORN SCAM
ASCAM using people’s online passwords to blackmail them for supposedly watching porn is being circulated. The phishing scam attempts to force users to hand over money by claiming to already have their password to have used it to install spying malware on their device.
The scammers claim they have recorded footage of the victim watching porn by activating their webcam when they visit these sites.
Kevin Lloyd, from the Rhondda, said the scam email arrived in his inbox at around 5am on Wednesday but he didn’t believe it was true.
Mr Lloyd, 35, said: “I’m quite clued up on things like that, but because it was written so well I had to read it a few times. At first I was quite taken aback by it.
“I could imagine if some youngster or someone older than me got the email it could be really damaging.
“I did reply to them but I haven’t heard anything back since which proves it’s just a scam.”
Kevin confirmed the password mentioned in the scam was his correct password used for an older online account.
Experts have said the scam could develop over time to convince users the threat is real.
Security journalist Brian Krebs highlighted the scam on his own blog, writing that it is “likely that this improved sextortion attempt is at least semiautomated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular website that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked website.
“I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords - and perhaps other personal data that can be found online - to convince people that the hacking threat is real.”
Online security experts said if you receive an email like this it is best to ignore it.
Lee Munson, security researcher for Comparitech. com, explains: “The success rate for any scam email campaign is extremely low as the vast majority of such messages get nuked by anti-spam filters and security software, yet it remains a huge problem as the cost of entry is so very low.
“Beyond believability and a false sense of urgency, the next greatest trick is to instil a sense of dread and panic, which is a massive motivating force.
“Of course, the obvious answer is for people to completely disregard such messages or report them to ActionFraud or the police but many won’t due to the nature of the content.”
Tim Ayling, director of fraud and risk intelligence at RSA Security, urges people receiving this kind of threat to stay calm and look for signs it’s not real.
“Don’t panic,” he said. “Mass-phishing emails like this are often poorly put together, and there will often be clear indicators that the email isn’t aimed at you, whether it’s badly written English, unusual formatting, or an email address that doesn’t match the address book contact, the devil really is in the detail.
“More generally, unless you know for a fact it can be trusted, avoid clicking on any links or attachments in emails; otherwise you could unwittingly install malware or ransomware on your machine.
“In this case, it was just a scare tactic in order to get a ransom, but the email could just as easily have been loaded with something nasty, which would be a much bigger problem.”
He also recommends reporting this kind of phishing attack to ActionFraud, as this will help them monitor the latest scams.