Red Sky Alliance (RSAC) members have reported seeing and, or receiving fake sextortion scams.  These scam emails typically provide old password that was used by the user.  These emails are an attempt to extort money, claiming the sender has compromising information indicating the user was involved in viewing pornographic sites.  The sender claims to have compromising video recordings of the user and alleges to have additional “stolen secrets” of a compromising sexual nature.  An RSAC member in the telecommunication industry reported intercepting daily, dozens of fake sextortion emails since the middle of October 2018.  Below is an example of a sextortion scam identical to the one received by an RSAC member.

Figure 1. Ransom note received in the video

In a researched YouTube video titled, “Scam hacking email—international hacker group—Your Secret Life,” cyber researcher Craig Tester receives a spoofed email in which it appears as if he sent it to himself.  The sender posts to have hacked an account of the target (user), claims to know the account’s password and puts the password in the email.  The email claims to have infected the target’s computer with a virus obtained via an adult website.  The email additionally alleges to know secrets about the target user and claims to have recorded the target and their actions on pornography websites via the target’s webcam.  The email threatens the target that their actions and secrets will be released to their family, friends, intimate partner unless a ransom is paid.  The email demands $800 worth of Bitcoin.  Analysts discovered that a total of 16 targets have paid the $800 Bitcoin ransom as of 26 October 2018. [1]

Figure 2. Example of Bitcoin wallets, September 2018

In another researched example, the CEO of a small company received a similar sextortion email with his outdated password.  The CEO was instructed to move $4,000 to 137XQHKy9v83RU91eexWHA1v4AVS5Fnc7g, which is a Bitcoin wallet. In this case, the Bitcoin address possibly was unique and no payments were sent to it.

Typically, in these recent sextortion scams hackers reuse passwords stolen during various site databases breaches.  In reality, hackers had no access to the target’s computers.  The email is intended to trick users into paying the extortion by pretending to be a real hack.  Hackers often use basic social engineering techniques to try and validate the scheme.  These sextortion scams come in a variety of forms, some more successful than others.[2]

Mitigation

If you receive a sextortion email, the easiest and best way to protect yourself from being victimized is to not engage the sender and just ignore the message.  If the received email appears to look like you were both the receiver and the sender, it is a positive sign that it is spam.  Ignore this type email.  To protect oneself and ones’ accounts it is recommended that you often change your passwords.  The passwords used in these scams are typically older passwords that were released in past database leaks.  If the scammer has actual pictures and or, recordings of you – contact law enforcement authorities.  No one should pay any requested ransom or send any additional information or personal pictures to the scammer. 

Contact the Wapack Labs for more information: 603-606-1246, or feedback@wapacklabs.com.

[1] blockchain.com/btc/address/14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w

[2] https:// blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably-not-watching/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!