{"id":25070,"date":"2018-12-21T09:00:13","date_gmt":"2018-12-21T14:00:13","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=25070"},"modified":"2020-05-18T08:35:59","modified_gmt":"2020-05-18T12:35:59","slug":"extortion-spam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/extortion-spam\/25070\/","title":{"rendered":"Blackmail demand claims to have nailed you watching porn"},"content":{"rendered":"

One fine (or not so fine) day, you check your inbox and discover a message that starts like this:<\/p>\n

\u201cI\u2019m aware, ********** is your password. You don\u2019t know me and you are probably thinking why you are getting this email, right? Well, I actually placed a malware on the adult video clips (porn) web site\u2026\u201d<\/p>\n

Or like this:<\/p>\n

\u201cI hacked this mailbox and infected your operating system with a virus\u2026\u201d<\/p>\n

Or even:<\/p>\n

\u201cI\u2019m part of an international hacker group. As you can guess, your account was hacked\u2026\u201d<\/p>\n

All sorts of variants exist, but the message boils down to a claim that the sender infected your computer by hacking your account or placing malware on a porn site you visited. They appear to have harvested your e-mail contacts, social networks, instant messengers, and phone book. They appear to have total access to your device, and they\u2019ve also, it appears, hijacked your webcam to make a video of you watching something.<\/p>\n

\"This<\/a><\/p>\n

The cybercriminals threaten to send the video to all of your friends and colleagues. The only way to stop them, they say, is to transfer a specified sum of cryptocurrency to an anonymous wallet.<\/p>\n

Some scammers give you only a few days, claiming to know exactly when you opened the e-mail, which supposedly contains a tracking pixel<\/a> that lets them monitor the message\u2019s status. In some cases, as part of their effort to convince you of the existence of a compromising video<\/a>, you are asked to reply to the message, whereupon the scammers say they will send the video to a selection of your contacts.<\/p>\n

Of course, they say if payment is made, they\u2019ll immediately destroy the video and the database of your contacts.<\/p>\n

Calm down, no one\u2019s filmed you<\/h3>\n

In reality, there is no omnipotent \u201cvirus\u201d or shameful video. How does someone know your password? Simple: The blackmailer has got hold of one of the many databases of user accounts and passwords available on the darknet, leaked from a variety of online services. Alas, such leaks are not uncommon \u2014 in the United States alone, no fewer than 163 million user records were compromised<\/a> in just the first three quarters of 2017.<\/p>\n

As for \u201cknowing\u201d that you\u2019ve been viewing adult content, it\u2019s a shot in the dark. The e-mail you received was sent to thousands, perhaps millions of people, with the addressee\u2019s password (and other personal details) automatically merged into the message from the database. Even if only a few dozen recipients pay up, that will be more than enough for the scammer.<\/p>\n

The same goes for the promise to send a video to some of your friends as proof. Few people would want to verify the existence of such delicate material in this manner. Most would prefer not to risk even a limited disclosure of this kind of secret.<\/p>\n

Ransom message \u2014 with a bonus Trojan encryptor<\/h3>\n

Recently, scammers have come up with an even more effective way to make victims pay up: In early December, researchers at Proofpoint found a spam wave offering victims to personally verify the existence of an embarrassing video<\/a> without involving family and friends. All they had to do was follow the link in the message.<\/p>\n

Naturally, no video appeared. Instead, users were prompted to download a ZIP archive, which if unpacked and run really did infect the system \u2014 big time.<\/p>\n

Don\u2019t worry, cybercriminals still won\u2019t be filming you watching porn. What they do, however, is encrypt your files with the GandCrab malware<\/a>, and demand more ransom \u2014 this time, to recover your data.<\/p>\n

How to stay safe<\/h3>\n

To avoid falling victim to ransomware scammers, we advise being cautious and following a few simple steps. Here\u2019s what you don\u2019t<\/em> want to do:<\/p>\n