Monday, 8 October 2018

New Email Scam uses Leaked Passwords













A common scam in the USA has been trending in the UK since July 2018.

The emailer says that he has placed a keylogger on your computer and has evidence of you “playing with yourself” while visiting a porn site. He also states that he has stolen your contacts list. He asks for $350 in bitcoin, otherwise he will send the “evidence” to 5 names on your contact list. There was no tracking pixel in this email. The email may contain your email address and a password used at some time in the past.

https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/

SecGuru told BleepingComputer that the extortionists are finding leaked account credentials from data breaches and using those leaked passwords when contacting the victim. This adds a sense of legitimacy to the emails as the victims will see passwords that they are currently using or have used in the past. The most common souce of breached passwords is LinkedIn (see below).

Once again, this is a scam, nothing has been installed on your computer, and they do not have any video of you doing anything. Therefore, do not be concerned if you receive one of these emails. At the same time, if the passwords sent in the email is one that you are currently using, I strongly suggest you change it immediately.

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers. 

https://www.businessinsider.com/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7

Basically, the attackers don't actually have video of you or access to your contacts, and they haven't been able to install malicious code on your computer. In reality, they're taking a password from a database that's available online, sending it to you, and hoping you're scared enough to believe their story and send them bitcoin.

Databases have been stolen from LinkedIn, Yahoo, and eBay, for example.

LinkedIn 

LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data. Compromised data: Email addresses, Passwords

Action to take: If you have registered with LinkedIn and used your password for that site elsewhere, change it on LinkedIn and ensure you have a different password for other sites.



No comments: