Site icon Sophos News

New sextortion scam: “High level of risk. Your account has been hacked.”

Webcam

Are you here because you got an email saying that a hacker has a video of you watching porn? Did they threaten to share it with your friends and family unless you paid a ransom into an anonymous Bitcoin wallet?
If you did, you’re not alone – in the last two years almost everyone we speak to has seen one in their inbox. But there seems to have been a surge in interest since much of the western world entered lockdown to contain the coronavirus.
The good news – every word is a lie. It’s a scam.
The latest variant of the long-running grift to hit the Naked Security inbox had this subject line:

High level of risk. Your account has been hacked. Change your password.

There isn’t. It hasn’t. No thanks.
The full text of the email read:

_Hello!
Í am a hacker who has access to yoür operatíng system.
Í also have full access to yoür accoüňt.
Í've been watchíng yoü for a few months now.
The fact ís that yoü were ínfected wíth malware throügh an adült síte that yoü vísíted.
Íf yoü are not famílíar wíth thís, Í wíll explaín.
Trojan Vírüs gíves me füll access and control over a compüter or other devíce.
Thís means that Í can see everythíng on yoür screen, türn on the camera and mícrophone, büt yoü do not know aboüt ít.
Í also have access to all yoür contacts and all yoür correspondence.
Why yoür antívírüs díd not detect malware?
Answer: My malware üses the dríver, Í üpdate íts sígnatüres every 4 hoürs so that yoür antívírüs ís sílent.
Í made a vídeo showíng how yoü mastürbate on the left half of the screen, and ín the ríght half yoü see the vídeo that yoü watched. Wíth one clíck of the moüse,
Í can send thís vídeo to all yoür emaíls and contacts on socíal networks. Í can also post access to all yoür e-maíl correspondence and messengers that yoü üse.
Íf yoü want to prevent thís, transfer the amoünt of $950(USD) to my bítcoín address (íf yoü do not know how to do thís, wríte to Google: 'Büy Bítcoín').
My bítcoín address (BŤC Wallet) ís: [REDACTED]
After receívíng the payment, Í wíll delete the vídeo and yoü wíll never hear me agaín.
Í gíve yoü 48 hoürs to pay.
Í have a notíce readíng thís letter, and the tímer wíll work when yoü see thís letter.
Fílíng a complaínt somewhere does not make sense becaüse thís emaíl cannot be tracked líke my bítcoín address.
Í do not make any místakes.
Íf Í fínd that yoü have shared thís message wíth someone else, the vídeo wíll be ímmedíately dístríbüted.
Best regards!

This email caught our eye as much for what it didn’t say as what it did. Typically, sextortion attempts of this type include a form of fake “proof” that might persuade the reader they’ve been hacked.
The earliest examples scared readers by including a password the scammer had cribbed from an old and exhausted data breach. Later waves of the campaign were sent from readers’ own email addresses (a trick that’s far easier than most people realise).


In this case the author didn’t offer up any such “proof” though. Instead, the scammer attempted to intimidate us with technical terms they hoped we’d heard of but didn’t understand. Like the detail about why our antivirus “did not detect malware” because, the hacker claimed, “My malware üses the dríver” and “Í üpdate íts sígnatüres”. (We assume the sprinkling of non-English characters is a trick to avoid spam filters, by the way.)
The language invokes the behaviour of malicious software like Robin Hood, which has been known to use a buggy driver, or Emotet, which is a frenetic self-updater. We’ve also heard of emails where the sender claims to have flashed the user’s router, perhaps invoking half-forgotten memories of 2018’s VPNFilter malware.
But talk is cheap and this is all just cut ‘n’ paste bluster.
What this email doesn’t do, what none of them ever do, is offer anything close to actual proof.
If the “hacker” had a video of you masturbating they wouldn’t need to send you long dead passwords, perform email slights of hand, bamboozle you with tales of their technical prowess or go into oddly specific details about the format of the split-screen video. They’d just show you the video.
So don’t worry, don’t pay and don’t reply.
You may also find this video useful:

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Exit mobile version