A few months ago I received an email from myself. Strange you may think to be sending mail to oneself? That’s what I thought too although perhaps more disturbing was the content of the mail. The email was from a hacker:
This talented social butterfly had purportedly gained access to my computer and had apparently recorded me whilst I was checking out some adult content. A split screen video had then been created with one half showing what I was viewing and the other showing me, well…scrolling with one hand I guess?
I apologise for the graphic imagery and let me help regain your composure by stating that this never happened. The email is real but the content had been carefully crafted to apply to a significant portion of the population. According to PornHub they have over 120 million daily viewers. Multiply that by the innumerable adult sites and you have an exponential number of potential targets for this particular email.
The scam relies on our overwhelming need to to preserve our dignity and to keep our internet browsing habits secret at all costs, or at least at the cost of $653.
I ran the bitcoin address through the Bitcoin Abuse Database and discovered that it had been reported 133 times and had accumulated 0.900351BTC which at todays rate is about R700,000 in 8 transactions. Now I don’t know how many of these emails were sent out but given the low work effort required to send emails, the return on investment is significant.
Would anyone actually pay? Well in this case 8 people actually did and you may wonder why? Is it a guilty conscience that drives this? I somehow doubt it. What is more likely is that some of these emails would contain your email address and perhaps a password that looks familiar. This convinces the victim that the hacker must have access to their computer or network. The coincidental viewing of adult content is just the kicker that pushes the hapless pornosseur over the edge to pay the ransom.
So where do the email and password combinations come from?
Every year hundreds of millions of emails and passwords are stolen in cyber breaches. In fact a week before I wrote this blog, it was reported by several cyber security sites that a database of 3.2 billion emails and passwords had been exposed on 2nd February. Its estimated that is around 70% of global internet users. It appears that this database is simply a compilation of stolen data from other breaches that have happened over past few years. It is in such data dumps that hackers obtain these valuable nuggets of information to either convince you that they have you inflagrante delicto or to hack into your other accounts.
In a 2019 Google Survey, it was estimated that over 65% of internet users, use the same password on multiple accounts. Don’t do that or you’ll find yourself the victim of something far more sinister and serious than the sextortion scam I’ve spoken about here today. Try not to watch porn either.
If you do re-use your credentials as I have before, in the next edition I’ll be sharing my experience tightening up on my own personal cyber security and making the leap to unique and complicated password management. The easy way.
I’m the LiabilityGuy.