New scam uses porn sites and hacked passwords to blackmail users | Security

New scam uses porn sites and hacked passwords to blackmail users | Security

A new sextorso scam is spreading across the network. Criminals are sending e-mails claiming to have a recorded victim's video while she is watching a porn site. The message is lying, but includes a real hacked password from the user, which increases its veracity.

The purpose is to blackmail the victim, forced to pay US $ 1,400 (about R $ 5,380, in direct conversion) in Bitcoins. The message threatens to disclose the alleged video to all contacts on Facebook, Messenger and their own email account if the deposit in cryptocurrencies is not carried out within 24 hours.

READ: Bitcoin could 'stop the Internet', says report

Facebook campaign teaches how to fight sextoro Photo: Melissa Cruz Cossetti / dnetcFacebook campaign teaches how to fight sextoro Photo: Melissa Cruz Cossetti / dnetc

Facebook campaign teaches how to fight sextoro Photo: Melissa Cruz Cossetti / dnetc

READ: My password: website reveals if your account was leaked so you can change

Most of the structure of this email has been known for some time. In general, the hacker says that he inserted malware on a porn site accessed by the victim, without specifying the address of the page. Then, the message describes that, while the person was watching the video, a program obtained webcam access and recorded both the user's face and the one that passed on the PC screen, forming a clip with both images.

The attacker also claims to have collected data from social networks and e-mail itself, then blackmailed him. The only element of the message that changes, according to analyzes, is the Bitcoin address indicated for payment. The novelty, disclosed by KrebsOnSecurity, is in the introduction of the message. She started with "I am aware that your password ", in fact, the code is a string already used by the victim.

The security website discovered the scam after receiving reports from three of its readers, who had received the email in the past 72 hours. In all three cases, the password mentioned was from an old email, linked to the current account, which had not been used for about ten years. In addition, none of the readers had used the string on their current computers.

For KrebsOnSecurity, the greater probability that the coup will be carried out semi-automatically. The website's bet that the attacker has created a script that pulls usernames and passwords directly from some leaked file is about a decade ago. So, all the people who had compromised passwords in the leak are now receiving the same email.

Hacked passwords a decade ago are used in sextorso scam now Photo: Divulgao / FacebookHacked passwords a decade ago are used in sextorso scam now Photo: Divulgao / Facebook

Hacked passwords a decade ago are used in sextorso scam now Photo: Divulgao / Facebook

This type of scam known as sextorso for combining the words "sex" and "extortion". The practice relates to all types of blackmail using photos, videos or other intimate content to coerce the victims. The order is not always cash; Sometimes the criminal wants a personal encounter, nudes or sexual favors.

What to do to protect yourself

Be wary of all emails received from unknown senders to rule number one to protect yourself from virtual attacks. Never download files that are in this type of email or click on links. Even if you know the contact, be careful when downloading attachments, as they may be infected with malware.

Having antivirus installed on your computer is another basic but essential tip. For specific sextorso cases, it is always interesting to leave the webcam covered and disabled. Another tip is to leave the files with pictures or intimate videos, if you have, in an average part, as external HD, and protected by password.

SaferNet recently launched a sextorso combat campaign. If you are a victim of any type of blackmail, it is a tip to contact the organization for legal advice.