A new email scam hitting users’ inboxes is attempting to extort cash from victims in return for keeping what scammers claim are compromising videos secret.
But while it may not be the first scam to use such tactics, the latest version has a sting in the tail: it uses a legitimate password from the user to try to persuade them of its authenticity.
The email claims to have placed malware on porn sites to infect visitors’ computers, allowing the so-called hackers to take control of the system and record video footage of both the site visited and the user.
The hoax message says the malware gave hackers access to the display, webcam and contacts. To bolster its claim, the email uses some personal details - the target’s password associated with that account,which may have been taken from files shared online of user details from a number of previous hacks. It seeks payment of various amounts, sent in bitcoin to an address included in the email.
The story was broken by cybercrime expert Brian Krebs on his blog. He cited three different readers who had all received the same email over the past three days. The Irish Times has since spoken to one person who confirmed they had received the email on Friday. In all four cases, the passwords used were several years old and no longer in use.
However, not everyone will be as lucky. The inclusion of private details such as the password may persuade some people that the email is legitimate.
Security expert Brian Honan said the scammers were using social engineering in a bid to scare people into paying up.
It is not the first scam of this type. Similar emails have circulated several times in the past few years, although none have included the same level of private information.
It plays into fears sparked by the revelations in recent years that national security services in the UK and US intercepted private communications. NSA whistleblower Edward Snowden revealed the existence of NSA programmes designed to take control of the cameras and microphones on users’ laptops and mobile devices.
In 2014, it emerged that UK spy agency GCHQ, with help from the NSA, accessed millions of private communications over Yahoo’s chat service. Up to 11 per cent of the images were said to contain nudity.