Comments
India's cybersecurity agency, the Computer Emergency Response Team (CERT-In), has recently issued a detailed advisory warning against the increase of email extortion scams.
According to the CERT-In advisory, scammers have been targetting users through email stating that they have hacked the user’s device and have access to their webcam. They further threaten users stating that they have a video recorded through their webcam and ask for ransom in exchange for not leaking the video.
“In an email extortion campaign scammers have sent numerous emails to people stating that their computers were hacked, a video was taken using their webcam, and that they know their passwords,” reads the advisory.
The cybersecurity agency further details how the emails that have been sent to unsuspecting users look like. Scammers claim to have hacked the user’s accounts and often use computer jargons to make the email seem legit.
“I know, xxx, is your password. You don't know me and you're thinking why you received this email, right?" reads an example of an email as detailed by the advisory.
They often use computer jargons and detail how they might have installed malware on user devices to record a video through the malware.
"Well, I actually placed a malware on the porn website and guess what, you visited this website to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (remote desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account," the email reads.
"What exactly did I do? I made a split-screen video. First part recorded the video you were viewing and the next part recorded your webcam.,” it further reads.
The scammers then threaten to leak the video to user’s contacts asking for ransom. They often give a timeline, in this case, 24 hours for the users to pay this ransom.
“What should you do? Well, I believe $1900 is a fair price for our little secret. You will make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin in Google),” the mail reads.
"Important: You have 24 hours in order to make the payment (I have a unique pixel within this email message, and right now I know you have read this email). If I don't get the payment, I will send your video to all your contacts including relatives, coworkers and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with "Yes!" and I will send proof to five of your friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email," it further adds.
Users often fall for the scams as the passwords mentioned in the email are usually familiar. However, as the advisory mentions, these passwords may not have been obtained by hacking a user’s webcam but are rather from an old data breach leaked online.
At onset, the cybersecurity agency advised people to not send any money to these scammers. Furthermore, it said that users should immediately change their passwords on relevant websites if the password mentioned in the email seem familiar.
“These emails are fake, scams and nothing to worry about,” said the CERT-In advisory.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.