Hey friends, I woke to find an email from a client who said they were being extorted for thousands of dollars and wanted help in securing their computer.
Turns out, I also received an email today from Spiceworks which addressed the exact same email… The email looks like this:
—
From: Ciel Quan <mxwendelcs@outlook.com>
Date: July 12, 2018 at 12:43:49 PM EDT
To: “user@ourorganization.org” <user@ourorganizatrion.org>
Subject: user – password
I’m aware, <AN ACTUAL PASSWORD THE USER USED>, is your password. You don’t know me and you’re probably thinking why you are getting this e mail, correct?
actually, I placed a malware on the adult video clips (porn) web site and you know what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out functioning as a RDP (Remote Desktop) with a key logger which provided me accessibility to your display screen and also webcam. Immediately after that, my software program obtained every one of your contacts from your Messenger, Facebook, as well as email.
What did I do?
I made a double-screen video. First part displays the video you were watching (you’ve got a nice taste : )), and second part displays the recording of your webcam.
What should you do?
Well, I believe, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address:
(It is cAsE sensitive, so copy and paste it)
Important:
You now have one day in order to make the payment. (I’ve a unique pixel within this email message, and at this moment I know that you have read this email). If I don’t get the BitCoins, I will, no doubt send your video recording to all of your contacts including close relatives, co-workers, etc. However, if I do get paid, I will erase the video immidiately. If you really want proof, reply with “Yes!” and I definitely will send out your video recording to your 9 contacts. This is a non-negotiable offer, thus do not waste my personal time and yours by responding to this email message.
—
The good news is that there is (most likely) no recording… And there’s no actual malware (most likely)… Therefore this person is totally safe (most likely).
The scammer has made this very creative post, and it’s got factual information in it to help give it some bite. But, they didn’t get that password from malware they planted, they instead pulled it from one of the previous breaches.
So, don’t fall for this. Nobody saw you doing something you would be embarrassed by (most likely).
Here’s a link to the Spiceworks article:
https://community.spiceworks.com/topic/2147924-sextortion-scam-campaign
And another article worth reading:
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
Be careful out there!
If you do feel your business may have been affected by malware, or could be, let’s talk. Homeland Secure IT helps businesses in the Greenville SC area. Use our CONTACT FORM or call 864-990-4748.