In the United States is gaining momentum sex phishing

Published on August 03, 2018

In the United States is gaining momentum sex phishing

    As the well-known information security journalist Brian Krebs reports in his blog , a new type of extortion has spread in the United States in the past two weeks. In general, the attacker's approach is somewhat similar to the approach used with encryption, but the important difference is that extortion is a bluff from beginning to end.

    The essence of the method is in the use of previously leaked password bases and e-mail addresses by hackers. The user receives the following message:
    I assume that this - "[password]", is your password?
    You do not know me and you are probably surprised why you received this letter?
    The fact is that I posted a special program on porn, which you recently visited to have fun (you know what I mean). While you were watching the video, your web browser worked as RDP (remote desktop), as well as a keylogger, which allowed me to access your screen and webcam. After that, my program also collected the data of all your friends from all installed instant messengers, Facebook account and mail.

    So what exactly did I do?

    I made a video with a split screen. In one half - the video that you watch (you have a good taste, haha), and on the other, what I recorded from the webcam (Aha, it's you!).

    What should you do?

    I think $ 1,400 is a fair price for such a little secret. Make a payment via Bitcoin to the wallet address (if you don’t know how - google “How to buy Bitcoin”):
    BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
    (case sensitive, copy and paste)

    Important:

    You have 24 hours to make a payment (I have embedded a unique pixel in this message and right now I see that you are reading it). If I do not receive the payment, I will send the video to the entire list of your relatives, friends, colleagues, etc. If I get paid, I will immediately erase the video. In case you want evidence, write the word “Yes!” In the reply letter and I will send the video to 5 random contacts from your list. This is a non-negotiable proposal, so it is better not to waste mine and your time on such checks.
    The original blog article has already collected over a thousand comments, many users note that they received similar letters, and the passwords indicated in them were used by them several years ago. Letters differ in details - the required amount varies from $ 1,400 to $ 7,000, addresses of Bitcoin wallets differ. It is reported that at the moment 337 wallets have already received 130 payments totaling $ 237,000.

    As the researcher notes, most likely the attackers use data leakage of the social network LinkedIn 2012 . But there is no shortage of such bases, for example, for Russia it is quite likely to use a base with 4.5 million accounts of Mail.ru and Yandex.ru services, published in 2014 .