Krebs on Security detailed a new sextortion scam on July 18, 2018, though initial reports began surfacing on Reddit as early as April. According to Krebs, “The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”
Recipients of the scam told Krebs that the passwords referenced in the emails were close to ten years old, and that none had been used on their current computers. The age of the passwords should have tipped recipients off that hackers hadn’t, in fact, compromised their computers. However, the use of once-valid passwords, combined with the potential shame from having alleged porn watching (or worse) revealed to friends and acquaintances, was enough to lure some into paying the ransom.
Vade Secure has blocked 600,000 sextortion scam emails since June
As Vade Secure protects more than 500 million inboxes worldwide, including consumer email accounts through ISPs and telcos, we have seen this sextortion scam firsthand. In fact, since June, our filter engine has identified and blocked nearly 600,000 sextortion scam emails. The following are real examples that we blocked: