New Cybercrime: A Big Rise in Victims with Tens of Thousands at Risk
In crypto-land, cybercriminals always keep up to date with the latest market trends and news. At the moment, fraudulent structures are trying to benefit from worldwide panic about the coronavirus outbreak. As a result of its topical relevance, criminals are distributing applications that extort cryptocurrency.
A little while ago, scammers spread a malicious application that infected computers under the guise of being a COVID-19 coronavirus tracker. Today, they’re attacking Android devices as well.
Recently, the world has witnessed more and more cases of sextortion, a terrifying cybercrime in which blackmailers threaten to distribute users’ sensitive material if they don’t provide them with BTC.
Briefly, it works like this: The bad guy sends a victim an email stating that he has hacked her computer and got her password and access to all correspondence, contacts, and social media. What is more, he even hacked her webcam and recorded her visiting porn sites. To make it more convincing, the bad guy sets the victim’s email address as the sender, so she is more likely to believe that the computer was actually hacked.
The blackmailer threatens to send a secretly recorded video with embarrassing repercussions to the victim’s friends on social media. Just imagine an indecent video of you being sent to your boss, your friends, and your family. To ensure that this does not happen, the victim must send the equivalent of $500 to the bad guy’s Bitcoin wallet. That is scary, isn’t it?
This serious crime is gaining momentum. The security features provided by the owners of porn content no longer help people remain anonymous online. All user data can end up in the hands of cybercriminals.
How Is That Possible?
The good news is that there’s no such thing as an all-powerful virus. What is more, the embarrassing video doesn’t exist. But that begs the question, how does the malicious actor know your password? Quite simply, ransomware uses one of a great many databases on the darknet that contain accounts and passwords leaked from various internet services. Sorry to destroy your worldview, but such leaks are not new. In the United States alone, at least 163 million records were leaked in 2017.
When it comes to information about viewing adult videos, the perpetrator knows nothing about your activities. The same goes for the threat to share the video with your friends — the video doesn’t exist, so there is nothing to share. This message is a bulk mailing sent to thousands or tens of thousands of people, automatically substituting the recipient’s password from the database (or some other sensitive data) in the email. It would be sufficient for the fraudster if at least a couple of dozen victims agree to pay.
The thing is nobody wants to find out whether that compromising material really exists. Hence, most people prefer not to risk it and agree to just pay the BTC.
Who Is to Blame?
A recent study suggests that users’ personal data has long been exposed to the network through porn sites even when visitors turn to Incognito mode, even though this function implies that your browsing history and other data will remain unavailable to website owners who collect data for marketing or other purposes.
Experts scanned 22,484 adult websites and found that they were riddled with software algorithms (trackers) that the websites use to identify and collect information about their users. All the sites a user visited, links he clicked on, and the time he spent watching certain content are recorded. Among those who track personal data, researchers name biggies such as Google and Facebook.
According to the document, DoubleClick, a business owned by Google that makes it money from online advertisers and publishers, had its own web trackers on 74% of porn sites. Trackers from Oracle were found on 24% of such sites, and data analysis tools from Facebook (which, by the way, does not allow you to post pornography and erotic content on its platform) were found on another 10% of piquant sites.
You Can’t Be Too Careful
You never expect it to happen to you, right? The cold hard truth is that no one is safe. According to Cyber Security Agency, sextortion, sexting, and cyber extortion are standard practice for bad actors around the globe, and the number of cases has skyrocketed. What should we do?
For starters, don’t panic and don’t pay! Truth be told, hackers usually play on a basic instinct: shame. But their threats are without any basis whatsoever. Criminals may claim to have hacked a webcam and obtained incriminating pictures, videos, or evidence of viewed pornographic material, but we are happy to report that the security threats are not credible. Such fraudulent schemes work only because people, particularly young people, firmly believe in the collapse of their private lives. This belief allows individuals to assume someone may be spying on them or misrepresenting the data.
Here are some useful tips to help ensure your safety:
• Do not respond to extortionate emails. Otherwise, you prove that your email address is valid, resulting in a greater number of such “business proposals.”
• Do not click on suspicious links attached to such emails. You will not find any pleasant surprises there. In the best-case scenario, you will be snowed under with ads. In the worst case, it will download a virus onto your computer.
• If you still use the password sent in the extortionate email on some sites, change it immediately. Come up with something more secure. The best passwords are random and strong enough to thwart brute force or cyber-attacks. If you are afraid you will forget the new one, don’t worry. Use a password manager, such as Kaspersky Password Manager.
• Immediately follow tips or recommendations from banks. The easiest solution is to stop entering credit card details and phone numbers on unknown sites, especially if they have “juicy” videos. If you need to pay for products, software, and services, most banks offer a virtual card for safe online shopping. Another effective method to protect yourself is two-factor authentication.
• It wouldn’t hurt to have a reliable antivirus program. Security is first, last, and always.
