Scammers Are Watching You And Making Threats

By now, it’s likely that a password to at least one of your online accounts has been stolen and sold as part of a data breach or accidental exposure. Scammers are using these in a newly surfaced scam that tries to scare people out of payment in Bitcoin. And it uses the fear of someone spying via the computer or device’s video camera to do it.

Let's face it. You’re not doing anything wrong, right? Well, it can still be intimidating to think someone is watching your every move. Possibly enough to scare users into sending Bitcoin. The hope is that by claiming the attackers have video of the victim watching pornographic material or something else potentially embarrassing, they will send money in the form of Bitcoin to them as part of the blackmail scheme. The emails may have the following characteristics:

- The subject line may include a real password you used in the past, or use currently.
- The scammer claims that they actually hacked into your device and installed malware that can record video of you.
- They continue to threaten they will send video of you engaging in watching inappropriate content to your contacts if you don’t pay up about $1,200 to $1,600 in Bitcoin.

However, it’s a good idea (and highly advised) to change any passwords that have been accessed by any breach in the past. And make sure to have unique passwords for each account. If someone has one password, and it’s the same one you use on multiple accounts, then they can potentially reuse it in brute-force attacks and get into not just one, but several of your accounts.

- If you can’t seem to remember your passwords, don’t be afraid to write them down using good old pen and paper and store them in a drawer out of sight. Lock it up when you’re not nearby. This goes even at your house. Lock it in a safe or drawer.
- If you really feel the need to type it on the computer, don’t save your list on the device. Print it and follow the locking up instructions in the previous paragraph.
- If you just cannot come to terms with not having it on the computer, consider using password clues that only would know rather than writing out the entire passwords. Also encrypt it or at a minimum, password protect it.
- Another, but not highly recommended option is using a password manager. There are several companies that provide this service. However, more than one of them have experienced a breach incident within the last few years. That means the hacker not only got one password, he or she got all of the passwords stored with these services. While these companies are making efforts to strengthen security, that risk still exists. Just keep that in mind if deciding to go with one of these services.
- Turn on multi-factor (or two factor/2FA) authentication for all accounts that provide that option. Many email providers do now, as do financial organizations, social media, and several other companies. This will prevent a hacker from using your password alone to get access to your account. They will also need some additional form of authentication, such as a randomly generated one-time use code that is sent via text.

This particular scheme is strictly a scam and it is highly unlikely they actually do have video of anyone doing anything, let alone something with which to proceed with blackmail threats. However, some recipients of the email actually have fallen for it. Bleeping Computer reported that some of these scammers made more than $50,000 based on an analysis of Bitcoin wallets.

Stickley on Security
August 10, 2018