A friend called me the other day to say that she got an email asking for money to prevent the sender from sharing a comprimisng video of her watching porn. Normally she would have ignored it, but it contained an actual password that she had used. The email began as follows:
I’m aware that <an actual password the person has used> is your password,”
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
It’s a scam and the person doesn’t know whether you’ve visited a porn site and doesn’t have video of you. What they do have is a password that you have used at some point, which they probably got from a website you’ve signed into that was compromised.
On his website Krebs On Security, Brian Krebs wrote “My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.”
While this scammer doesn’t have any compromising video of you, it is possible to turn on a webcam remotely, which is why it’s a good idea to cover your webcam when you’re not using it. I used a round band-aid on my laptop’s camera and have a piece of cloth over the camera on my desktop PC.