A spam scare campaign (extortion scam) is targeting email addresses, in which the attacker claims to have embedded a virus in adult web videos that is:
- Recording keystrokes made by the computer user
- Video recording
- Collecting contact information from messengers, emails and social media
- The email asks for bitcoins in exchange for not releasing this data. Bitcoin is an electronic currency with no central bank that relies on cryptography to secure and control transactions.
Here is an actual email (though the one you have might be different):
From: Wyatt Harris [mailto:email@example.com]
Sent: Tuesday, 15 August 2017 6:36 AM
Subject: KGS: Everyone will Laugh at you.
During all your life u was notified to surf web catiously, but you didnt. Whats the problem?- You re guessing. Lets start with the fact that I adjusted the malicious soft on a webpage with videos for adults (site with porn content) (u know whats up). Object was watching video for adults and device began operating as dedicated desktop with keylogger function. So all cams and screen at the 1st onset started recording.
Then my virus collected all ur contacts from messengers, e-mails and social networks. So what do we have now? I made a double screen vid (first part-screen record(you have a great taste lmao), second- camera record) and all your contacts. I think its not good news. Thus I suppose that 320 usd is fairly for this little fail. My bitcoin wallet – 1L84P9ycBtG8nfy4Kqqwdu9yLch5as4ApJ
Ask internet how to buy it. It isnt very hard. Just write “Where can I get btc” Ull have one day upon opening this letter(I adjusted a tracking pixel in it, Ill know when you read it). If I don’t recieve my bitcoins Ill send video with you to all your contacts. Upon I get bitcoin- the compromising evidence will be destroyed. If u want me to show evidence, reply yeah and Ill share video that I made with 3 contacts Ive collected from you.
Can go to police, but searching me is more long-lasting than 1 day, im from France, so you will be a star among friends.
Yes the spelling and grammar is atrocious, but it still could give you a shock – Especially if you were browsing adult sites and your email address was stored in your web browser. Whilst this campaign is not necessarily targeted, it is likely that the spammer has a spam list of email addresses they have sent this email to.
It is not necessarily related to visiting any adult website, but we have had a number of people call us that visited said sites are were subsequently a little concerned.
Secure your devices. Use anti-virus software to monitor and protect your computer and other devices (like smartphones and tablets) from infection, and keep your operating system and applications up-to-date.
Ways to protect yourself from extortion scams
- Don’t pay the ransom. This is a scare campaign and there is no evidence that any data has been recorded. We recommend that if you receive this email (or any extortion email) you do not pay the ransom.
- Even if an attacker does have questionable pictures, paying a ransom will only fund their activities and it is likely they will ask for more money. You should never pay a ransom.
- Don’t surf porn sites on your work computer or any device you do banking on.
- Secure your devices. Use anti-virus software to monitor and protect your computer and other devices (like smartphones and tablets) from infection, and keep your operating system and applications up-to-date. (This might also help with other vulnerabilities, such as the wifi vulnerability we recently wrote about)
- Buy BankVault/SafeWindow – This will ensure your important transactions are safe. You can find out more here
Finally, sign up to the Tech Tips page below for additional tips to keep yourself safe.