CERT-In has an email scam warning for you: Here’s what you need to know
If you get an email like this, first, don’t get intimidated and second, don’t pay a thing.
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning about a new email extortion fraud. As per the advisory, scammers have been sending emails to people stating that their computers have been hacked.
To validate their point, the email claims that a video was taken using their webcam, and also that they know their passwords. Hackers then proceed to show you evidence that computers or emails accounts have been hacked at some point of time, they might show you your old passwords. They then proceed to ask you for money in the form of Bitcoins or any other untraceable mode of payment.
If you refuse to pay, these hackers will threaten to leak your personal information, photos etc to the public.
As per the CERT-In advisory, although the listed passwords, shown as evidence that your account is hacked could be actual passwords that you used in the past, the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.
"These emails are fake, scams, and nothing to worry about," the advisory says.
"Recipients should not send any payments to the scammers. If the passwords listed are in use or familiar, recipients are advised to change the password at any site that they are being used," the advisory explains.
Here's how it works:
Firstly, the scammer would try to grab the recipient's attention by writing their old password in the mail, which could look the following:
"I know, xxx, is your password. You don't know me and you're thinking why you received this email, right?"
After that, the scammer would craft a story containing computer jargons in order to convince the recipient that the scammer is a very skilled hacker,which could look the following:
"Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account."
This could be the final step before asking for ransom, so here the scammer would claim to have recorded personal video(s)by compromising the recipient's webcam, which could look the following:
"What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you've got a fine taste haha), and the next part recorded your webcam (Yep! It's you doing nasty things!). "
Now, the scammer will ask for the ransom in the form of Bitcoin (BTC), which could look the following:
"What should you do?
Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google).
(It is cAsE sensitive, so copy and paste it) "
Lastly, the scammer will give the deadline of 24hrs to comply and threaten to send videos to their relatives, coworkers etc.
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know you have read this email). If I don' get the mayment, I will send your video to all your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with "Yes!" and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email."
What should you do if this happens to you
Don't get intimidated and do not pay anything via any mode. If any of the passwords the scammers have shared with you look familiar, change your passwords.