A new scam is doing the rounds, where fraudsters are emailing people their own passwords in a bid to convince them they secretly filmed them watching porn on their computers.
Figure 1 – Example Email
Action Fraud officials have said it is the first time they have ever seen a scam include the victim’s real password in the subject line. The security experts have contacted several of the victims who have confirmed that the passwords are genuine.
Eyal Benishti, CEO & Founder at IRONSCALES:
“Criminals are clever, and will go the extra mile to scare victims in order to get what they want- scams like this play on people emotions, and are much more likely to result in people handing over whatever they are asked for, in order to avoid embarrassment. If techniques like this succeed, criminals are likely to continue targeting victims; they know they are vulnerable and can be exploited.
When facing a scam like this, it’s always best to take a step back and assess the situation- don’t act rashly and pay the ransom being demanded. Change all your passwords associated with the account, and if possible enable the use of two factor authentication. Do not try and contact the fraudsters, and report the scam to an official body like Action Fraud. Never click any link provided in the email you have received.
Phishing is not new- but this just goes to show that it is still as effective for cybercriminals as it was years ago. By using familiar subject matter, phishers are one step closer to baiting unsuspecting victims into their nets, and if done correctly, will consequently have access to all sorts of valuable data, information and in this case, money.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.