Here, I share an article by Paul Ducklin (Sophos) describing what a Remote Access Trojan (RAT) does, and how criminals use it to extort money out of people.
Sextortion is back!
In fact, it never went away.
Some of us get dozens of sextortion scam emails every month to our work and personal accounts, demanding us to PAY MONEY OR ELSE!!
In the crime of sextortion, the “OR ELSE” part is a threat to release a video of a sexual nature in which you are visible.
For example:
FINAL WARNING. You have the last chance to save your social life. I am not kidding. I give you the last 72 hours to make the payment before I send the video to all your friends and associates.
How did the crooks obtain this X-rated film in which you’re the star?
They typically claim to have filmed you using malware planted on your computer in some way, for example:
I’ve been watching you for a while because I hacked you through a trojan virus in an ad on a porn website. If you are not familiar with this, I will explain this. A trojan virus gives you full access and control over a computer, or any other device. This means that I can see everything on your screen and switch on your camera and microphone without you being aware of it.
The good news is that it’s all a pack of lies, so you can relax.
But the bad news is that this sort of cybercrime is nevertheless confronting and scary, because of how the crooks claim to have spied on you.
Even if you don’t watch porn, what else might they know about you if they have spyware on your laptop?
Is it technically possible?
If you’ve ever heard of RATs, short for Remote Access Trojans, you’ll know that malware does exist that makes it possible for a crook to turn on your webcam remotely.
Indeed, in a high-profile criminal case back in 2014, US youngster Jared James Abrahams, a college student in California who was studying computer science, was sentenced to 18 months in federal prison for spying on women via their webcams.
Abrahams pleaded guilty to hacking and extortion charges relating to 150 women, including Miss Teen USA, Cassidy Wolf, who went public about the threats made against her.
(As an aside, Wolf also said that she had risky habit of using the same password everywhere, which may well have been how she got attacked and infected in the first place – so if you aren’t smart about passwords, change yours now!)
Do the sextortionists have anything on you?
No.
If you receive a sextortion email like the one we showed above, without any stills from the video as proof or a link to view the file, then it’s just bluff and bluster.
The crooks are just trying to scare you into paying them something.
Remember, they send out these sextortions by the million – in the last 24 hours, SophosLabs received 1700 samples of just one new sextortion spam campaign in its spamtraps.
So even if only a few recipients get scared enough to pay, the crooks end up making thousands of dollars with almost no outlay.
Our simple advice is: DON’T PAY, DON’T REPLY.
Delete the offending emails, and don’t engage with the crooks at all.
But they seem to know all about me!
We’ve had numerous emails from readers who never watch porn, don’t even have a webcam, and yet get scared by some of the claims made in these emails.
That’s because the crooks often try to convince you that they really do have “insider knowledge” about you.
They include personal details in the email that allegedly “prove” that there must be some sort of active spyware infection on your computer.
For example:
- The crooks include one of your passwords. Often, it’s an old password, but usually it is (or was) genuinely yours. That’s scary, but don’t panic – these stolen passwords come from data breaches, where your data was lost by someone else. The crooks didn’t steal the password directly from you.
- The crooks include your phone number. Same again – the crooks use phone numbers, paired up with email addresses, acquired through a data breach. The data wasn’t lifted directly from your computer.
- The crooks send the email from your own account. Except that they don’t – the name that shows up in the
From:
field in an email is actually part of the email itself. Crooks can put anything they like in there, in just the same way that they could send you a snail-mail and sign off the “Yours sincerely” part in your name.
What to do?
Nothing!
OK, delete the email – but don’t panic, don’t reply to the crooks, and certainly don’t pay up.
If the crooks really wanted to prove they had a “sex tape” of you, they’d send you a still image, or a link where you could preview the file they claim to have.
But they don’t – they just threaten you and present vague and unconvincing evidence that they know something about you.
So, don’t panic, delete the email, and don’t let the crooks trick you into contacting them at all.
For further information
(No video visible above? Watch on YouTube.)
Sextortion scams are nothing new. Learn how these crooks spoof your own email address to make you think they have access to your computer. And then read about more about recent sextortion emails.
Source: Naked Security by Sophos: https://nakedsecurity.sophos.com/2019/03/13/final-warning-email-have-they-really-hacked-your-webcam/
If you fall for any of these types, let us know by reporting it to Weinberg College IT, or Northwestern Security
For more resources you can read up on my previous blog posts