Written by Kendall R Williams, Information Security Engineer (ITS)
You may want to react to this new email scam, but don’t.
From: Bad Guy <email@example.com<mailto:firstname.lastname@example.org>>
Subject: <username> – SEuJ5Kyb
Lets get right to the purpose. You don’t know me and you are most likely thinking why you are getting this e-mail? None has compensated me to check about you.
Let me tell you, I actually installed a software on the xxx video clips (adult porn) web site and there’s more, you visited this site to experience fun (you know what I mean). While you were viewing video clips, your web browser started out working as a Remote control Desktop with a keylogger which provided me accessibility to your display and also webcam. Right after that, my software program collected all of your contacts from your Messenger, Facebook, and e-mail . Next I created a video. 1st part shows the video you were watching (you’ve got a nice taste lol), and 2nd part shows the recording of your web camera, and its u.
You will make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 19P6qA144fRaGBiG43YybyU3h67zkP4U43biM
[CASE sensitive, copy and paste it]
If you may be looking at going to the cops, look, this email message can not be traced back to me. I have taken care of my steps. I am not looking to charge a fee a huge amount, I would like to be rewarded. I have a unique pixel in this email message, and at this moment I know that you have read this message. You now have one day to pay. If I don’t get the BitCoins, I will certainly send out your video recording to all of your contacts including members of your family, coworkers, etc. However, if I receive the payment, I’ll erase the video immediately. If you need evidence, reply with Yeah! and I definitely will send your video to your 15 contacts. It’s a nonnegotiable offer so please do not waste my time and yours by responding to this message.
This latest email scam is working its way through the Internet and into mailboxes around the world. The scammer includes a real password from publicly available password dumps from previously breached Internet sites, such as LinkedIn and DropBox. They are using real passwords to unnerve you and to add validity to their threat of having something on you. They do not!
This is not your traditional phish. The scammer is not hiding behind links or imploring creative trickery in order to steal your login credentials. However, they are relying on pressure tactics to get you to voluntarily respond to their demands with empty threats.
So, what should you do if you receive this email scam? Nothing. That’s right, nothing. Ignore and delete the message. Spread the word. Let others know around you to do the same.
IT Security has posted a sample copy on the Recent Phishing Scams area of our website (https://security.uchicago.edu/2018/07/12/email-scam-july-12-2018-username-password/). You can always submit any Phishing or suspicious email to email@example.com. We will take action to stop the abuse, as appropriate. Finally, you can also go here https://www.consumer.ftc.gov/articles/0003-phishing to report phishing scams.
Stay safe online. Visit https://getsecure.uchicago.edu/ to learn how.