Uh oh. You got an email. Possibly "from" your own email address. The bad guy sending the email says they're targeting YOU and YOU specifically. That they've got access to your webcam. They've hacked their way into your online photo library, they claim. They're writing today to convince you that they've got photos of you doing very nasty things, and they'll send all of this to all of your friends and family -- everybody in your address book -- if you don't send them a bunch of money via bitcoin.
This is a "sextortion" scam and this kind of thing is not that new; it has been around for a while now.
The new twist: Now they're including photos of your home, as taken from Google Maps. The hope is to scare you into thinking that if they have a picture of your home, they might actually have access to your photos. People take pictures of their homes. Your online photo library might even have a picture of your home. But look closely. It's not actually a picture that you've taken.
But even with the new twist, the old reminder still applies: They're not really targeting you individually. You're still just one random entry on their big ole scary spam/scam list. How did they know your address? Thank some random data breach. It sucks, but it doesn't mean they have access to any of your online accounts. Data breaches often exfiltrate unencrypted account level data (like your name and home address) more often than they successfully obtain passwords.
Don't get me wrong; change your account passwords regularly. Use strong passwords and use 2FA authentication wherever possible, because yeah, passwords can leak.
But these scammers don't actually have any questionable pictures of you. And probably don't even know who your friends are, to send the non-existent pictures to.
And they very likely do not have access to your email account. There's an email authentication policy setting called "DMARC" that helps prevent stuff like that, but not everybody has implemented it, and so, depending on who hosts your email, it is still sometimes possible to fake the from address so that it looks like "you" sent an email to yourself. Stuff like this is one of the reasons that DMARC exists, and it's why that I am of the opinion that everybody should (properly) implement it.
And me sharing this with you, and the world, is perhaps why I'm featured as a "cyber expert" in an article on this topic written for Huffpost. It was a great fun to participate in answering questions for that article and I am glad to be able to share some common sense cyber security knowledge out a little further beyond the usual orbits.
Uh oh. You got an email. Possibly "from" your own email address. The bad guy sending the email says they're targeting YOU and YOU specifically. That they've got access to your webcam. They've hacked their way into your online photo library, they claim. They're writing today to convince you that they've got photos of you doing very nasty things, and they'll send all of this to all of your friends and family -- everybody in your address book -- if you don't send them a bunch of money via bitcoin.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.