Another chain of malicious scam emails is making its way around people’s inboxes, using the same phishing tactics as the “let me get straight to the point” scam email campaign. Hackers blackmail users into paying £1,000 in the form of Bitcoin by threatening them with alleged footage of users “watching offensive content” via a device’s webcam and sending it to a list of contacts.
The phishing email is part of a sextortion scam, with attackers stating they have captured victims “having fun.” Similar to the last malicious email ReviewsFire has seen, the “let me get to the point quickly” email gives recipients 48 hours to make a payment if they “don’t want this video recording to be seen by everyone in your contact list.” These emails have been sent out to thousands, if not millions, of email addresses that threat actors track down through social profiles or data breaches. If you’ve received this email, don’t fret. The best thing to do is to ignore it completely.
What the scam email looks like
The spam email below resembles several sextortion scam emails asking for money:
As with other similar scam emails, it starts with: “Let me get to the point quickly. I am fully aware of every detail about you.” The sender claims that the user’s device is compromised because “you enjoy watching offensive content.” The hacker tricks the user into believing that they have captured footage of them and has access to a list of contacts, including “family members, friends, neighbours.” The threat actor then makes an empty threat that the user plays “the lead role in a cute little video” they made, with the material playing in a small window.
Like all phishing attempts, hackers use different social engineering tactics to dupe people into agreeing to their demands. Terminology such as “I’m sure you can now guess what I was able to archive” makes users believe they have compromising material, but this is just a bluff. The real ploy is to get the user to send the attacker money using empty threats.
The sender offers their Bitcoin wallet information and links for the recipient to purchase £1,000’s worth of Bitcoin. This Bitcoin wallet address differs from the one given in the “let me get straight to the point” scam, meaning scammers could be using different cryptocurrency wallets to receive money. The email states the video will be removed “after receiving the ‘gift,'” and that users have 48 hours to make the payment.
These types of scam emails can play into your fears, but they only use generalised knowledge to trick potential victims. Unless your device has been infected with malware or a virus, there is nothing to worry about.
Should I pay the ransom?
No, you should not pay the ransom. The scammers don’t have any compromising information and want to threaten you into paying the money. The best course of action is to ignore the email. Do not reply to the attacker, as this may escalate the situation further. Instead, delete the email.
Like in this scam email campaign, threat actors may also include links to other websites. Do not click on these links, as they could lead you to malicious websites or install malware on your device. This phishing tactic is similar to how threat actors can hack your phone by texting.
Scammers will say they use malware, spyware, and more on a user’s devices, and while this may not be true, it’s a good idea to check. Antivirus software like Bitdefender will scan your device for all manner of cybersecurity threats, including malware, ransomware, spyware, viruses, and more. It also provides phishing protection that analyses pages for signs of fraud, meaning fewer scam emails make their way to your inbox.
If you’re wondering how to choose the best antivirus software, we’ve got you covered.