D1ck Pics and Passwords
What do dick pics and passwords have in common? Neither should be shared.
Your passwords should be treated like your underwear they should not be left in the public and changed regularly.
In recent weeks we have seen a massive increase in the number of sextortion attempts – televised on the likes of Carte Blanche, friends and family members have all been at the wrong end of attempts to fraudulently get you to part with your hard-earned money.
Trusting people looking for the perfect match, bored partners or undercover porn viewers are being increasingly targeted by groups of people that will work on insecurities, naivety and poor cyber security behaviour to coerce unsuspecting victims into parting with their money in order to prevent embarrassment.
I have seen several versions of the attack, some via WhatsApp and other via email.
The WhatsApp variety is very common – boy meets girl by swiping right. The match is made and introductory texts are exchanged. Almost immediately the beautiful girl shares intimate pictures and asks for the same in return. There is an almost aggressive exchange to ensure that you send compromising photos that include your privates and your face – a double header so to speak.
Almost immediately the attacker then shows their true intentions and threatens to put the risqué nudes on the internet, being sure to name your family members and work colleagues that they will be sharing the photos with. Using information gathered from the texting – they identify your social media accounts and in certain instances, uses these details to compromise or hack your accounts. Now that you are baited, all they do is reel you in. The tone is threatening and becomes more urgent as they are about to expose you to the world. Demanding money in order to delete your photos, mostly through eWallet or untraceable money transfers done at retail stores.
Another common variety is for the attacker to use compromised and leaked passwords that are easily available on the dark web and cyber underground. The would be attacker then uses a free email service to deliver the news that they have your password and have accessed your online activity. The threat here is that the attacker has compromised either you or an adult website, recorded the videos you have been watching and also activated your webcam. They now tell you to pay them so that they do not share the videos of you watching porn to your colleagues, friends and family.
These messages are mostly poorly written, lack basic grammar and for the most part are identical. It only takes a very small hit rate to ensure a lucrative return. Once you make the payment – they get rid of the pay as you go sim card and move to the next victim.
An extract of one of these emails is below:
Lets get directly to the point. Nobody has paid me to check about you. You may not know me and you're most likely wondering why you are getting this mail?
Well, I actually installed a malware on the xxx streaming (adult porn) web-site and you know what, you visited this website to experience fun (you know what I mean). While you were viewing video clips, your internet browser started operating as a Remote Desktop with a keylogger which gave me access to your display screen as well as web camera. Just after that, my software gathered all of your contacts from your Messenger, FB, and e-mail account. After that I made a double-screen video. 1st part shows the video you were viewing (you've got a nice taste : )), and 2nd part shows the recording of y