0115 8 24 25 26 sales@pyranet.co.uk

Seth Tran

 

We have received reports of a fake blackmail sextortion email doing the rounds claiming to have video evidence of you doing ‘inappropriate things’.

Sextortion scams go along the lines of… “we have captured a video of you while you were visiting adult sites and if you don’t pay X amount by this time, we will release the video to all of your contacts”. Pretty scary.

This is a technique that scammers have been using for years and years to try and squeeze money out of their victims and over time, many people have learnt to realise that is all probably a load of baloney.

However, this particular sextortion email that is currently circulating, is a bit more advanced and realistic than its predecessors.

The email, in this case, from ‘Seth Tran’ seems much more convincing than other emails of this kind, because it actually includes one of the recipient’s real passwords as “proof” that their claims are true.  Even those that know they haven’t even been on adult sites may feel inclined to pay up because the fact that someone has one of their passwords is quite concerning, and they may feel like they have no other choice.

The aim of the email is to get as many people as possible to pay the scammer in Bitcoin, in exchange for the scammer to remain silent.

But how did this person get one of my actual passwords that I use in real life?!

It is believed that the scammers are using websites that list compromised passwords and email addresses from old data breaches and they are simply just matching up the email addresses and corresponding passwords and then trying their luck with a carefully crafted email.

We would recommend using https://haveibeenpwned.com/ which allows you to check if any of your accounts have been breached and if it turns out they have, you then can change passwords for the affected accounts.

Our advice is simply delete the email and don’t click on anything or respond. If the email includes a valid password that you currently use, you should change the password immediately.

Below is an example of what the email appears like:

From: Seth Tran [mailto:pvhnorrisset@hotmail.com]
Sent: 26 July 2018 22:23
To: ExampleUser@pyranet.co.uk
Subject: RE: YourPasswordHere – YourUserNameHereI know, *YourPasswordHere* is your password now Lets get straight to the point. You do not know me however I know alot about you and you are probably thinking why you are getting this mail, correct?I actually setup malware on adult vids (pornography) and you know what, you visited this adult website to experience fun (if you know what I mean). When you were busy watching videos, your device began functioning as a RDP (Remote Desktop) having a keylogger which provided me access to your system as well as your webcam controls. After that, the software obtained all of your contacts from your messenger, fb, and mailbox.Exactly what did I do?
It is simply your bad luck that I saw your blunder. Later I gave in more time than I probably should’ve looking into your data and prepared a two view video. 1st half displays the video you had been viewing and other half displays the view from your web cam (it is you doing inappropriate things). Actually, I am willing to forget all information about you and let you move on with your regular life. And I will present you two options that may achieve it. The two option is to either turn a blind eye to this message (not recommended), or pay me 0.4 BTC.Exactly what can you do?
Let’s explore those two options in more details. Alternative one is to turn a deaf ear my e mail. You should know what is going to happen if you pick this option. I will definitely send your videotape to your contacts including members of your family, co-workers, and so on. It won’t help you avoid the humiliation your household will face when family and friends learn your unpleasant sextape in their inbox. Wise option is to send me 0.4 BTC. We will name this my “keep the secret charges”. Now Lets discuss what happens when you choose this way out. Your secret Will remain private. I’ll delete the recording. Once you send the payment, I will let you continue on with your lifetime and family like none of this ever happened. You’ll make the payment via BitcoinAmount to be paid: 0.4 BTC
My BTC Address: 1NgCUpkYzAEzjKW8anu57VS6fpD6tfgPwz

Notice: You have one day in order to make the payment. (I’ve a specific pixel in this mail, and right now I know that you’ve read through this e-mail). If I don’t receive the BitCoins, I will certainly send out your videotape to all of your contacts including relatives, co-workers, and so on. nonetheless, if I receive the payment, I’ll erase the videotape immediately. If you want proof, reply with “yes!” and I will certainly send out your videotape to your 10 contacts. It is a non negotiable offer, thus kindly do not waste my personal time and yours by replying to this message.

 

 

To avoid falling victim to these kind of scams, our top tips are:

 

  • As we always stress, NEVER open zip files, attachments or click on links within the body of an email if you’re unsure about the authenticity of the sender.

 

  • NEVER reuse passwords across multiple sites/accounts

 

  • When clicking reply, notice what the email address next to the display name says

 

  • If you are unsure of what to do, ring the ‘sender’ to see if this is a genuine request.

 

  • If something doesn’t seem quite right, trust your instinct to follow it up before sending any money online.

 

  • For your business, we recommend using a SPAM email filtering service such as MailGuard to trap and quarantine these emails so they don’t find their way into your inbox. 

 

We offer cyber awareness training, simulated phishing email testing and other solutions to help with preventative measures against this kind of attack within your business, for more info

call 01158 24 25 26 or drop us an email – sales@pyranet.co.uk