Action Fraud have reported that a phishing scam first identified by the National Fraud Intelligence Bureau, continues to be reported in high numbers.
The phishing scam, involves the fraudster sending victims their own passwords, making them believe they have gained access to their computers and have footage of them watching adult material on the web. The fraudster then demands payment in return for not exposing them to family and friends.
Action Fraud, report that in May alone over 149 crime reports and 1,443 reports to their phishing reporting tool have been made by members of the public. Many of these victims have reported receiving a barrage of these emails over a short period of time. The emails are particularly worrying for the victims, as they contain sensitive personal information, like their own passwords. The fraudsters have been demanding payment in Bitcoin, which is harder to trace.
Action Fraud have published an example of one email: I’m aware, XXXXXX is your password. You don’t know me and you’re probably thinking why you are getting this mail, right?
Well, I placed a malware on the adult video clips web site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as an RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email.
What did I do? – I made a double-screen video. First part shows the video you were watching (you have nice taste omg), and 2nd part displays the recording of your webcam.
Exactly what should you do? – Well, I believe, $2900 is a fair price tag for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
The warning comes after a hacker from East London was jailed for blackmailing adult site users, raking in millions. Zain Qaiser, 24, was jailed for six years and five months at Kingston Crown Court. The National Crime Agency (NCA) described it as the most serious case of cyber-crime they had ever investigated.
The former computer science student used advertising spaces on legal pornography sites to infect victims’ devices with malware. The malware showed users a screen impersonating the police services in their countries, demanding they pay a fine of between $300 and $1,000 (£220 and £760).
Working with an international Russian crime group that pocketed most of the millions, Qaiser personally received more than £700,000 for his part in the scheme, according to investigators. He spent this money on luxury hotel stays, prostitutes, gambling and a Rolex watch, they said, adding that they believed the total was “likely to have been very much higher”.
Passing the sentence, Judge Timothy Lamb QC said: “The harm caused by your offending was extensive – so extensive that there does not appear to be a reported case involving anything comparable. Whatever your motivation for mounting these attacks on the internet, you took the opportunity to spend large sums of ill-gotten money in casinos, on an expensive watch and luxury hotel services. All the constituent offences were part and parcel of your role as the self-styled ‘KiNG’ of the internet. It has been asserted on your behalf you are remorseful. I have seen no outward expression of that.”
Prosecutors said that they suspect Qaiser had stored more of his proceeds in offshore accounts, but they have been unable to trace this money so far.
Action Fraud offer the following advice to protect yourself from these types of scams:
Don’t reply to the email or be pressured into paying it only highlights that you’re vulnerable and you could be targeted again. The police advise that you do not pay criminals. Try flagging the email as spam/junk if you receive it multiple times.
Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email. Always use a strong, separate password for important accounts, such as your email. Where available, enable Two-Factor Authentication (2FA).
Always install the latest software & app updates. Install, or enable, anti-virus software on your laptops & computers and keep it updated.
If you have received one of these emails and paid the fine, report it to your local police force. If you have not paid, report the email as a phishing attempt to Action Fraud.