There is a common phishing scam that is being sent to a number of individuals across Ireland and worldwide at the moment.
What the email claims
The email can vary slightly, but generally contains the following elements:
- An assertion that they have hacked your computer and taken it over. The ‘proof’ of this is that they have sent an email from your email address.
- An assertion that they have filmed you watching pornography on your computer.
- A demand that you pay Bitcoin into a certain account or they will email the video to your colleagues and family.
- In some instances the spammer may also send you a password from a website you have signed up to, to ‘prove’ that they have access to your account.
This scam has had worldwide success because many people feel embarrassed and pay the ransom rather than checking first if the email is genuine.
The assertions in the email are lies:
- Email servers do not authenticate the ‘From’ and ‘To’ so it is relatively easy for a hacker to make it appear that the email has come from your email address. In reality, it has not.
- The spammer has not hacked into your account – they are hoping that a minority of people will panic and send money to them. Each hacker will send the same email to hundreds of thousands of people.
- If the hacker gives a password you have used before, they will have taken it from a database of stolen email addresses and passwords found online. It does not mean that your device has been hacked by the hacker sending the email. However, you do need to change the password for that account immediately and any other accounts you use the same password for. Contact your IT provider if you have any concerns.
If you do receive an email of this nature then you are safe to ignore it.
If you have any concerns at all that you have genuinely been hacked, speak to your IT provider immediately. Professional IT companies won’t judge or embarrass you – we are only concerned with ensuring that your IT system is safe.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. –Wikipedia
Spear phishing, Whaling, Clone phishing, Link manipulation, Filter evasion, Website forgery, Covert redirect, Social engineering and Voice phishing.