A new scam making the rounds has cybercriminals trying to extort money from netizens by threatening to leak a video to friends and family of their marks watching X-rated videos. Here’s how it works.
A user gets an email from a crook who claims to have obtained, through hacking their computer, compromising webcam footage of them watching an adult website. In reality, the user’s computer wasn’t hacked but rather the cybercriminal has simply purchased some passwords and email addresses on the Dark Web that likely originated on a hacked forum or site that the individual may frequent. Think a hobby or club-type forum.
The attacker’s message includes a reference that they have obtained all the user’s contacts including co-workers, friends, and family. And the clincher is that the extortion message shows the user’s actual password in an attempt to convince the reader that they need to pay up – or else.
The cybercriminal is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one compromised password and is hoping for a quick payout.
If you receive this email, don’t panic and don’t send them any Bitcoin. There most likely isn’t any video. Change your password, don’t reuse any passwords that you use for important sites, and consider using two-factor authentication and a password manager to keep your accounts secure going forward.
And if you’re a company exec or IT pro, make sure your organization is monitoring the Dark Web for ID account compromises. That’s where cybercriminals are purchasing credentials for scams like this. Check out our Dark Web Guardian service that provides 24×7 monitoring for these types of compromises – 50% off a new 1-year subscription when purchased by August 31.
Everyone stay safe out there!
I was pleased to contribute to a story by bonpay’s Jegor Nagel on cryptocurrency 51% attacks and the risks they present. If you hold any crypto it’s worth understanding what a 51% attack is and why the blockchain is so inherently secure.
Read the entire story at bonpay.com
Unfortunately, most people that say this have little basis for the belief. The reality is that without monitoring it’s almost certain that some of your employees credentials are available for sale – or for free – out on the Dark Web and you’ll not know it. In 2017 we found 92% of organizations tested had compromises.
Here’s an example. I recently ran a quick scan on our local school system. I stopped the report after the first 190 compromises were found. And the report showed concerning details like failure to have implemented a complex password policy, setting a reasonable password depth, exposed Personally Identifiable Information (PII), etc.
Having the best firewalls and monitoring solutions in the world are useless if a cybercriminal has someone’s account info and password and just logs in.
I’m offering to help you find out at no cost or obligation. Visit this link and fill in your information and we’ll run a Dark Web scan for your domain at no cost and with no obligation. We’ll even give you a copy of our MicroData Dark Web Scan Action Guide that provides detailed recommendations on what to do if compromises are found.
If you’ve ever used Orbitz you’ll want to pay attention.
As reported by The Hacker News, it took Orbitz almost 3 months to discover that attackers exploited a legacy version of their travel booking platform
between October 1, 2017 and December 22, 2017. Users of Amextravel.com may also be affected.
Compromised data includes full names of customers, credit card numbers, birth dates, phone numbers, mailing addresses, billing addresses and email addresses. More than 880,000 individuals are affected.
Orbitz is currently working to notify the thousands of affected customers and plans to offer one year of free credit monitoring and identity protection service. Affected individuals should proactively monitor their personal data for misuse.
There are many factors to consider when buying a cell phone and now we can add espionage to the lists of risks to consider before making a purchase.
Chinese-based Huawei has been trying to make inroads to the U.S. market for a while now and has been selling unlocked phones online and through some retail outlets such as Walmart, Amazon, and Best Buy. They were also recently about close to an agreement with AT&T stores for selling their phones, but the deal fell apart at the 11th hour.
Now the heads of six U.S. intelligence agencies have warned consumers to avoid the brand due to what are considered security threats. Heads of the FBI, CIA, and NSA are telling Americans that the phones can “maliciously modify or steal information” and also “conduct undetected espionage”.
But with the Huawei flagship Mate 10 selling around $600, there are plenty of other choices out there without the risk. A favorite of mine which is still available is the Samsung S7.
Does your company need help with Mobile technology and security? Contact us for immediate assistance.
Everyone stay safe out there!
Home Depot recently announced that info from thousands of customer’s credit cards had been stolen from its systems. It appears that the breach was carried out by the same group that hit Target earlier this year. If you’ve shopped at Home Depot in the U.S. or Canada anytime from April of this year onward and used a credit or debit card for payment, you are likely affected. Here’s what you need to do.
Home Depot has been very upfront about the problem and is offering free identity protection services to its customers for a full year through AllClear ID. You can read the official Home Depot statement here, and sign up for the free identity protection services at https://homedepot.allclearid.com
What else? Watch your card statements closely. If you haven’t done so already, sign up with your card provider’s online service so you can check charges before your paper statement comes in the mail.
Also, watch out for calls or emails claiming to offer some type of identity theft protection but are actually phishing schemes to try and get even more personal information from you.