“我知道你是这样那样的人。我知道你的密码。为避免入狱,请寄给我 2000 美元的比特币。” 如果你收到这样的邮件,你会有什么反应?Sextortion以新的形式回归!
在线(Online)性勒索有一种新的格式。早些时候,您只会收到威胁说黑客入侵了您的计算机并拥有您的性爱片段。许多黑客会设置网络钓鱼(Phishing)诱饵,说您的社交生活处于危险之中,因为黑客通过您笔记本电脑的摄像头拍摄了一段视频片段。当人们喊出虚张声势时,这样的信息就会减少。
今天,网络犯罪分子使用一种新的形式来恐吓人们。此类电子邮件现在在电子邮件的主题行中列出了您的密码,以便您惊慌失措,并向黑客发送一些钱到他们的比特币帐户。
Sextortion – 我知道你的密码
如果您的收件箱收到一封说我知道您的密码的性勒索电子邮件,您无需惊慌。只需(Just)在您使用的网站上更改密码即可。您可能会问他们是如何获得您的密码的。让你付钱只是一个噱头。
在过去的几年里,LinkedIn、Bitly.com和Dropbox等安全网站发生了许多违规事件。一些信息被黑客访问、复制并发布到像Pastebin这样的网站上,任何人都可以查看它们。sextortion 家伙从这样的存储库中获取您的密码,并声称他们已经入侵了您的电子邮件以获取您的电子邮件联系人的详细信息。
要知道您的电子邮件 ID 是否被泄露,请访问 HaveIBeenPwned.com网站并在那里查看。使用您使用或创建的所有电子邮件ID 。(IDs)最有可能的是,网络犯罪分子可能会从社交媒体泄露的数据转储中获取数据。
我将发布几天前收到的类似电子邮件。
是的。我知道你是个废话。
其实我比你想象的更了解你。
我是一名计算机科学家(互联网安全专家),隶属于Anonymous小组。
几个月前,您下载了一个应用程序。该应用程序故意植入了特殊代码。
从你安装它的那一刻起,你的设备就开始像一个我可以随时访问的远程桌面。(Remote Desktop)
该程序允许我访问您的桌面、相机、文件、密码和联系人列表。我也知道你住在哪里,你在哪里工作。。
我观察你很长一段时间,我在这里收集到的东西是压倒性的。
我知道你的 $$xual 偏好和你对年轻身体的兴趣。
我已经获得了 4 个视频文件,清楚地展示了您如何向青少年(从您的互联网浏览器捕获)展示您的美元(从您的相机捕获)。
粘在一起是一个非常压倒性的证据,表明你是一个 $$$phile。
视频文件上的时间戳表示确切的时间:
20_1562209548.mp4 (58.5 MB)
20_1562011121.mp4 (73.1 MB)
我不是来评判你的喜好的道德,我是来赚钱的。因为我知道你是个有钱的人,而且你很在意自己的名誉,所以我愿意给你一个赎罪的机会,我会让你一个人呆着。
你知道比特币(Bitcoin)是什么,对吧?你必须用 5,000 ÙSD 的比特币(Bitcoin)资助一个特殊地址,否则,我会将这些视频文件提供给你的家人、朋友和你的工作伙伴。
如果你一周内不发送比特币,我也会将这些视频记录发送到你当地的警察局。你的生活会被毁掉。
不要回复这封电子邮件,这是一封无法追踪的一次性消息。
我将会联系你。记住(Remember),我在看着你。
您可以采取哪些措施来避免成为性勒索受害者
- 为您的所有在线帐户使用(Use)强密码。
- 不要向任何人发送自己的妥协图像
- 不使用时关闭网络摄像头。
当我收到一封电子邮件说我知道您的密码时该怎么办?
- 不要恐慌。这只是一个虚假的威胁。网络犯罪分子依靠散布恐惧来赚钱。如果需要,您可以通过访问“我已被出售(Have I Been Sold)”或类似网站(a similar website)查看您的电子邮件 ID、密码和电话号码。这将使您了解网络犯罪分子从何处获取您的信息。
- 直接访问该网站并将您的密码更改为强密码。您可以使用Lastpass 之类的密码管理器(password manager)来管理您的所有密码。
- 向您当地的执法机构报告。美国居民可以致电当地的FBI办公室或拨打免费电话 1-800-CALL- FBI。
- 将电子邮件转发至 [email protected] 的 FTC 和[ email protected ([email protected])]([email protected])的反网络钓鱼工作组(Anti-Phishing Working Group)。
永远不要支付赎金(NEVER PAY THE RANSOM)。如果可以的话,只需(Just)更改您的密码并将其报告给您所在地区的执法机构即可。Sextortion是一种犯罪行为,因此这些“我知道你的密码”的电子邮件发件人会被视为犯罪分子。
I know your password. Sextortion is back with more power
“I know you are a such-and-suсh person. I know your password. To avoid jail time, send me $2000 in Bitcoin.” If you receive such an еmaіl, what’ll be yoυr reaction? Sextortion is back in a new format!
Online sextortion has a new format. Earlier, you’d just get a threat saying that the hacker has compromised your computer and has a sex clip of you. Many hackers would lay a Phishing bait saying your social life is in danger because of a video clip that the hacker has taken via your laptop’s camera. When people called out the bluff, such messages decrease.
Today, cybercriminals use a new format to scare people. Such emails now list your password in the subject line of the email so that you panic and send the hackers some money to their bitcoin accounts.
Sextortion – I know your password
If a sextortion email saying I know your password comes to your inbox, there is no need to panic. Just change your passwords on sites you use. You might ask how they got your password. It is just a gimmick to make you pay.
In the last few years, there have been many breaches on secure sites like LinkedIn, Bitly.com, and Dropbox. Some information was accessed, copied by the hackers and posted to websites like Pastebin where anyone can check them out. The sextortion guys get your password from such a repository and claim that they’ve hacked your email to procure details of your email contacts.
To know if your email ID was breached, go to HaveIBeenPwned.com website and check there. Use all email IDs you use or have created. Most probably, the cybercriminals might be picking up data from data dumps of social media breaches.
I will post a similar email I received a few days ago.
Yeah. I know you are a blah-blah.
Actually I know way more about you than you think.
I am a computer scientist (internet security specialist) with affiliation with the Anonymous group.
Few months ago you downloaded an application. That application had a special code implanted purposely.
Since the moment you installed it, your device started to act like a Remote Desktop I was able to access anytime.
The program allowed me to access your desktop, your camera(s), your files, passwords and contact lists. I also know where you live and where you work..
I was observing you for quite some time and what I have collected here is overwhelming.
I know about your $$xual preferences and your interest in young bodies.
I have secured 4 video files clearly showing how you $$$bate (captured from your camera) to young teenagers (captured from your internet browser).
Glued together is a pretty overwhelming evidence that you are a $$$phile.
The timestamps on the video files indicate the exact times:
20_1562209548.mp4 (58.5 MB)
20_1562011121.mp4 (73.1 MB)
I am not here to judge the morality of your preferences, I am here to make money. Because I know you are a wealthy person and that you do care about your reputation, I am willing to give you a chance to atone and I will leave you alone.
You do know what Bitcoin is, right ? You must fund a special address with 5,000 ÙSD in Bitcoin, otherwise, I am going to se?d those video files to your family members, friends and your work buddies.
If you do not send the bitcoins in one week, I will also send those video recordings to your local police office. Your life will be ruined.
Do not reply to this email, it’s an untraceable one time message.
I will contact you. Remember, I am watching you.
Things you can do to avoid becoming a sextortion victim
- Use strong passwords for all your online accounts.
- Don’t send compromising images of yourself to anyone
- Turn off your web cameras when not in use.
What to do when I get an email saying I know your password?
- Don’t panic. It is just a fake threat. Cybercriminals depend on fear-mongering to make money. If you want, you can see if your email ID, password, and phone number by visiting “Have I Been Sold” or a similar website. That will give you an indication of where the cybercriminals got your information.
- Go directly to the website and change your password to something strong. You may use a password manager like Lastpass to manage all your passwords.
- Report it to your local law enforcement agency. US residents can call their local FBI office or toll-free at 1-800-CALL-FBI.
- Forward the email to FTC at [email protected] and Anti-Phishing Working Group at [email protected].
NEVER PAY THE RANSOM. Just change your passwords and report it to law enforcement agencies in your area, if you can. Sextortion is a crime so these “I know your password” email senders are treated as criminals.