By Louise Walsh
An Irish IT company has warned of a new online sextortion scam which they say is 'causing a lot of misery and stress' to computer users by sending them their own hacked passwords.
The phishing email is causing panic to many users because it identifies one of their account passwords and claims it has information on their online activity, which they will share to family and friends unless paid $3,200 in bitcoin.
Dash.ie in Dundalk has asked people to be vigilant after receiving up to 15 calls a day from 'stressed out' customers across the country who have received the email over the last few weeks.
The email states: "I'm aware ...is your password. You don't know me and you're probably thinking why you are getting this mail, right?
"Well I actually placed a malware on the adult video clips (porno) website and guess what, you visited this website to experience fun (you know what I mean).
"While you were watching video clips, your internet browser started out working as a remote desktop with a key logger which gave me access to your display screen as well as web camera.
"Just after that, my software program gathered every one of your contacts from your Messanger, Facebook and email."
It continues: "After that I gave in much more time than I should've exploring into your life and generated a two screen video. First part shows the recording you had been viewing and second part shows the capture from your web camera (it's you doing inappropriate things)
"Frankly, I'm ready to forget about you and let you continue with your life."
It then offers the user a chose to pay them $3,200 through bitcoin within 24 hours or face the video being sent to all their contacts.
Unbelievably, the phisher says it only wants the money as compensation for time spent investigating them and warned that the 'cops' won't trace him.
"Without a doubt, I have covered my steps to ensure this mail cannot be tracked returning to me and it will not stop the evidence from destroying your daily life.
"I am not trying to steal all your savings. I just want to be compensated for the time I placed into investigating you. Let's hope you have decided to make all this go away and me the confidentiality fee."
Managing director of Dash.ie, Dalton Dullaghan says people should not panic, not email the fraudster back, change all of their passwords and turn off their webcam when not in use.
"We've been getting a lot of calls from stressed out people on this sextortion scam that's doing the rounds at the moment," he said.
"People are panicked in the main, that the scammer knows their password.
"On average, the passwords that I have seen have been ones that the users actually do have in use on the internet at various places which adds a sense of realism and panic to the email.
"Most likely, an account associated with the email address has been compromised at some point - such as the well documented breaches in Facebook and LinkedIn - and the criminal is using details already available on the dark web.
"I would be very worried that this kind of email could have tragic consequences on a vulnerable person who may be driven over the edge by this.
"Never pay the bad bounty and turn on the two step authentication of all accounts where possible."
Mr Dullaghan says he has seen instances where hackers have waited an watched a person's email for months, waiting for that one big pay day.
"I've seen where someone watched an email for months over details of a pension scheme and just at the point that bank details were exchanged, they interceded and sent them theirs.
"Please change passwords regularly and have different passwords for different sites," he concluded.
