Insidious “Sextortion” Phishing Scheme Has Your Password

Cybersecurity writer Brian Krebs says his post about this scam got more readers than anything he’s put up since his website launched in 2009. Yes, he acknowledges, sex sells, but beneath the lurid scenario, in this case, there is an unsettling sidelight. The extortionist introduces the proposition with a jolting revelation: one of your own passwords. Then he (she?) claims to have footage, shot through your own webcam, of you watching porn, and says it will be sent off to all your contacts (the perp has those too, of course) unless you pay a bitcoin ransom. This scam apparently has netted proceeds in the hundreds of thousands of dollars, and in one sense it may be a bellwether. As Krebs writes, there are countless other ways these schemes “could become far more personalized and terrifying — all in an automated fashion. The point is that automated, semi-targeted phishing campaigns are likely here to stay.” At the conclusion of this post, Krebs lists five rules for dealing with phishing threats. The first one, in particular, is simple and has long been understood, if not followed, by all but the most clueless: Don’t click on links or open attachments in email, even if it appears to be from someone you know.