Sextortion Botnet sends 30K emails per hour!

A massive “sextortion’ campaign is using 450,000 hacked computers to spread 30,000 scam emails per hour according to security experts.

These scam emails threaten the recipient, claiming to release compromising and embarrassing photographs or videos of them unless they pay over £600 in bitcoin.  To add authenticity to the email, they include personal details such a password the target victim may have used.  Seeing their password displayed in the email, can convince the recipient that the email is genuine, leading to undue stress and panic, with many feeling pressured into paying the ransom.

In reality, the password provided in the email has most likely been harvested from an existing or past data breach which will include the user’s email address and password. Many large companies such as TalkTalk have suffered recent data breaches exposing the personal details of millions of customers which have circulated on the dark web making it easy for scammers to use this information to frighten would be victims.   The scammers claim to have hacked into the victims computer and online accounts and accessed compromising images and webcam footage when in reality, it’s nothing more than a scam and they have no such material.

What should you do if you receive such an email?

First of all, don’t worry. As I’ve said, all the scammer has is your email address and a password you’ve used one a website that’s been compromised.  Simply delete the email, or report it as spam.  You will most likely get a follow up email telling you time is running out, so again, delete and ignore.

If the password they’ve provided to you is a password you commonly use on other websites, now is a good time to visit these accounts and change your password.  We recommend you use a good password manager such as Last Pass [find out more], and Two Factor Authentication [find out more] to secure your internet accounts.

You can also check to see if your other passwords or email address have been compromised by visiting the trusted website, https://haveibeenpwned.com

Source : https://www.bbc.co.uk/news/technology-50065713