Advice Request Interesting way to scam for ransom via email

[CMLew]

Happened to saw this email.

From the looks of it, it's a ransom scam.
But really curious, on this tech part.

" While you were watching the video our virus started to work and setup your computer as a Remote Desktop. When this happened i had full control of your computer screen and your camera (yes i could see what you were watching along with your face and actions by your cam). We also collected all your contacts from Messengers, Social Networks, Emails. So what i did next? Well, i started to record an live double-screen video (first part your screen sharing, second part your camera while watching porn)"

Is this possible without noticing?

Just out of curiosity and for sharing knowledge purposes.

 

[Deleted member 65228]

The answer is Yes. Likely? No.

New browser vulnerabilities are discovered all the time and when discovered can lead to drive-by-download attacks - bear in mind execution is required. Attack vectors like Powershell tend to be quite easy for deployment and are liked by attackers a lot - of course modern browsers like Google Chrome are a lot safer in comparison to Internet Explorer though. Old vulnerabilities may even still be exploitable to date, but may ask for your permission first (e.g. ActiveX abuse).

If a "file-less" attack can be deployed and code execution can be gained on the system, an attacker won't necessarily need elevated privileges to do such activities you're asking about. Notice how the Windows Store version of Skype for Windows 10 (metro-based) and also the Desktop version of Skype can access your web-cam and microphone at ease without a problem with no additional privileges? Any malicious software running as standard rights can do this as well.

Generally speaking, put masking tape over your webcam when you aren't required to use it. If it's a portable one, you can simply unplug it instead. I'm not a fan of built-in microphone devices but you can disable the device from Device Manager (which does require elevation - a lot harder to gain with maximum UAC settings) but personally I would rather have only a portable one which I could unplug as and when I want to.

Security software may have features for preventing unauthorised access to devices like your webcam and microphone, but it'll never be as reliable than pulling the plug for the cable, or masking tape/fully disabling the device. Personally I would not put full trust in such, but they still work well.

As for the e-mail, I agree it is interesting. It evolves around social engineering - the attacker pushes on emotions which you are vulnerable to. Most people reading that e-mail and believe it will shriek in horror and will be unable to think properly to realise it is a scam.

 

[Faybert]

The worst of it all is that there will be people who will believe, as most people do not know about it, and whoever does this takes advantage of this type of person, I have seen many similar cases, where the person did everything they asked for by email.

 

[CMLew]

The worst of it all is that there will be people who will believe, as most people do not know about it, and whoever does this takes advantage of this type of person, I have seen many similar cases, where the person did everything they asked for by email.

That shows there are alot of people who watches porn.

 

[Faybert]

That shows there are alot of people who watches porn.

You bet

 

[Paul Lee]

Never take threats seriously from Indian scammers who can't spell.

 

[CMLew]

Never take threats seriously from Indian scammers who can't spell.

How u know it's an Indian?

On a side note, wat is feed burner?

 

[karthic1998]

Never take threats seriously from Indian scammers who can't spell.

Don’t judge the Book (Indian)by its cover