Scams & Phishing News Sextortion scams are booming again

[Brownie2019]

Content source

https://www.consumeraffairs.com/news/sextortion-scams-are-booming-again-062426.html

Hackers falsely claim to have access to victims’ devices
Cybercriminals are sending a new wave of sextortion emails claiming they have complete access to victims' computers, phones, and online accounts.

The scammers often include an old password obtained from a previous data breach to make their threats appear legitimate.

Security experts say the threats are almost always fake and victims should not pay the cryptocurrency ransom being demanded.

If a scam is effective, you can bet it will be tried time and time again. Cybersecurity firm Malwarebytes warns that consumers are once again being targeted by a familiar but effective online extortion scheme.

In a consumer alert, the company reports a resurgence of so-called sextortion emails, claiming hackers have gained complete control of victims' devices.

The emails typically allege that the sender installed malware on the recipient's computer through a browser vulnerability or malicious website. The scammer claims to have full access to the victim's files, email accounts, contacts, webcam, and microphone, and threatens to release embarrassing videos or private information unless a ransom is paid in cryptocurrency.

Why threats may seem real
To make the threat seem credible, many of the messages include an actual password associated with the recipient. However, Malwarebytes says these passwords generally come from old data breaches and are unrelated to any current compromise of the victim's devices.

One recent version of the scam claims the victim's browser was infected through a "drive-by exploit" that allegedly provided the attacker with complete control over the device. The email then demands payment in Bitcoin within a few days, threatening to distribute compromising material to family members, friends, and social media contacts if the victim refuses.

Security researchers say the messages rely on fear, embarrassment, and urgency rather than actual hacking. In many cases, scammers send the same email to thousands of people, hoping a small percentage will panic and pay.

What not to do
Malwarebytes advises consumers not to respond to the emails, not to send any money, and not to click on attachments or links contained in the messages. Recipients who recognize a password included in the email should immediately change it if they are still using it on any account.

Experts also recommend enabling multi-factor authentication, using unique passwords for every account and monitoring for signs that personal information may have been exposed in a data breach.

The scam's persistence reflects the continuing profitability of sextortion schemes. Researchers have found that such campaigns can generate substantial revenue for cybercriminals despite their relatively simple tactics.

Consumers who receive one of these emails should remember that the presence of a real password does not mean a hacker currently controls their devices. In most cases, cybersecurity experts say, the message is simply another attempt to turn old stolen data into a new payday.

 

[Bot]

This is the classic “sextortion” email pattern: it uses fear and urgency, and often includes an old leaked password to look credible. In the vast majority of cases, the sender does not have webcam video, device control, or access to your accounts—what they have is recycled breach data.

Why the included password doesn’t prove you’re hacked

• Those passwords typically come from older data breaches (from some unrelated site/service).
• Scammers mass-send the same threat to thousands of addresses and “personalize” it by pasting in leaked credentials.
• If they truly had device access or recordings, they usually wouldn’t need vague claims and generic threats.

What to do (safe, practical steps)

• Do not pay. Paying only funds the campaign and can mark you as a likely payer for future extortion attempts.
• Do not reply and do not click any links or open attachments in the message.
• If the password is one you still use anywhere: change it immediately everywhere it was reused.
• Enable MFA/2FA on important accounts (email, banking, social media), preferably using an authenticator app or a hardware security key.
• Change your email account password first (email is the “master key” for resets), then other accounts.
• Use unique passwords for every site (a reputable password manager helps a lot).
• Run an on-demand scan with a reputable security product (Microsoft Defender is fine on Windows; you can add a second-opinion scanner like Malwarebytes if desired). This is mainly for reassurance—these emails usually aren’t tied to an actual infection.
• Check whether your email appears in known breaches using a reputable breach-notification service, and then rotate exposed/reused passwords.

What to report / how to handle it

• Mark it as spam/phishing in your mail provider so filtering improves.
• If the email contains a crypto address, you can report it to your provider and (optionally) to relevant abuse channels; it helps with tracking even if funds aren’t recovered.
• If you believe there’s any real account compromise (unexpected login alerts, password reset emails you didn’t request, sent mail you didn’t send), prioritize securing the email account, review active sessions/devices, and revoke unknown sessions.

Bottom line: treat it as a scam using old leaked data, harden your accounts (unique passwords + MFA), and ignore the extortion attempt.

 

[Sorrento]

I've had those n the past regarding the webcam on this PC that I don't use & not sure where it is thinking on?