User Passwords Emailed by Cyber Criminals in Sextortion Scam

It would appear as if cyber criminals have found a new way of scamming businesses and other unsuspecting victims out of hard-earned money. This new tactic involves the criminal emailing the users password to a certain email account and then creating a fake story on how they obtained the password. Usually explaining that they had used a keylogger to gain access to your computer after said user supposedly clicked on a pornographic video with a virus implanted in it. The Criminal then will say they recorded you watching this video and have also access to all your contacts and threatens to send the “video” to all your contacts. But how have the criminals gotten a hold of sensitive data? It is thought to have been from previous data breaches.

Pink Connect is no stranger to this type of scam, no company is exempt from it.

This latest scam prays upon the uninformed and we hope with this article we can help spread awareness of this scam and help prevent other companies from falling for this scam. Some good steps to protect yourself is firstly, do not reply to the email or pay the sender any money as this may make you a bigger target. Secondly, reset your password as soon as possible make sure it is strong featuring capital letters, numbers and symbols. Thirdly, always install the latest versions of apps and anti-virus on your computer. Finally, if you happen to have paid the money report it to your local police force immediately, if not then report the email as a phishing attempt to Action fraud.

Our recommendations are:

  • Change all passwords, certainly never use the one mentioned (if any) again
  • Set up/activate Multi-Factor authentication with any portal/online-account which offers it
  • Ensure software and apps are up to date including operating systems
  • Run a Malware scan on all devices (android mobiles included), we recommend ESET Endpoint Security installed by an expert team.
  • Do not reply to the email at all
  • You can also report the email as a phishing attempt to Action Fraud: www.actionfraud.police.uk/report-phishing

Do not hesitate to contact our team if we can be of assistance.