• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Is this possible?

I received the email shown below tonight.  I'm 99.99% certain that it's a scam, so I'm trying hard not to panic.  Here's what I want to know.  Are the kind of exploits mentioned possible on a Mac protected by Norton Antivirus running on a Core router?  Even if you could do such things, which I'm guessing are possible, would the combination of router and antivirus stop them?  Please let me know.

Thanks!

Email follows (with xxxxxxxx being an actual password I've used):

From: Hillard Balsamo <vtpnanceyuv@outlook.com>
Subject: doughart2 - xxxxxxxx
Date: July 11, 2018 at 4:58:11 PM PDT

It seéms that, xxxxxxxx, is your password. You mày not know me and you're most likèly thinking why you'rè getting this mäil, correct?

Let mé tèll you, I actually plãcéd ã malware on thè ãdult vidéo clips (pornogrãphy) site and guess whát, you visited this site to experience fun (you know what I meãn). While you wérè watching video clips, your web browsèr initiated working as a RDP (Remoté control Dèsktop) having a kéylogger which gavé mé äccessibility to your screen and also web caméra. aftér that, my softwaré collècted ãll your contàcts from your Messénger, FB, äs well as émail.

What exactly did I do?

I mäde à doublè-screèn video. 1st pãrt shows thé video you wéré watching (you've got a fine tasté héhe), and next part shows thé rècording of your wéb càmera.

exactly what should you do?

Well, in my opinion, $2900 is a rèasonablé pricè for our littlè secret. You'll make the payment via Bitcoin (if you don't know this, sèarch "how to buy bitcoin" in Googlè).

BTC Address: 1A8Ad7VbWDqwmRY6nSHtFcTqfW2XioXNmj

(It is cAsE sensitive, so copy and paste it)

Importãnt:

You now have onè day to maké thé paymènt. (I häve a spécific pixel within this email, and right now I know that you havé read through this mail). If I do not get the BitCoins, I will certainly sènd out your video recording to all of your contäcts including friénds ànd family, coworkers, and so on. Having sãid that, if I receive the pãyment, I will erasé the video immidiately. If you want to have proof, réply with "Yés!" ând I definitely will send out your video récording to your 5 friènds. It's a non-négotiable offér, thus please do not wastè my personál time änd yours by replying to this mail.

Replies

Kudos0

Re: Is this possible?

Hello Doug. In a nutshell that is a scam message. Delete it and block the user. A BTC address "BTC Address: 1A8Ad7VbWDqwmRY6nSHtFcTqfW2XioXNmj" references Bitcoin. Thus the scam, this scammers doesn't have any of your information. Core will detect and block bitcoin on your Core network as will your Norton Security product detected as PUA.JScoinminer. Unless you are an avid BC miner and want to allow this on your network. https://community.norton.com/en/comment/7743431#comment-7743431

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1803 / build 17134.319 / NSBU 22.15.1.8 / Norton Core v.267
Kudos0

Re: Is this possible?

I also got an email almost exactly like this yesterday. They also had my actual password. The only difference was the email, bitcoin address, and the amount they wanted me to send them.  I'm wondering if they hacked a site and accessed my password that way.   I do not have a webcam, and was not watching porn. So I'm not worried about anything other than they did have my correct password.   

Kudos0

Re: Is this possible?

Assuming this is spam, just be sure you track down whatever web site you used that password for and change the password and any security questions.

Things happen. Export/Backup your Identity Safe data.
Kudos3 Stats

Re: Is this possible?

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Kudos1 Stats

Re: Is this possible?

Reports are coming in about a new extortion scam where scammers email you stating that they know the recipient's password, have installed malware on the computer, created videos of the recipient using adult web sites through their webcam, and have stolen the recipient's contacts.

The good news is that this is just a scam and no one has caught the recipient doing anything they don't want seen on video. The bad news, though, is that these attackers may actually know a recipients password from data breaches.

https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/ 

Kudos0

Re: Is this possible?

Hello

Here is another report which was just reported today and has I believe the same email as the O/P received.

https://gizmodo.com/dont-fall-for-this-scam-claiming-you-were-recorded-watc-1827557323

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.15.1.8 Core Firmware 267 I E 11
Kudos0

Re: Is this possible?

Hi @doughart2 & @BDuri,

Thanks for reporting in Norton Community Forums. I have sent you a private message requesting for more details for further investigation. 

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Is this possible?

Someone has been sending sextortion scam emails with a new twist – one aimed at making it more likely you’ll be duped into paying a blackmail fee.

One of the emails arrived at Naked Security yesterday, via a diligent reader, just as Brian Krebs was breaking the story on his site.

It claims to have compromising images of the recipient and goes on to ask for payment in order to stop the images being released publicly. Attempting to manipulate victims by claiming to have compromising images of them is known as sextortion, and its been used for years. What makes this scam different is that it’s added something extra: it contains a real password used by the victim.  13-Jul-2018

https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/ 

Kudos0

Re: Is this possible?

My wife received a very similar email yesterday with a password she has used on non-essential accounts. Is there someway to forward this to Norton for investigation?

Kudos0

Re: Is this possible?

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. 02-Aug-2018

https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/

Kudos0

Re: Is this possible?

Sex extortion emails now quoting part of their victim’s phone numbera -- 15-Aug-2018
https://www.grahamcluley.com/sex-extortion-emails-now-quoting-part-of-their-victims-phone-number/

Kudos0

Re: Is this possible?

Sextortion Scam: What to Do If You Get the Latest Phishing Spam Demanding Bitcoin
https://www.eff.org/deeplinks/2018/07/sextortion-scam-what-do-if-you-get-latest-phishing-spam-demanding-bitcoin

Kudos0

Re: Is this possible?

Kudos0

Re: Is this possible?

A former NASA contractor was arrested and charged on Wednesday for allegedly sextorting women.

https://www.theregister.co.uk/2018/09/06/nasa_contractor_charged/