Hackers have now victimized many individuals through a new email scam where they said they could steal passwords from victims and hack their webcam while watching porn. If you have recently received an email with one of your old passwords in the subject line and a bitcoin request, don’t panic, it’s just a new kind of scam that crooks are using. Your old password probably came from a public database of old leaked passwords and email addresses, such as a breach of Linkedin data. Over the course of this year, there has been a sharp rise in sophisticated hands-on hacking campaigns, with more of these intrusions seen in the first six months of 2020 than the total number for the whole of 2019.
As the world adapts to work-from-home culture, (1) in cyber attacks and ransomware, businesses and companies face a new challenge. There has also been a spectacular spike in the number of cyberattacks over the past few months, impacting both small and large companies and people. The pandemic has created new possibilities for scammers and fraudsters to deceive people and companies, whether payments and shopping or sharing files and accessing VPN. Ransomware attacks during this period have seen a tremendous increase. Ransomware is a kind of malware that enters the file of a victim. In exchange for restoring access to data, the attacker then demands a ransom. In its report entitled The State of Ransomware 2020, cybersecurity firm Sophos reveals that 82 percent of Indian organizations have been hit by ransomware in the last six months. Around 66 percent of organizations paid the ransom. In comparison, 29 percent could recover their data from backups without getting involved in any ransom, the report also states.
The increasing risk has proved one thing: a cyberattack can happen to anyone and anywhere. No one and no information is safe. Therefore, to prevent their data from being stolen, people and organizations must follow certain steps and be extremely cautious. Securing the hardware is the first and basic step. Company hardware’s safety is often ignored, with far more attention given to obtaining the latest and most advanced cybersecurity software forms. But with a complex password, one needs to protect the device. And on different sites, do not repeat the password and change it regularly (2).
The Indian Government is currently in a deep phase of removing websites that affect users’ privacy. The irony is that porn websites are the ones on the list, even dating apps. But why? Why porn sites? Do they have anything to offer that could damage the privacy of the users? What do dating sites have to offer? What can such a simple website like that damage users? For your information, the way hackers get to you is exploiting your privacy, which is exactly through these websites.
Hacking through porn and dating sites
Sextortion has been on the rise during the COVID-19 lockdown over the past several months, as I said before. It is nowhere more severe than in India. India has been the leader in porn consumption during the coronavirus lockdown, as per data released by PornHub. A cybercriminal will send you a threatening message or email in a porn scam scenario, telling you that your phone laptop has been filled with malware that allows the hacker to film you via the webcam of your phone’s camera or laptop. To extort money, the hacker then blackmails you with this information. Cybercriminals usually ask the victim for money in Bitcoin since cryptocurrency is almost untraceable within a specific period to keep the video a secret (3).
The interesting thing to remember here is that it is generally a bluff for such emails. The email is nothing more than an attempt to intimidate you into wiring funds to the hacker until you have originally clicked on even a suspicious malware link that allowed the hacker access to one’s phone’s or laptop’s camera. Even if such threats are purely fake, out of fear, people often tend to believe them (4). Using a password that you may have used once, hackers also dress up the email to make it look legitimate. If your email ID was ever part of an old data breach, these passwords are easy enough to find on the Dark Web. The effective way to defend oneself is to change your password to something more often (5).
An old method of sextortion is when the hacker uses private pictures of the victim to obtain money. This scam is usually found on online dating platforms and video call apps, which have seen a rise in users during the COVID-19 pandemic. Typically, it starts with two individuals beginning a relationship on a dating app. Soon enough, whether through messages or on a video call, the scammer will try to move the conversation to an intimate scenario. The scammer will attempt to persuade the victim to send intimate pictures or videos that will then be used to blackmail the victim.
Tricks that they use
This form of sextortion scam is very new, but among hackers, it is gaining in popularity. As explained in this article, it includes an app or website that claims to be a coronavirus tracker that alerts users immediately when they come near an infected person. However, to see everything the user does on their phone, the app seeks lock screen access and device admin rights. With this, to extort money from their victims, they can track the websites they visit and use that information. Recently, these coronavirus-related sextortion emails are on the rise. Victims are giving in to ransom demands that can go as high as 4000 dollars in Bitcoins.
A new form of sextortion scam started to emerge earlier this year. Scammers tell their victims they have recorded them via their home security cameras. In this scam, the criminal will send an email to the victim claiming to have recordings of the victim in an intimate situation. The scammer will also include a link that takes the victim to a website showing some generic footage from a home surveillance video or some camera system in a public area to make this threat look believable. The footage is presumed to convince and frighten the victim that the hacker also has his video (6).
Real-time Incidents that have occurred
Cybersecurity cells in Maharashtra and its city-based unit have begun to receive calls for help from such helpless users to save their money from cyber rogues demanding hefty sums or threatening to ‘leak’ their online activities to their known contacts or society at large. The extortionist requested around two lakh rupees in Indian currency through Bitcoin in one such email to a victim, threatening to send details of activity on a porn site and webcam footage to all his contacts and colleagues, and family members. The mechanism gave access to the victim’s computer and display screen and the webcam to the cyber rogue. The malware stole the victim’s data as well (A young corporate executive, another victim, had engaged in a sexually explicit chat with a woman from a conservative family and was worried that if this got out, they would gt into a lot of problems. According to the police, several complainants were urged to intervene without the filing of a First Information Report, as this would later become a case to be pursued in court. A senior police officer said this is because victims do not want their families to get even the slightest inkling of the online activity they think they are being blackmailed about because of embarrassment or shame. (7).
The hacker mentioned that they had prepared a double-screen video, which showed the clip the victim was watching and the other webcam recording projects. Nagpur learned that after surfing porn sites, a man landed in trouble. His contacts began to receive emails from his email ID asking for money. The victim landed at the cybersecurity cell seeking help, flabbergasted. An expert with Nagpur cybersecurity cell said that adult websites are full of malware and viruses that steal and exploit surfer data (8).
In India, anonymous blackmailers operating similarly targeted 13 individuals between January and August, following complaints filed with police departments’ cyber cells in several states. States such as Delhi, Maharashtra, Jharkhand, Madhya Pradesh, Uttar Pradesh, and Uttarakhand have received complaints. Senior police officials say these complaints are probably just the tip of the iceberg, as victims prefer to approach discreet private cybersecurity advisors for assistance in most cases. Even among security agencies, there was some doubt that such threats could be part of an elaborate hoax designed to make people think they might have been filmed watching porn.
A young corporate executive, another victim, had engaged in a sexually explicit chat with a woman from a conservative family and was worried that if this got out, all hell would break loose. According to the police, several complainants were urged to intervene without filing a First Information Report. This would later become a case to be pursued in court. A senior police officer said this is because victims do not want their families to get even the slightest inkling of the online activity they think they are being blackmailed about because of embarrassment or shame. (9).
Actions the Government is taking
The Government has been saying the same thing from Day 1, which is to stop visiting these websites. But, with e records rising day by day, such incidents are prone to occur. The Government cannot control such a situation for everyone. One has to learn the effects of visiting such on their own. Using VPNs and many other applications that can breakthrough the ban could impact the way your data gets hacked too. Being naïve is one thing and realizing and using the application is another. The use of pron sites in India is regulated and is legally known to be banned. Everyone knows this, and this is why the legal system takes action on the user first. They know that there is no way to trace the hacker, but punishment can be delivered to set an example to the whole nation. Newer tricks to get through the ban have e=been evolving day by day, and hackers aren’t fools; they know out to adapt as well (10).
And as for dating sites, there cannot be much control. The Government still cannot tap that region as there isn’t much of any element that could affect its emotion. Thus, the hacker can choke the user through this system. And as the dating apps get more evolved day by day, the users get even deeper into the trickery of words and miscontext. The dating sites have been getting more detailed information from users. As the youth, who are mentally immature to figure out what they mean, type in whatever the website asks for, and the hacks can chuckle at the novice user’s foolishness.
As a netizen, it is your responsibility to be more careful when visiting such sites. Even if it is out of curiosity or out of desire, always use a safe screen to access such sites. These might be alternatives, but prevention is always better than cure, and the cure could be costly and embarrassing as well. So, take heed.
