[Heads-up] This Evil New Child Porn Phishing Attack Could Absolutely Ruin

sexstortion
(Howard) #1

Extortion scammers keep uping their game and seem to be rapidly climbing down the moral character metter. If this scam is weaponized it would have chilling ramifications with the potential to cause much harm to innocent people. While it is still probably only a scam with the right access through a phishing link and access to your computer it’s not beyond the realm of possibility that they-they could try to extort high-value targets. Or possibly “anyone”.
Stu points out his concerns in a recent blog!

It will become more serious

"KnowBe4 is seeing a rise in this blackmail-type phishing… and it will become more serious. With the capabilities of recent destructive malware and ransomware the following scenario becomes highly probable: If you don’t pay the ransom—but click on the link, worried to death—they will put actual child pornography on the users’ machine, and/or they stuff your users’ search history with fake searches. Then they will anonymously notify the FBI or other Law Enforcement. It’s a setup and the intent is to actually cause the person to get arrested and massively disrupt your organization at the same time.

0 Likes

(Matt Parkes) #2

Yes my company has come across this type of thing, however we are only getting the hoax type emails so far. They state that the target has been up to no good on adult sites and that they have evidence to prove it and if no bitcoin ransom is paid then they will let the employer and family and friends know. No teeth to this as we don’t have web cams on computers and this was targeted at a company email address and revolved around the offense being done at work so we just ignore them.

We then used HaveIBeenPwned to find out that a few employee email addresses including the targets of the above have been found in data breaches appearing to be linked to a subscription service called call centre helper or possibly the recent exactis breach.

0 Likes

(Howard) #3

Most of these are hoaxes as you as you note blasted out in a spray and pray manner either generated frequently by the big spam bots or bad guys with a spam server. We have several free tools that are useful. EECP (Email Exposure Check), Email Exposure Check Pro, Password Exposure Check and Beached Password Check which will query known breaches or search for publicly exposed passwords.

0 Likes