cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

The old "we have pictures of you naked" scam with a new (password) twist

At various times various people and groups have tried an extortion scam that claims to have pictures or video of the user, naked.  (This new analysis comes to us, ironically, courtesy of Naked Security, an arm of Sophos.)

 

This time around they claim to have proof that they have access to your machine, because they have, and tell you, your password.  This group appears to have access to one of the myriad password troves that are littered around the Internet, so they may have access to your password.  If you use the same one everywhere.  And if you haven't changed it in the past several years.

 

Of course, nobody uses the same password everywhere, right?  Well, one of the things we learned from the Ashley Madison debacle was that there are an awful lot of people in responsible positions, who do use the same email and password for work and visiting sex sites ...

 

(This reminds me of the various CISSP holders, over the years, who have discovered the cissp.txt file, and were horrified to discover that they were in it!  It was an old file that someone had scraped off the ISC2 site, when it had a member directory, and was reposted at various times over the years.  You can find more details in the CISSPforum FAQ, section 4.4.)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
denbesten
Community Champion

That is actually a pretty good trick.  Even if they report an old password for the wrong account, one likely believe them.  After all, they could have snagged the pix a while ago, or from a cloud backup of my documents/pix.

 

Of course, the bigger problem for them is that even my old passwords are something like "PST9hJcP4rJas4ctMnJ0e1Q#CJTVQVV", which are very unlikely to show up in a password trove.

rslade
Influencer II

Date sent: Fri, 13 Jul 2018 22:24:01 +0000 (UTC)
Subject: Re: The old "we have pictures of you naked" scam with a n
ew (password) twist ((ISC)² Community Subscription Update)

> denbesten (Contributor II) posted a new reply in Industry News on 07-13-2018

> That is actually a pretty good trick.  Even if they report an old
> password for the wrong account, one likely believe them.  After all, they
> could have snagged the pix a while ago, or from a cloud backup of my
> documents/pix.

Social engineering. It's always social engineering. Generally it's a lot easier to fool
people than systems.

(Of course, once you can fool systems, you can fool them over and over again ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Capitalism is the astounding belief that the most wickedest of
men will do the most wickedest of things for the greatest good of
everyone. - John Maynard Keynes
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468