Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎07-13-2018 05:58 PM
‎07-13-2018 05:58 PM

The old "we have pictures of you naked" scam with a new (password) twist

At various times various people and groups have tried an extortion scam that claims to have pictures or video of the user, naked.  (This new analysis comes to us, ironically, courtesy of Naked Security, an arm of Sophos.)

 

This time around they claim to have proof that they have access to your machine, because they have, and tell you, your password.  This group appears to have access to one of the myriad password troves that are littered around the Internet, so they may have access to your password.  If you use the same one everywhere.  And if you haven't changed it in the past several years.

 

Of course, nobody uses the same password everywhere, right?  Well, one of the things we learned from the Ashley Madison debacle was that there are an awful lot of people in responsible positions, who do use the same email and password for work and visiting sex sites ...

 

(This reminds me of the various CISSP holders, over the years, who have discovered the cissp.txt file, and were horrified to discover that they were in it!  It was an old file that someone had scraped off the ISC2 site, when it had a member directory, and was reposted at various times over the years.  You can find more details in the CISSPforum FAQ, section 4.4.)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
2 Replies
denbesten
Community Champion
‎07-13-2018 06:23 PM
‎07-13-2018 06:23 PM

That is actually a pretty good trick.  Even if they report an old password for the wrong account, one likely believe them.  After all, they could have snagged the pix a while ago, or from a cloud backup of my documents/pix.

 

Of course, the bigger problem for them is that even my old passwords are something like "PST9hJcP4rJas4ctMnJ0e1Q#CJTVQVV", which are very unlikely to show up in a password trove.

Reply
0 Kudos
rslade
Influencer II
‎07-14-2018 02:07 PM
‎07-14-2018 02:07 PM

Date sent: Fri, 13 Jul 2018 22:24:01 +0000 (UTC)
Subject: Re: The old "we have pictures of you naked" scam with a n
ew (password) twist ((ISC)² Community Subscription Update)

> denbesten (Contributor II) posted a new reply in Industry News on 07-13-2018

> That is actually a pretty good trick.  Even if they report an old
> password for the wrong account, one likely believe them.  After all, they
> could have snagged the pix a while ago, or from a cloud backup of my
> documents/pix.

Social engineering. It's always social engineering. Generally it's a lot easier to fool
people than systems.

(Of course, once you can fool systems, you can fool them over and over again ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Capitalism is the astounding belief that the most wickedest of
men will do the most wickedest of things for the greatest good of
everyone. - John Maynard Keynes
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos