Fake ransom seeking email scam prowling in Indian cyberspace

PTI, May 2, 2020, 3:44 PM IST

New Delhi: Country’s federal cybersecurity agency has alerted internet users against an ongoing “fake” email campaign that claims to have recorded personal video of a user which could be published if a ransom amount in crypto-currency is not paid.

The Computer Emergency Response Team of India (CERT-In), in a latest advisory, has said while there is “nothing to worry” about such emails, users should update or change their passwords, used to login any of their social media or other online platforms, if they find them compromised.

“In email extortion campaign, the scammers have sent numerous emails to people stating that their computers were hacked, a video was taken using their webcam and that they know their passwords,” the advisory, also accessed by PTI, said.

These emails are fake, scams, and nothing to worry about, it added.

The CERT-In is the national technology arm to combat cyber attacks and guarding of the Indian cyber space.

The agency mentions the contents of a typical ‘extortion’ email in the advisory:

Firstly, the scammer would try to grab the recipient’s attention by writing their old password in the mail.

After that, the scammer would craft a story containing computer jargons in order to convince the recipient that the scammer is a very skilled hacker.

The story would state that the hacker had placed a malware on a porn website and while the user was watching the video, his webcam and display screen was hacked breaching all his contacts from messenger, FaceBook and email.

The advisory states that this could be the “final step” before seeking the ransom.

It adds that the scammer will then demand ransom in the form of Bitcoin (crypto currency).

“Now, the scammer or cyber criminal will give a deadline of 24 hours to comply and threaten to send videos to the relatives, co-workers etc of the user,” it said.

The CERT-In said the user’s secret pass code mentioned in the fake email could be “actual passwords used by the recipient of the email in the past, but the attacker does not know them by hacking their account, but rather through leaked data breaches shared online.”

“Recipients should not send any payments to the scammers and if the passwords listed are in use or familiar, recipients are advised to change the password at any site that they are being used,” it said.