SLCERT issues a "High" threat warning regarding a blackmail email scam

SLCERT issues a “High” threat warning regarding a blackmail email scam. This is known as a #sextortion scam; the sender claims to have accessed users Pass Words & contacts & claims to have sensitive content, followed by a ransom demand via Bitcoin.

Bitcoin Blackmail Scam via Emails

Threat Level
High

Overview

A new blackmail scam is actively spreading around the web via emails, the main reason behind this is to extort money from the targeted users in the form of Bitcoin payments.

Description

Sri Lanka CERT received several cases regarding the blackmail email scam. The blackmail email scam is a message from an unknown sender that claims to have compromised the targeted users’ computer and have accessed to their passwords and contacts. It also claims that the attacker/sender contains other sensitive or embarrassing content of the targeted user which were taken from the compromised computer.

This message is followed by a ransom demand where the targeted user must make the requested payment in bitcoins, and in exchange the attacker/sender promises to delete victim’s information. Please note that these type of emails are circulated to frighten the user into sending money.

Impact

Might be vulnerable for similar attacks if responded
Financial loss

Solution/ Workarounds

Refrain from replying to the emails that look untrusted.
You should not pay the above mentioned ransom as it is a trick from the attacker to get money from you.
Regularly change your passwords and enable two factor authentication for added security.
Ensure your computer has no malware by running Anti-virus scans regularly and keeping it up-to-date.