Indian Cyber security agency warns of email extortion fraud

(Image credit: Shutterstock)

India's cyber security agency has issued a detailed advisory warning users about a new email extortion fraud where scammers send mails to unsuspecting people claiming that their computers have been hacked and demand money for letting go of it. 

The Computer Emergency Response Team (CERT-In) advisory says these cyber criminals claim they have a video taken from the victim's webcam that gives away their passwords and go on to provide details of their mail accounts showing possibly old passwords as evidence. 

At this juncture, they usually ask for money in the form of some untraceable mode of payment including Bitcoins and threaten the users that refusal to pay up could result in them leaking more of their personal data including photographs in the public domain. 

"Although the listed passwords are in many cases actual passwords that the user has used in the past, but the attacker does not know them by hacking into your account, but rather through leaked data breaches shared online," the CERT-In says while underscoring that these emails are fake scams and users have nothing to worry about. 

It goes on to advise recipients of such emails that they should refrain from paying payments and in case passwords listed by them appear familiar, they just need to change those on any website that they are being used. 

This is how the email appears

"I know, xxx, is your password. You don't know me and you're thinking why you received this email, right?" 

"Well, I actually placed a malware on the porn website and guess what, you visited this website to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (remote desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account." 

"What exactly did I do? I made a split-screen video. First part recorded the video you were viewing and the next part recorded your webcam. 

What should you do? Well, I believe $1900 is a fair price for our little secret. You will make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin in Google). 

"Important: You have 24 hours in order to make the payment (I have a unique pixel within this email message, and right now I know you have read this email). If I don't get the payment, I will send your video to all your contacts including relatives, coworkers and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with "Yes!" and I will send proof to five of your friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email." 

CERT-In advise 

CERT-In adds in the advisory that in case users receive any emails of this type, they should merely delete it and need not get intimidated. And in case any of the passwords shared in the email look familiar, users should immediately go and change them. 

Earlier in April, CERT-In had warned about the vulnerabilities of video conferencing app Zoom and issued an advisory outlining safety measures for both the operator as well as the users. 

Raj Narayan

A media veteran who turned a gadget lover fairly recently. An early adopter of Apple products, Raj has an insatiable curiosity for facts and figures which he puts to use in research. He engages in active sport and retreats to his farm during his spare time. 

Latest in Cyber Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Man uses a laptop in a hotel room
4 ways to avoid misinformation on social media and retain control of your newsfeed
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead