Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security of computer camera


  • Please log in to reply
14 replies to this topic

#1 novice_compuser

novice_compuser

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 15 June 2018 - 11:04 AM

Dear forum members

 

I have seen posts online of people receiving mails from someone claiming to have hacked in to their computer camera and having access to their files, contacts and such and demanding payment.

 

I was surprised to see Gmail deliver a similar mail right in my inbox and as if that were not weird, marked it important - i would have expected Gmail to have instantly marked it as spam. How does that happen?

 

Also, is it possible as the mail claims to hack one's computer's camera through a virus? What are some means to check the claim? 

 

Finally, how the individual may have got my email id? The subject of the email carries my email id and some random ID - not sure what that is. 

 

Thanks for your help!


Edited by hamluis, 15 June 2018 - 12:05 PM.
Moved from Ransomware to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 novice_compuser

novice_compuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 15 June 2018 - 12:03 PM

There seems to have been a host of people who have received a similar mail:

 

https://nexusconsultancy.co.uk/blog/email-scam-ashamed-of-yourself/

 

also, reading further saw this interesting post:

 

https://daveeargle.com/2016/10/24/I-received-a-blackmail-letter/

 

maybe of help to someone who reads this forum 

 

 

The question i'm intrigued about is how the email address was got



#3 mjd420nova

mjd420nova

  • Members
  • 1,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 15 June 2018 - 01:09 PM

I get e-mails and phone messages like this all the time.  It seems funny to me as I have just gotten this phone and have not given the number to anyone but my wife.  The calls claim to be able to see me on my desktop, which does not have a web cam so I know it's BS.  The e-mails are riddled with mis -spellings and poor grammar so that gets them dumped right off.  E-mail addresses can be randomly generated and if they aren't valid will get bounced back to the sender.  Those that don't come back they then know they are valid ad will pursue with more attempts to get you to pay.



#4 novice_compuser

novice_compuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 15 June 2018 - 01:38 PM

Thanks a lot mjd420nova for taking the time to respond and share your experience.

 

 

<<E-mail addresses can be randomly generated and if they aren't valid will get bounced back to the sender.  Those that don't come back they then know they are valid ad will pursue with more attempts to get you to pay.

 

Interesting. Seeing the mail address on the subject line and worst of all, gmail delivering it to inbox was creepy

 

Although in the back of my mind i know it's a spam/phishing attempt with google tagging it as important, was little disturbing

 

This is the exact text of the mail received - strikingly similar to the ones posted by various members on this page: https://nexusconsultancy.co.uk/blog/email-scam-ashamed-of-yourself/ - i have deleted a part of a line to avoid posting profanity. 

 

I think individuals who are not very internet savvy and not aware of forums like these are likely to fall prey - is there a way to have a page that serves as a quick informational resource that dispels any concern.

 

 

<<The e-mails are riddled with mis -spellings and poor grammar so that gets them dumped right off.  

 

just as i read through the below mail after pasting it here noticed a couple of typos in the spam received

 

 

---------------------------------

 

 

Hey! 

Yours notebook computer have been infected all while you [...].

Currently I have at my disposal all the demandable dirt and contact files of all your loved ones.

The software program turned on your web cam and filmed and took pictures.

All access to your social networking platform accounts are at my diposal.

If you do not wish me to mail all dirty pictures ( as you have been fudging off ) to your nearest and dearest and collaborates, then you ought to deliver $USD 400 to my Bitcoin code 


If this were not the case if I do not obtain transference within 24 hours I going to show dirt to all your family members and collaborates and to the internet.

If you gonna fulfill all the terms I should close down all this photos and video.

You The key point in our time are family and you have to know that.

There is no such situation if you don’t do that bad things. 

You should be more careful next time.

Yours respectfully.
 

P.S. After opening the letter you have only 24 hours.

 

 -----


Edited by novice_compuser, 15 June 2018 - 01:39 PM.


#5 muroga

muroga

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 15 June 2018 - 05:38 PM

Interesting. Seeing the mail address on the subject line and worst of all, gmail delivering it to inbox was creepy

Although in the back of my mind i know it's a spam/phishing attempt with google tagging it as important, was little disturbing


Yeah Im almost totally certain that that google has nothing to do with the message being marked as important. There is an option when youre composing a mail to set its priority. As far as uour inbox ypu should be warned google can not/will not filter out all spam/unwanted/or malicious messages, your own judgement and common sense is what will protect you or get you imto trouble.

You should submit the email as a fraud/scam if you havent already, the low level of sophistication makes me wonder how well they hid their bitcoin account

#6 novice_compuser

novice_compuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 15 June 2018 - 10:49 PM

Thank you muroga for sharing your thoughts! I will submit it as a fraud/scam as you suggest.



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:17 AM

Posted 16 June 2018 - 09:33 AM

One of the things any novice computer user needs to learn, an as early as possible, is how to recognize spam and e-mail cons of various sorts.  

 

A message like the one under discussion here is just so obvious, and obviously bad [in both intent and execution], that it warrants little more than instant deletion.

 

There are many messages, particularly phishing messages spoofed as to appear from a legitimate source, that warrant reporting to the actual legitimate source that they make the attempt to appear to be from.  Something like the one quoted here is beyond amateurish and should be recognizable as fraudulent on first sight.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#8 mrhouse46

mrhouse46

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 25 June 2018 - 09:42 PM

I just got one

 

They knew my name 

 

Is that significant ?

 

I do not have a camera on my PC

 

But the name bothers me

 

Lastly I did happen upon a porn site this weekend looking for non porn movie

 

   



#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:17 AM

Posted 25 June 2018 - 09:51 PM

I suggest searching for your own e-mail address using the web search engine of your choice.

 

One's e-mail address, and the name that goes with it, is absolutely, positively not private in any way.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#10 Replicator

Replicator

  • Members
  • 203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:04:17 PM

Posted 26 June 2018 - 08:53 AM

Secure your Webmail accounts with a strong pass away from main defaults.

 

If you click mail that you shouldnt, this wont help much!

 

And yes.....whatever info you provided on sign up (user input) is fair game now.


Edited by Replicator, 26 June 2018 - 08:55 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:17 AM

Posted 26 June 2018 - 09:09 AM

 

And yes.....whatever info you provided on sign up (user input) is fair game now.

 

This is something that bears repeating and repeating and repeating until the world at large "gets it."

 

If you set up an e-mail address that uses the name "Judi Sarducci" ahead of the address <j.sarducci@randomemailprovider.com> then each and every outgoing e-mail message you generate contains both of those pieces of data in the header and that header is not encrypted.   Those who have e-mail sniffers set up to cull e-mail addresses can pick up both of those pieces of information with ease from any e-mail message you've sent.   They can do the same from messages sent to you as well, but by sniffing the "To:" field rather than the "From:" field.

 

The sooner people get clued in that e-mail is not now, and never has been, private in any meaningful sense [akin to standard postal mail] the better.

 

Once you've sent and received a couple of messages that information has been "released into the wild."


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#12 mrhouse46

mrhouse46

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 26 June 2018 - 01:41 PM

Thanks on the email information.

 

My current  prime concerns are  1) Does he access to my email contacts and 2) can he get a video of me despite not having a camera.

 

My concern is that he make something up and send it to my friends and family 

 

this is the email.   I remain very worried 

 

Nothing on multiple virus scans

 

I was searching for a non porn movie and a porn site popped up.  My virus software did block it 

 

I am really scared 

 

 

 

 

I hope not to crush your your feelings or anything and i am certainly here not to you, even-though it will be kinda sick if somebody from your list of contacts or relatives will watch you doing ur bleep. Its your life and you decide but i will do mine too.

All right, enough of this, recently u visited a site with adult vids poisoned with my virus, which I'm really proud of.

So i got received all the contact information from your computer and also i received access to your cam, so captured everything, and then edited this vid to one splitscreen, with bleep you was watching on one side and you toying with your stuff on the other. I wish you are paying attention on this one here.

In any case, if you want me to ditch this material. 480 amount in UDS will settle this argument with me.

1JWvtqraZZGXSfCq14xjD5LCWdAFTnjWfh

i accept only btc(cryptocurrency).

U will be given four days reading this letter, a simple track software will notify me when this happens.

I will send this vid to all your contacts if i don't get my pay. You can contact ur police department I'm from a totally different country and region, so you are welcome to do anything u want. Please do not reply to this mailbox, cause i won't be able to receive anything from you.

Sincerely.



#13 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:17 AM

Posted 26 June 2018 - 05:02 PM

Again, I suggest several thought experiments:

 

             Is it possible to take an image that would be considered "a picture" in the photographic sense without a camera?

 

             If your e-mail account has not been breached, how would someone have access to your contacts?

 

 

Making people afraid, and getting them to take action as a result of that fear that is directly against their best interests, is the stock in trade of scammers the world over.  Once you've recognized a scam, and have not done anything in response to it, just move calmly along with life.  There is nothing to be scared about.  In fact, one should feel more secure in that one is able to recognize a scam and know that the worst thing one can do is to take any action beyond ignoring it.


Edited by britechguy, 26 June 2018 - 09:37 PM.
fixed "write-o" of "comments" with "contacts"

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#14 cafejose

cafejose

  • Members
  • 992 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 26 June 2018 - 11:43 PM

One of the things any novice computer user needs to learn, an as early as possible, is how to recognize spam and e-mail cons of various sorts.  

 

A message like the one under discussion here is just so obvious, and obviously bad [in both intent and execution], that it warrants little more than instant deletion.

 

There are many messages, particularly phishing messages spoofed as to appear from a legitimate source, that warrant reporting to the actual legitimate source that they make the attempt to appear to be from.  Something like the one quoted here is beyond amateurish and should be recognizable as fraudulent on first sight.

Scamming and spamming is moving everywhere.  I tried learning to use a smartphone many months ago, which included registering a fresh "cellular" telephone number.  I wanted to, among other things, learn to use text-messaging.  Within a few hours, I began to receive text messages from people who know absolutely nothing about me.  Probably as a carryover from whoever had the cell phone number before I did.  On the other hand, maybe a few of the messages where something less honest.



#15 abbeyslinger

abbeyslinger

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 27 June 2018 - 05:20 AM

I also received such emails, never understand how these scammers got the details. As for the cameras the best is to restrict app permissions or use webcam cover. Most of these attempts were phishing attacks so never click on any link or image you receive  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users