Sextortion attempts are increasing, make sure you close off remote computer access and mobile apps may be secretly making screen captures of your keypad entries.
To hear the podcast click on the arrow below:
Sextortion is an ugly word, but you’ll be hearing a lot more of it, according to security writer Brian Krebs. It’s a scam that works like this: You get an email from someone that says they’ve cracked your computer and caught you going to a porn website. And the proof is they include in the message one of your passwords. They say they secretly recorded you. They demand money in Bitcoin. Actually, it’s a scam because while the password they claim to have is real, it’s probably an old one you abandoned a while ago that the attacker got from a list of stolen passwords and usernames. What should you do? The FBI says you should never send compromising images of yourself to anyone, no matter who they are — or who they say they are. Don’t open attachments from people you don’t know. Be careful with opening attachments even from people you do know. And turn off [and/or cover] any web cameras when you are not using them.
One of the things in these threatening emails is the claim the attacker installed malware that opens the remote desktop protocol – or RDP – to secretly turn on your video camera and record what you type. RDP is supposed to be a helpful tool in Windows, allowing software companies tech support staff or administrators you approve to remotely access your computer if you need help solving a glitch. The problem is, it’s also away attackers can get in, too. McAfee recently reported that there are sites on the Dark Web selling this kind of access for a few bucks after having cracked administrator passwords. Access to one airport’s system cost only $10. Your best protection against this kind of an attack is a tough password to your home computer. And make sure your computer’s administrator account is hidden. You can Google for advice on that. Meanwhile company administrators have to make sure RDP connections aren’t open to the internet, and system access has tough passwords and two-factor authentication.
Finally, the main mobile app stores – Google and Apple – do a pretty good job of screening apps for malware and privacy violations. For example, earlier this month researchers at Northeastern University revealed work done on scanning 17,000 Android apps, looking for evidence that apps secretly turn on your smart phone’s microphone to record and send what you’re saying. Doesn’t happen. Roughly half of the apps can access the mic or camera, but only with user permission. However, what they did find were many apps taking screen shots or videos of what you are doing as you use that app. That information can be sent to an analytics firm, or for some other purpose. What’s worrisome is whether app users understand this is being done. Google says apps in the Play Store have to disclose how users data is being collected. But what about apps you don’t get from an official store? Like an app from a local restaurant, dry cleaner, grocer? You need to be careful about downloading these. Check what permissions and access the app requires. If it asks for too much, forget the app.