The RGP wishes to bring to the attention of the public a new form of email scam that has been detected in Gibraltar, in which victims are being sent their own passwords as proof that their PCs have been hacked.
The fraudsters then demand payment in Bitcoins after claiming that the victim has been filmed on their computers watching pornographic material. This is said to have been achieved through the use of a virus installed in the victim’s PC when the victim allegedly watched a pornographic video clip infected with the virus. The victims are then threatened with the recording being sent to their list of contacts if payment is not made within 24 hours.
The RGP wishes to reassure the public that this is an email scam and that there are no reports of the threats having been carried out after the demand period has lapsed. This scam has also been identified in the UK and is not just targeting Gibraltar. The RGP is collaborating with its UK counterparts with regards this scam.
It is suspected that the criminals obtain the password information from data breaches at third party websites and not as a result of the victims being directly targeted and individual emails or computers being hacked. Anyone wanting to check whether their email address may have been compromised in a third party security breach can do so using the https://haveibeenpwned.com website. The public can also check on new trends in scam emails at https://www.actionfraud.police.uk which is the National Fraud & Cyber Crime Reporting Centre in the UK.
Whilst scam emails are quite common and it may prove difficult to stop receiving them, there are a few simple measures which can prevent individuals becoming victims of the scam:
Don’t be rushed or pressured into paying. If you pay, criminals will feel you are vulnerable and you will probably be targeted again. We advise that you do not pay criminals.
Change your password immediately. In general, it is good internet security to change passwords regularly, use strong passwords with a combination of upper/lower case characters as well as using an alphanumeric combination.
Don’t engage with fraudsters. Don’t email them back as they will just use the opportunity to place more pressure on you.
Keep anti virus software up to date.
If you do have a webcam cover it when not in use.
If you have sent money to the criminal report it to the RGP’s Economic Crime Unit.
Members of the public should bear in mind that if they have not engaged in the type of activity claimed in these sort of scams, this in itself is an indication that it is in fact a scam.
The RGP also wishes to reassure the public that if they are concerned after having received any phishing emails they can be contacted for advice. Alternatively, they can report the matter at any Police Station.