Scamwatch: Webcam Footage Blackmail
We recently received a number of phone calls enquiring about a scam email that was sent to a large number of Skymesh customers.
The email claims to have incriminating webcam footage of the reader. The email finishes with a demand for several hundred dollars to avoid having the footage released.
Because the threat relies on shaming you into handing over your hard-earned money, we thought that there might be a few people out there who received this email but were potentially not willing to call our Support team to discuss this email. Here is everything you might want to know but didn’t want to ask:
- The email is fake: there is no webcam footage.
- You should not pay this fraudster any money.
- The fraudster does not actually have access to your account.
- You should still change your password.
How do you know its fake?
The email certainly tries to sound like they have access to personal information about you, but it’s actually fairly vague (because it’s fake).
Because the footage doesn’t exist, you should feel comfortable deleting the email.
Why does it look like the email is from me?
The fraud is perpetrated by using e-mail spoofing, in which a sender uses a fake “reply-to” email address to make it looks like the email is coming from somewhere else. In this case, the reply-to email is your own address, and the illusion is completed by claiming the message is coming from your inbox.
How did the fraudster find my email address?
Statistically, they would have found your email address as part of a large-scale security breach on a third-party site. If you check the email address that received the message on ‘Have I Been Pwned‘, it’s likely that this email address was included in a breach. (This is a website that tracks known data breaches performed by other people.)
Why should I change my password?
The majority of the customers targeted by this scam were also affected by the Onliner Spambot breach of 2017. This was a high-profile data breach in which both email addresses and passwords were compromised. Some variations of the email also contain references to old passwords that you might have used in the past.
Either way, this is a good reason to update to a new, secure password that you’re not using anywhere else. If you want some support in getting a new password, try our handy guide.
What should I do next?
If you receive a scam email and you know its a scam, just mark that email as ‘junk’ and continue on with your day. If you’ve received a scam email, its likely that our Support team has already received a copy of that spam email in our inbox. We do not need additional copies to work with.
If you receive a threatening email, or an email that you think might be a scam, and you need additional information, you can contact our Support team for re-assurance. We’re happy to answer any questions you might have to help you identify scam emails.
We hope that helps!