Fake rescue looking for email scam hanging around in Indian cyberspace

NEW DELHI: The country's central cybersecurity agency has alerted internet users to an ongoing bogus email campaign claiming to have recorded a personal video of a user that could be posted if a ransom amount is not paid in cryptocurrency.

The India Computer Emergency Response Team (CERT-In), in a last announcement, said that while there is nothing to worry about with such emails, users should update or change their passwords, which are used to initiate Sign in to any of your social networks or other online platforms, if you find them compromised.

In the email extortion campaign, scammers have sent numerous emails to people stating that their computers were hacked, that a video was taken using their webcam, and that they know their passwords, the notice said.

These emails are fake, scams and there is nothing to worry about, he added.

CERT-In is the national technology arm to combat cyber attacks and protection of the Indian cyber space.

The agency mentions the content of a typical 'extortion' email in the notice:

First, the scammer would try to grab the recipient's attention by writing their old password in the mail.

After that, the scammer would create a story containing computer jargon to convince the recipient that the scammer is a very skilled hacker.

The story would declare that the hacker had placed malware on a porn website and while the user was watching the video, their webcam and display screen were hacked, violating all their Messenger, Facebook and email contacts.

The notice states that this could be the final step before seeking rescue.

He adds that the scammer will demand a ransom in the form of Bitcoin (cryptocurrency).

Now, the scammer or cybercriminal will give 24 hours to comply and threaten to send videos to family members, coworkers, etc. of the user said.

The CERT-In said that the user's secret access code mentioned in the fake email could be actual passwords used by the email recipient in the past, but the attacker doesn't know them by hacking their account, but through leaks shared data online.

Recipients should not send any payments to scammers, and if the listed passwords are in use or familiar, recipients are encouraged to change the password on whatever site they are using, he said.