<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:-webkit-standard;
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">Hello all,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">For your awareness, a current scam email is using old compromised passwords to make the scam more credible. This “sextortion” email claims to have installed malware on a target’s computer and captured a video while
the target was visiting adult sites [1].<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">If anyone in your department receives one of these emails, they may recognize the password as one they have used in the past. The passwords are from old data breaches and are compiled into combo lists like the Anti-Public list from
last year [2]. There is no such malware on their computer and no video exists.<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">While this scam email is a hoax, the FBI recommends [3] the following steps to avoid becoming a victim of sextortion:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">• Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">• Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">• Turn off [and/or cover] any web cameras when you are not using them.<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">A sample of the scam email is included below.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">Best,<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">Jessica<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">Jessica Murray<span class="apple-converted-space"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">Information Security Officer<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">MIT<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">[1]<span class="apple-converted-space"> </span><a href="https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/"><span style="color:#954F72">https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">[2]<span class="apple-converted-space"> </span><a href="https://www.hackread.com/anti-public-combo-list-with-billions-of-accounts-leaked/"><span style="color:#954F72">https://www.hackread.com/anti-public-combo-list-with-billions-of-accounts-leaked/</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">[3]<span class="apple-converted-space"> </span><a href="https://www.fbi.gov/file-repository/stop-sextortion-brochure.pdf/view"><span style="color:#954F72">https://www.fbi.gov/file-repository/stop-sextortion-brochure.pdf/view</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">I will cut to the chase. I do know<span class="apple-converted-space"> </span><b>someoldpassword</b><span class="apple-converted-space"> </span>is your password. More to the point, I know about
your secret and I've evidence of it. You do not know me and nobody hired me to investigate you.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">It's just your bad luck that I stumbled across your blunder. Let me tell you, I actually installed a malware on the adult vids (sex sites) and you visited this web site to experience fun (you know
what I mean). When you were busy watching video clips, your browser started out operating as a Rdp (Remote control desktop) with a key logger which gave me access to your display screen and also webcam. Right after that, my software program obtained all your
contacts from your messenger, facebook, as well as e-mail.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">After that I put in more time than I probably should have investigating into your life and generated a two screen video. First part displays the recording you had been viewing and 2nd part shows
the recording of your web cam (its you doing dirty things).</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Frankly, I want to forget details about you and let you move on with your daily life. And I will offer you two options that can accomplish that. These two choices either to ignore this letter, or
just pay me $2900. Let’s understand these two options in more details.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Option One is to ignore this email message. Let's see what will happen if you pick this option. I will definitely send out your video to all your contacts including relatives, coworkers, and many
others. It will not shield you from the humiliation your family will feel when relatives and buddies find out your unpleasant details from me.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Other Option is to send me $2900. We will call it my “privacy charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will delete the recording immediately.
You continue on with your daily life like nothing ever happened.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">At this point you may be thinking, “I will complain to the police”. Without a doubt, I have taken steps to ensure that this e-mail can't be traced returning to me and it won't prevent the evidence
from destroying your daily life. I am not trying to steal all your savings. I just want to be paid for my efforts I placed into investigating you. Let's hope you decide to make pretty much everything disappear completely and pay me my confidentiality fee.
You'll make the payment via Bitcoins (if you don't know this, search "how to buy bitcoins" in google)</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Required Amount: $2900</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Bitcoin Address to Send to: <bitcoin address></span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">(It is case sensitive, so copy and paste it)</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">Tell nobody what you would use the bitcoin for or they possibly will not give it to you. The procedure to have bitcoins will take a day or two so do not delay.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"-webkit-standard",serif;color:black">I've a special pixel within this email, and now I know that you've read this message. You now have 24 hours in order to make the payment. If I don't receive the BitCoins, I will definately send
out your video to your entire contacts including relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I will erase the video immediately. It's a non negotiable
one time offer, so please don't ruin my personal time & yours. The clock is ticking.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>