Password Stolen? Ransom Email is befalling to Hong Kong?

HKCERT received many incident reports recently, which involved a new form of email scam asking for ransom. No matter what's the email look like, they might get some common characteristics.

The content of these new ransom email include:

1. Your password or personal information was appeared in the email subject or content.
2. The hacker have installed malware in your computer.
3. The hacker have recorded your adult-website habits or your action when you are browsing those website.
4. The hacker will share them out to your contacts if you do not pay.

Image source: Internet

Actually, the attacker may not really intruded your computer. They could find your personal information via social engineering attack, darknet or database leakage of other website. It pretended as truth and authenticate to run the scam campaign.

What can you do to when you received this kind of email?

1. Be calm
2. Do not pay and delete the email
3. Change the password immediately

What's more?

1. Password Security: Use different strong password in different website. Enable two-factor authentication and change your password regularly.
2. System Security: Install anti-virus and anti-malware software and keep them updated and patched. You should also keep your webcam firmware updated.
3. Physical Security: You can cover and disconnect your webcam when you are not using it.
4. Security Awareness: Do not browse any un-trusted website, pay attention to all pop-out message and avoid become a fraud incident victim.

Please be noted that these kind of ransom email may transform into different variant. Report to HKCERT if you received these ransom email.