WEBVTT 00:00:00.000 --> 00:00:06.760 align:middle line:90% 00:00:06.760 --> 00:00:11.660 align:middle line:84% Now, this is a different type of a social engineering attack. 00:00:11.660 --> 00:00:16.300 align:middle line:84% So this isn't a phishing attack per se. 00:00:16.300 --> 00:00:18.700 align:middle line:84% It's not pretending to be something else. 00:00:18.700 --> 00:00:20.350 align:middle line:84% It's not pretending to be your boss. 00:00:20.350 --> 00:00:23.170 align:middle line:84% It's not pretending to be Amazon, or PayPal, 00:00:23.170 --> 00:00:25.000 align:middle line:90% or Microsoft. 00:00:25.000 --> 00:00:28.500 align:middle line:84% It's not pretending to be the FBI saying, hey, 00:00:28.500 --> 00:00:29.500 align:middle line:90% we locked your computer. 00:00:29.500 --> 00:00:31.660 align:middle line:84% We found you doing some crazy stuff. 00:00:31.660 --> 00:00:35.680 align:middle line:90% This one was a sextortion scam. 00:00:35.680 --> 00:00:39.010 align:middle line:84% So a sextortion scam is a scam where 00:00:39.010 --> 00:00:43.060 align:middle line:84% they try to extort you by something that you've 00:00:43.060 --> 00:00:47.680 align:middle line:90% done or supposedly done. 00:00:47.680 --> 00:00:50.290 align:middle line:84% And we saw this with things like Celebgate, 00:00:50.290 --> 00:00:55.690 align:middle line:84% where a malicious hacker stole a bunch of compromising photos 00:00:55.690 --> 00:00:58.150 align:middle line:84% from people, celebrities, and then tried 00:00:58.150 --> 00:01:00.460 align:middle line:90% to use that to blackmail them. 00:01:00.460 --> 00:01:06.480 align:middle line:84% So what this scam was, a hacker would either go out and start 00:01:06.480 --> 00:01:10.290 align:middle line:84% sending these emails out to people saying, hey, look. 00:01:10.290 --> 00:01:13.840 align:middle line:84% I found you doing something - I got a hold of your computer. 00:01:13.840 --> 00:01:15.960 align:middle line:90% I put a virus on there. 00:01:15.960 --> 00:01:18.930 align:middle line:84% I activate your webcam or your microphone. 00:01:18.930 --> 00:01:20.490 align:middle line:84% I start taking screenshots, and I 00:01:20.490 --> 00:01:23.790 align:middle line:84% caught you doing all these crazy things online. 00:01:23.790 --> 00:01:26.040 align:middle line:84% You're doing all these naughty things. 00:01:26.040 --> 00:01:31.620 align:middle line:84% And, hey, unless you want me to send all these videos 00:01:31.620 --> 00:01:34.370 align:middle line:84% and photos to everyone on your contact list - your friends, 00:01:34.370 --> 00:01:38.340 align:middle line:84% and your family, your co-workers - you better pay me in Bitcoin. 00:01:38.340 --> 00:01:41.280 align:middle line:84% And I'm even going to walk you through how 00:01:41.280 --> 00:01:43.140 align:middle line:84% to get Bitcoins and send it to me. 00:01:43.140 --> 00:01:47.220 align:middle line:84% And you have - well, this particular one's 26 hours. 00:01:47.220 --> 00:01:52.170 align:middle line:84% It's usually 24 hours or 12 hours to comply with it. 00:01:52.170 --> 00:01:57.270 align:middle line:84% And the part that would really be scary for a lot of users 00:01:57.270 --> 00:02:01.840 align:middle line:84% is that some of these were a little bit more sophisticated, 00:02:01.840 --> 00:02:05.170 align:middle line:84% where they would say, "Hi there, so-and-so. 00:02:05.170 --> 00:02:08.150 align:middle line:84% I know your password is such and such." 00:02:08.150 --> 00:02:10.840 align:middle line:84% And the way this worked was the malicious hacker 00:02:10.840 --> 00:02:12.700 align:middle line:84% would typically go to a data breach site 00:02:12.700 --> 00:02:15.100 align:middle line:84% or pull some sort of data breach, 00:02:15.100 --> 00:02:18.110 align:middle line:84% and then find a person's email and password. 00:02:18.110 --> 00:02:21.070 align:middle line:84% And since people generally have bad password habits 00:02:21.070 --> 00:02:23.800 align:middle line:84% and don't change your password often, 00:02:23.800 --> 00:02:28.600 align:middle line:84% they can go, "Hey, dispogames@gmail.com, I 00:02:28.600 --> 00:02:30.677 align:middle line:84% caught you doing all these crazy things. 00:02:30.677 --> 00:02:33.010 align:middle line:84% And if you don't believe me that I got on your computer, 00:02:33.010 --> 00:02:35.600 align:middle line:84% your password was such and such." 00:02:35.600 --> 00:02:40.250 align:middle line:84% And if I was a typical user, and I didn't change my password, 00:02:40.250 --> 00:02:45.310 align:middle line:84% and I look at that, that gives this email legitimacy. 00:02:45.310 --> 00:02:46.990 align:middle line:90% Now, I'm thinking, "Oh, my gosh. 00:02:46.990 --> 00:02:48.130 align:middle line:90% They got my email address. 00:02:48.130 --> 00:02:51.440 align:middle line:90% They got my password." 00:02:51.440 --> 00:02:55.130 align:middle line:84% And you may or may not have been doing anything on online. 00:02:55.130 --> 00:02:58.760 align:middle line:84% But the fact that they say they have something - 00:02:58.760 --> 00:03:01.640 align:middle line:84% they're saying they have access to your computer, 00:03:01.640 --> 00:03:05.190 align:middle line:84% and they're going to send all this crazy stuff to my friends, 00:03:05.190 --> 00:03:07.940 align:middle line:84% my family, my co-workers, and that - 00:03:07.940 --> 00:03:11.910 align:middle line:84% that's enough to scare a lot of people to take action. 00:03:11.910 --> 00:03:14.730 align:middle line:84% Well, again, so this is working a couple of different angles. 00:03:14.730 --> 00:03:18.088 align:middle line:84% This is fear, because it's scaring me that, hey, someone 00:03:18.088 --> 00:03:18.880 align:middle line:90% got on my computer. 00:03:18.880 --> 00:03:21.630 align:middle line:84% They caught me, or they said they caught me, 00:03:21.630 --> 00:03:22.960 align:middle line:90% doing all this crazy stuff. 00:03:22.960 --> 00:03:25.860 align:middle line:84% And they got my password, and they got my contact list. 00:03:25.860 --> 00:03:28.410 align:middle line:84% And they're going to send this out to all these people. 00:03:28.410 --> 00:03:31.840 align:middle line:84% And then we have scarcity, scarcity being time. 00:03:31.840 --> 00:03:33.370 align:middle line:84% In this particular case, I only have 00:03:33.370 --> 00:03:37.060 align:middle line:84% 26 hours to send this money off to this hacker. 00:03:37.060 --> 00:03:44.680 align:middle line:84% So, again, it's a really horrific attack, 00:03:44.680 --> 00:03:49.330 align:middle line:84% because it's pretty painful when someone targets you 00:03:49.330 --> 00:03:52.900 align:middle line:84% in this type of way saying, I got on your computer. 00:03:52.900 --> 00:03:54.340 align:middle line:90% I got your password. 00:03:54.340 --> 00:03:55.690 align:middle line:90% I've been sitting on a computer. 00:03:55.690 --> 00:03:57.357 align:middle line:84% I've been grabbing all this information. 00:03:57.357 --> 00:04:00.730 align:middle line:84% It's a violation of your privacy, 00:04:00.730 --> 00:04:02.830 align:middle line:90% and it scares a lot of people. 00:04:02.830 --> 00:04:05.230 align:middle line:84% But, again, this is social engineering. 00:04:05.230 --> 00:04:08.440 align:middle line:84% It's essentially amygdala hijacking where, OK, oh, my, 00:04:08.440 --> 00:04:09.730 align:middle line:90% they grabbed this information. 00:04:09.730 --> 00:04:11.380 align:middle line:90% They got my password. 00:04:11.380 --> 00:04:17.230 align:middle line:84% But, again, if you take a moment to think about it - well, 00:04:17.230 --> 00:04:18.399 align:middle line:90% let's see. 00:04:18.399 --> 00:04:23.170 align:middle line:84% This particular email doesn't have a password 00:04:23.170 --> 00:04:27.130 align:middle line:84% to prove that they got on your system, 00:04:27.130 --> 00:04:30.060 align:middle line:84% if you sit and think about it, whether you did anything crazy 00:04:30.060 --> 00:04:31.810 align:middle line:84% on your computer, whether there's actually 00:04:31.810 --> 00:04:34.240 align:middle line:84% any legitimate information there. 00:04:34.240 --> 00:04:35.860 align:middle line:84% And what a lot of people would do 00:04:35.860 --> 00:04:38.260 align:middle line:84% is they would just wait the 26 hours 00:04:38.260 --> 00:04:39.960 align:middle line:90% and see if anything happened. 00:04:39.960 --> 00:04:43.690 align:middle line:84% And in most cases, nothing ever happened. 00:04:43.690 --> 00:04:47.190 align:middle line:90% It's a bluff. 00:04:47.190 --> 00:04:53.730 align:middle line:84% So this other one I want to show you is, money for you. 00:04:53.730 --> 00:04:58.520 align:middle line:84% So $2 million was made to you, contact us for detail. 00:04:58.520 --> 00:05:01.670 align:middle line:84% At the Luminate Education, we work flexibility. 00:05:01.670 --> 00:05:04.610 align:middle line:84% While it suits me to email you now, 00:05:04.610 --> 00:05:06.680 align:middle line:84% do not expect a response reaction 00:05:06.680 --> 00:05:08.790 align:middle line:90% outside your own working hours. 00:05:08.790 --> 00:05:13.040 align:middle line:84% And what I was supposed to do is call them, or email 00:05:13.040 --> 00:05:15.500 align:middle line:84% them, or visit their website, and find out, 00:05:15.500 --> 00:05:19.190 align:middle line:90% hey, where's my $2 million? 00:05:19.190 --> 00:05:24.050 align:middle line:84% So this, obviously, is greed, greed that, hey, 00:05:24.050 --> 00:05:25.340 align:middle line:90% somehow I got $2 million. 00:05:25.340 --> 00:05:27.200 align:middle line:90% This is awesome. 00:05:27.200 --> 00:05:28.310 align:middle line:90% I'm rich. 00:05:28.310 --> 00:05:35.420 align:middle line:84% Well, of course, it's not a legitimate email. 00:05:35.420 --> 00:05:39.612 align:middle line:84% I don't know anyone that's going to give me $2 million. 00:05:39.612 --> 00:05:42.130 align:middle line:84% It'd be great, but I really don't 00:05:42.130 --> 00:05:45.590 align:middle line:84% think anyone's going to give me $2 million out of the blue. 00:05:45.590 --> 00:05:49.450 align:middle line:84% So if we look at this email, this looks very suspicious. 00:05:49.450 --> 00:05:55.150 align:middle line:84% Because, first of all, it's too Jeannie Appleyard - not to me. 00:05:55.150 --> 00:05:58.510 align:middle line:84% This email itself and this information doesn't really 00:05:58.510 --> 00:06:02.161 align:middle line:84% go into why I'm getting $2 million. 00:06:02.161 --> 00:06:04.970 align:middle line:90% It's not addressing me directly. 00:06:04.970 --> 00:06:09.750 align:middle line:84% So, again, this is appealing to your sense of greed. 00:06:09.750 --> 00:06:11.000 align:middle line:90%