MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2013

MA-367.122013 : MyCERT Alert - Cyber Blackmail Scam

Date of publication: 26 Dec 2013

1.0 Introduction

Recently, MyCERT had been observing an increasing number of cyber blackmail scam incidents from our constituency which involves blackmailing and extorting victims for money. Victims are mainly teenage to middle aged man and we suspect the perpetrators are male foreigners based in various locations including in Malaysia. The scam uses social networking sites like Facebook, Tagged and online video chats such as Skype as the platform to carry out their activities.

The scam has become a global and has become quite serious where people are losing their money, reputation and self image.

2.0 Modus Operandi

The modus operandi of the cyber blackmail scam is perpetrators will be friends with potential victims on Facebook or Tagged, portraying themselves as beautiful, sexy women purportedly from the Philipines, Japanese, Korea. Perpetrator will ask the victim to video chat with her using skype by using attractive words to lure the victim. The perpetrator will take off her clothes and will request victim to do so while online video chatting which the victim will do so. By doing this, the perpetrator will start to record the victim in inappropriate position via the webcam, without the victim realising that he is being recorded. Perpetrator will later play the recorded video footage to the victim and start to blackmail him to pay certain amount of money otherwise his video footage will be circulated in his friends’/family Facebook or uploaded on YouTube.

3.0 What to do If You Are A Victim

  • Discontinue and refrain from communicating with the perpetrator. Ignore and disregard any calls, SMS or messages from the perpetrator.

  • Make all of your social networking accounts private so the perpetrator will not be able to reach you and your friends.

  • Keep all relevant data such as chat logs, screenshots, emails as evident for reporting and prosecution purposes.

  • Paying to the scammers is never encouraged as it may further propagate the scam.

  • Lodge a police report at a nearby police station together with evident for the police to further investigate.

  • Report to a Computer Security Incident Response Team (CERT) or to your ISP.

4.0 Recommendations

  • Internet users are advised to adhere to best practices and ethics when they are online on social networking sites and online chattings.

  • Internet users should be very precautious with whom they friend with and must not fullfill all unnecessary requests from other users while they are online.

  • Be alert and suspicious of unusual activities on the net and immediately report it to relevant authorities.

  • As preventive measure, configure your Skype to restrict communication with your contact list only by doing the following: Go to > Tools > Options > Privacy > Only Allow IMs, Calls etc from People on my Contact List > SAVE

  • Always make sure your software and systems are up-to-date, and that you are using up-to-date security software.

  • Be aware that anything you do on the internet, including video and voice calls, can be recorded and manipulated for malicious purposes.

  • Never use your webcam to video call someone you do not know.

MyCERT can be reached through the following channels for further assistance:

E-mail : cyber999@cybersecurity.my or mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References