- Did you recently receive an email with one of your old passwords in the subject line and a request for bitcoin?
- It's a new kind of scam.
- The attacker likely got your password from a publicly available database of old leaked passwords and email addresses.
An example letter is below:
Let's get straight to the point. I am aware XXXXXXXX is your password. More importantly, I know your secret and I have proof of it. You do not know me and no one hired me to examine you.
It is just your hard luck that I found your blunder. Actually, I actually installed a malware on the adult vids (sexually graphic) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your browser began operating as a Rdp (Remote desktop) with a key logger which provided me with accessibility to your screen and webcam. After that, my software program obtained all your contacts from facebook, as well as email.
After that I gave in much more hours than I should've into your life and created a two screen video. 1st part displays the recording you were viewing and 2nd part displays the capture of your web cam (its you doing nasty things).
Honestly, I am willing to forget all about you and allow you to continue with your life. And I am going to offer you two options that will make it happen. Those two choices to either ignore this letter, or just pay me $ 2250. Let us explore above 2 options in more detail.
Option 1 is to ignore this e mail. Let's see what is going to happen if you take this path. I will definately send your video recording to all of your contacts including members of your family, colleagues, etc. It doesn't protect you from the humiliation you and your family will face when friends discover your dirty details from me.
Option 2 is to send me $ 2250. We will name this my “confidentiality charges”. Let me tell you what happens if you pick this path. Your secret remains your secret. I will delete the video immediately. You continue on with your routine life like none of this ever happened.
Now you may be thinking, “I’ll just go to the cops”. Without a doubt, I have covered my steps in order that this message can't be tracked returning to me and it won't stay away from the evidence from destroying your lifetime. I'm not looking to dig a hole in your pocket. I am just looking to be compensated for time I placed into investigating you. Let's assume you decide to produce all of this vanish entirely and pay me my confidentiality fee. You will make the payment via Bitcoins (if you do not know this, type "how to buy bitcoins" on google)
Transfer Amount: $ 2250
Receiving Bitcoin Address: 1G*b9y7SmoFGXuPbUGVyMqFpMjf9A3Emg7W (You need to Delete * from this address and copy and paste it carefully)
Tell nobody what you will be transferring the bitcoin for or they possibly will not sell it to you. The method to acquire bitcoin usually takes a short time so do not put it off.
I've a special pixel in this e mail, and at this moment I know that you've read through this message. You have one day in order to make the payment. If I do not get the BitCoins, I will, no doubt send out your video to all of your contacts including members of your family, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I'll erase the recording immediately. It's a non-negotiable one time offer, thus please don't ruin my personal time and yours. The clock is ticking. Please note that, my malware will be recording the actions you take after you're done looking over this email. To be honest, If you google anything that you should not then I will have to share your sextape to your relatives, colleagues even before your time ends.
Email scams have been around since Nigerian Princes first learned how to type. A new and scary scam is making the rounds. The email subject line contains your phone number or perhaps even more creepy, an old password. The writer claims malware has been installed on your computer and your webcam has recorded you watching porn. The writer demands that you send bitcoin or s/he will reveal the deep dark secrets to your friends and family.
WHAT TO DO
Use a password manager like www.LastPass.com to update and maintain different passwords for the different websites you visit.
It is recommended that you use 2-step authentication when available. After you enter your password a code is sent to your device that you must enter as a second step to access your account.
HOW DID THEY GET YOUR PASSWORD
There have been a number of data breeches over the years from several large websites; LinkedIn, Yahoo, and eBay, for example. You can check whether your password is in one of these leaked databases over at the website Have I Been Pwned .
As Brian Krebs, a leading security journalist, writes , this scam is probably automated, meaning you haven't been specifically targeted:
"It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site."
The scammers seem to be using old passwords for now, but as the scam matures there will likely be data from newer breeches.
The FBI recommends you cover the lens of your laptop camera or turn off your webcam when not using it to prevent sex-based extortions.
And finally, never, ever, send money.