Recently a relative of mine got a concerning email. They called me immediately to ask about it. I have seen this particular scam several times, and thought I had already written about it, but I did a search and came up empty! So apparently I have not written this up yet.
The email plays on your worst fears, and uses a little bit of truth in order to illicit a response. The email states….
I am aware, ******** (Here is where it lists a password you have actually used, we’ll get to how they got it in a minute), is your password.
I require your 100% attention for the upcoming 24 hrs, or I will make sure you that you live out of embarrassment for the rest of your lifetime.
Hey, you don’t know me. But I know just about everything about you. Your personal fb contact list, mobile phone contacts plus all the digital activity on your computer from past 176 days.
Consisting of, your self pleasure video, which brings me to the primary reason why I ‘m writing this email to you.
Well the last time you went to the porn websites, my spyware was triggered inside your personal computer which ended up saving a lovely video footage of your masturbation play by triggering your webcam.
(you got a tremendously odd taste by the way haha)
I have got the whole recording. Just in case you think I ‘m playing around, just reply proof and I will be forwarding the particular recording randomly to 3 people you recognize.
It might be your friends, co workers, boss, parents (I’m not sure! My software program will randomly choose the contact details).
Will you be capable to gaze into anyone’s eyes again after it? I doubt it…
Nonetheless, it does not have to be that path.
I want to make you a one time, no negotiable offer.
Purchase $ 2000 in bitcoin and send them on the below address:
(If you do not know how, google how to purchase bitcoin. Do not waste my important time)
If you send this ‘donation’ (we will call it that?). Immediately after that, I will vanish and under no circumstances make contact with you again. I will eliminate everything I’ve got concerning you. You may very well carry on living your current regular day to day lifestyle with no fear.
You have 24 hours to do so. Your time begins as soon you go through this e mail. I have an special code that will alert me once you see this e mail therefore don’t try to act smart.
The teeny bit of truth the email uses to scare you is that they show you a password you have absolutely used in the past. It may even be a current password that you use on a regular basis! The email is frightening because it has that little bit of information you thought was private, which gives credibility to the scam.
I assure you though, the email is fake and the only thing they do have is your username and password to a service that was previously compromised. Several online services over the years have faced security breaches. You may recall a few of them like Equifax and Target.
When these breaches occur sometimes user information like email address and password get distributed on the dark web for attackers like our email friend above to utilize. You can check your email address for previous security breaches by visiting https://haveibeenpwnd.com.
The site will list all of the services you use that have been compromised. You will likely be surprised at how many there actually are.
How can I protect myself?
Obviously, these people already have your login information to that particular service. So you definitely need to change your password there. For example, if your MyFitnessPal account has been compromised, change that password.
Where people get into big trouble is when they use the same password for multiple online services. If you are using that same password for your banking or email account, you DEFINITELY need to change it! Best practices would be to have a different password for every service you log into. I know it’s hard to keep track of THAT MANY passwords. I use a password manager like Dashlane or Lastpass to keep track of my passwords for me.
Another way you can protect yourself is to enable 2FA (2 factor authentication) on all of your accounts that allow for it. This will make sure that if someone tries to login to a service as you, they will also need a code from your phone to actually gain access. If the service sends you a text, you will also be notified that someone is trying to login as you.
2FA can save you a lot of trouble, and it is highly recommended to enable it everywhere. Yes, it’s a bit of a pain to have to pull up an authentication app or wait for a text, but a small bit of inconvenience is worth it when it saves you from an attack.
Back to the email at hand though, go ahead and ignore the email, delete the message, and if you use the password that was included in the email on ANY services, make sure you change those passwords right away.