People are being victimized by a terrifying new email scam where attackers claim they stole your password and hacked your webcam while you were watching porn — here’s how to protect yourself
Posted by Technical Manager, Last modified by Technical Manager on 29 October 2018 12:01 PM
|There’s a new scam going around that would terrify most people if it ever landed in their inbox.
The emails are slightly different depending on who’s being attacked, but they all have a few similar features:
Here’s one example of these scam emails, sent in the past month:
The password was probably included in one of the big leaks in the past few years – databases have been stolen from LinkedIn, Yahoo, and eBay, for example. You can check whether your password is in one of these leaked databases over at the website Have I Been Pwned.
Some scammers have even made over $50,000 from the blackmail scheme, based on an analysis of bitcoin wallets, Bleeping Computer reported.
As Brian Krebs, a leading security journalist, writes, this scam is probably automated, meaning you haven’t been specifically targeted:
“It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.”
For now, the scammers seem to be using really old passwords – maybe one you haven’t used in years. But as the scam develops, there’s a good chance it may include credentials from a fresh breach, according to Krebs.
Other good ideas to keep yourself safe: use long and strong passwords, get a password manager to ensure each account has a unique password, and turn on two-factor authentication on your important accounts. The FBI also recommends you turn off or cover any web cameras when you’re not using them to prevent sex-based extortion schemes, even if this kind of scam ends up being a hollow threat.
And no matter what you do, don’t send bitcoin to the scammers.