Now, hackers have victimized many people through a new email scam where they said that can steal victims’ passwords and hacked its webcam while they are watching pron.
If you recently have received an email with one of your old passwords in the subject line and a request for bitcoin, don’t stay in the panic – it is a simply a new kind of scam used by crooks. Probably your old password was taken from a public database of old leaked passwords and email addresses, such as Linkedin 2016 data breach.
There’s a new scam going around that would terrify most people if it ever landed in their inbox.
The emails are different depending on who’s being attacked, but they all have a few similar features:
- The subject line includes a password that you probably have used at some point.
- The sender says they have used that password to hack your computer, install malware, and record video of you through your webcam.
- They say they will reveal your adult-website habits and send video of you to your contacts unless you send them bitcoin, usually $1,200 or $1,600 worth.
One of the suspicious emails this scam is presented below.
According to this publication, the person who sent the scam email said that after he has received the scam email, he spent an entire day changing all his passwords and buying a password manager to create new random passwords, and thus, improve your security.
He said he was pretty sure his password was included in one of the big leaks in the past few years — databases have been stolen from LinkedIn, Yahoo, and eBay, for example. You can check whether your password is in one of these leaked databases over at the website Have I Been Pwned.
Cybercriminals don’t are invading your computer, they are not able to install malware or malicious code on your computer. In fact, they are taking old passwords from a database that was leaked in the past and send a bitcoin address as a way to receive the victim’s payment.
Some scammers have even made over $50,000 from the blackmail scheme, based on an analysis of bitcoin wallets, Bleeping Computer reported.
According to Brian Krebs, a leading security journalist, writes, this scam can be part of an automated campaign, meaning you haven’t been specifically targeted:
“It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.”
To prevent that crooks stole your data, you need to make some tasks in order to keep yourself safe.
- Use long and strong passwords
- Get a password manager (e.g., KeePass), to ensure that each account has associated unique and random passwords.
- Turn on two-factor authentication (2FA) on your accounts.
- FBI recommends you turn off any web cameras in order to prevent sex-based extortion schemes.
Keep yourself safe
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.