Yet again there’s another scam doing the rounds and this one is a particularly nasty form of blackmail.
Most scams these days try to fool you into paying for something you don’t need. They’ll warn you that your machine is infected, or that you’re owing in taxes, etc. However, a few tactics resort to blackmail.
This particular scam uses two techniques to pressure you into paying.
The attack takes the form of an email – stating that they (the scammers) detected that you visited a site with adult content. Not only that, but they took over your webcam and took a video of you at the time as proof. Now, this scam has been around a while and has been enough to scare people into paying the ransom that the scammers are asking for.
If this wasn’t scary enough, they’re now using something else against you – your password. Yes, the email from the scammers will include your password – surely a sign that they hacked your computer and took over your webcam yes? No.
In fact, what’s happening here is the scammers are using emails and passwords that have been “harvested” by attacks on popular websites.
For example, back in 2012, Linked In, the popular business-related social media site, was hacked. The hackers stole the email addresses and passwords of approximately 6.5 million users!
And now these hacks are being used to blackmail all the email addresses they stole. And by putting your password in the email, it fools you into thinking they must’ve hacked your computer.
Cunning, eh? Nasty.
So, what can you do?
Well first off all, take a look at the site https://haveibeenpwned.com. Enter your email address and it’ll tell you if any of the sites you signed up for with that email address have been hacked. The results are pretty scary!
The next step is to change your password if you’ve used the same one on other sites. There’s no easy way around this – you’re going to have to log into each and every site to make a new password.
Only now – instead of using the same password on all sites – choose a different one for each site. This way if a site gets hacked, you’ll only need to update the password relating to that site – not every site as before.
There are tools out there to make this easier, such as 1Password and LastPass. They remember your passwords so that you don’t have to. They’ll also automatically generate new complex passwords, so you don’t have to think of a new one yourself.
I’ve used 1Password for years and love it. It works particularly well if you have a fingerprint/face recognition, as all you have to do is place your finger on the sensor to log into a website. No need to remember lots of different passwords!
Please don’t ignore this thinking it won’t happen to you. I can pretty much guarantee that if you try the website mentioned above it’ll show that your account details have been compromised at some point in the past.
Until next time – get changing those passwords and ignore these spam emails!