There's a new scam going around that would terrify most people if it ever landed in their inbox
The emails are slightly different depending on who’s being attacked, but they all have a few similar features:
The subject line includes a password that you probably have used at some point.
The sender says they have used that password to hack your computer, install malware, and record video of you through your webcam.
They say they will reveal your adult-website habits and send video of you to your contacts unless you send them bitcoin, usually £1,200 or £1,600 worth.
Basically, the attackers don’t actually have video of you or access to your contacts, and they haven’t been able to install malicious code on your computer. In reality, they’re taking a password from a database that’s available online, sending it to you, and hoping you’re scared enough to believe their story and send them bitcoin.
What makes the email especially alarming is that, to prove their authenticity, they begin the emails showing you a password you once used or currently use.
Again, this still doesn’t mean you’ve been hacked. The scammers in this case likely matched up a database of emails and stolen passwords and sent this scam out to potentially millions of people, hoping that enough of them would be worried enough and pay out that the scam would become profitable.
Here are some quick answers to the questions many people ask after receiving these emails.
They have my password! How did they get my password?
Unfortunately, in the modern age, data breaches are common and massive sets of passwords make their way to the criminal corners of the Internet. If the password emailed to you is one that you still use, in any context whatsoever, STOP USING IT and change it NOW!
Should I respond to the email?
Absolutely not. With this type of scam, the perpetrator relies on the likelihood that a small number of people will respond out of a batch of potentially millions. Once they get a response—and a conversation is initiated—they will likely move into a more advanced stage of the scam. It’s better to not respond at all.
So, I shouldn’t pay the ransom?
You should not pay the ransom. If you pay the ransom, you’re not only losing money but you’re encouraging the scammers to continue phishing other people. If you do pay, then the scammers may also use that as a pressure point to continue to blackmail you, knowing that you’re are susceptible.