So here’s the scam… Out of nowhere, you receive an email from someone you don’t know, and in their message they claim to know that you’ve been looking at porn online. They know this, they say, because they activated your web cam, they installed key-logging software on your device, and they’ve been monitoring all your online activity. They say that they are going to expose this activity on your social media accounts, thereby destroying your reputation and character. That’s not even the worse part… they seem to know one of your commonly used passwords. Right there at the top of the email message is your name and password, and then they describe your shameful behavior, before telling you that they will keep their mouth closed, if you’ll send hush money in Bitcoin to such and such address.
Have you seen this scam yet? If not…, you very well may soon, so you should know how to respond.
This blackmail scam is totally bogus, don’t fall for it! What gives this scam a ring of credibility is that they know your password… but which password is it, and how did they get it!? You may not know which account used that password, unless you tend to use the same password on many sites. Passwords are actually not that difficult for criminals to acquire. Yes, you should make your passwords unique and difficult to guess, but if your password is part of a password dump, then the complexity of your password doesn’t matter.
What is a ‘password dump?’ A password dump is when a hacker is able to get into the servers of a company where you have an online account, and the usernames and passwords stored on that server are acquired. Those usernames and passwords are then bought, sold, and exposed on the dark web for other hackers and criminals to use. A password dump is totally out of your control. We trust the companies that we do business with to keep this information safe and secure, but clearly, it doesn’t always work.
This is where this blackmail scam emerges. A criminal gets ahold of your name, email address, and your password (for whichever account was compromised). The criminal then sends you an email, stating your name, and listing the one password he or she knows, hoping that displaying this information combined with some nasty threats about ruining your character that this will be enough to frighten you into swift action. By the way, any email that puts a short timer on your response is always a HUGE red flag! They don’t want you to have enough time to calm down and figure out the scam, they want the initial panic to carry you through the action of sending the money.
So, what do I do if I get one of these email messages? Stay calm. Delete the message and live your life. Look through your little black book of passwords to see which online accounts use the password exposed in the email. Visit those sites and reset your password for that account to something different. You can initiate that process on most sites by clicking Sign In, but then instead of signing in, click Forgot Password, and that will walk you through the process. Don’t forget to write down your new password in your little black book. Do that for each site that used that exposed password.
That’s it. Stay calm, and carry on! :O)