Getting an extortion email with one of your confidential passwords in the subject line is cause for immediate, overwhelming terror.
Coming seemingly out of the blue, and threatening to release an alleged sensitive video recorded using your webcam unless you pay this would-be hacker an exorbitant sum in Bitcoin is enough to make any normal person panic.
If you’ve received an email with the subject line “I know [password] is one of your password on day of hack.. Lets get directly to the point,” then stay calm, read on, and most importantly, don’t pay the scammer what he wants.
This email is the latest in the long string of developing internet scams, extortions and phishing attempts, and it’s designed to do one thing: scare you into paying the sum.
I received mine last night, and it sent shivers down my spine when I initially opened it.
The hacker begins with one of your confidential passwords, the hacker says he installed malware on your computer, and hacked your webcam during your most intimate moments.
“in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.”
The hacker continues.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
Best solution would be to pay me $1099.
This is among the more malicious forms of extortion scams online.
But how do they do it, and what do you do next?
How do internet hackers get your password in the first place?
Hacks for private data aren’t uncommon; in fact they happen surprisingly frequently. About once a week, a large company gets hacked – resulting in the leaking of hundreds of thousands of private accounts and data.
The hacker says they obtained your information from a virus he installed on an (alledged) adult site you went to. In reality it’s much more likely that they simply purchased your data from the dark web.
Yes, this actually happens. Following data breaches (and we only tend to hear about the high-profile ones like Spotify or Uber), large lists of account information (usernames, passwords, email addresses) end up on the dark web, to be sold to the highest bidder.
People who purchase these lists of information use the email address and password combination they have from your account on the website to send you extortion emails like this one, in the hopes of making someone panic and pay the ransom.
So what threat does this pose?
The reality, not a great deal.
In situations like this, the hacker is preying on the fear of normal people, and abusing the sense of privacy and safety we feel we have on the internet. His threats seem very real, but the reality is they’re most likely hollow.
While not technically impossible that the hacker has gained access to your computer, that’s some pretty high level hacking for someone who can barely string a coherent sentence together. More likely, he’s simply trying to make you believe that by having access to one account online, he can gain access to more, and even to your computer.
In all likelihood, the supposed webcam video does not exist, he does not have access to your computer, and he does not have access to your private information.
We can’t stress this enough, it is highly unlikely.
What to do next
While I believe this to be an empty threat, and the existence of no such video exists, a level of caution is warranted in this situation. There are steps you should take upon receiving this email to protect yourself against further action, and in the worst case scenario, limit the damage.
Scan
The first, most immediate step is to run full security scans on any and all of your devices. Premium antivirus software is definitely better in this situation, although Windows Security will do the trick in its absence.
If you’re looking for reputable, secure antivirus software options, check out our article on the 5 BEST Antivirus Software for PC.
This is to check for malware or viruses, and ensure the hacker doesn’t have a foothold in your computer.
These security scans need to extend to your phone too. Consumers don’t consider that smartphones are vulnerable to hacks just like computers, but they should. Do a full virus sweep using your smartphone’s native antivirus software, or if you don’t have one, we recommend Avast Antivirus (available on the Play and App store).
Secure
The second key step is to lock down your important accounts by changing all passwords immediately, and enabling 2-factor authentication where possible.
For me, the most important accounts to secure were
- Microsoft
- Twitter (@oskarhowell)
- Spotify
- Uber
- Anything else with credit card/sensitive information
Again, while it is highly unlikely the hacker has access to any of these, it is in your best interests to ensure your accounts are secure. Think of it like a spring clean for your internet security!
Stay Vigilant
It’s something we’re all guilty of, but using one password across multiple accounts is a recipe for disaster. It can mean a massive data breach on multiple websites, or for the particularly-savvy hackers, access to your credit card information (depending on what sites you’ve given your credit card information to).
While it’s impossible to create and remember unique passwords for every account on the internet, it is important to mix it up for the important ones, and the accounts that have particularly sensitive private information.
I recommend using a service like Google Password Manager to check the list of websites you’ve signed up to. It will tell you where you’ve used the same password twice (or in some cases, 95 times) as well as similar or weak passwords.
Use a service like Google Passwords Manager, LastPass or Dashlane to manage your passwords in the future, and try not to double-up on the important websites.
Don’t fret
The reality is that these scams remain incredibly common, while genuine attacks remain exceedingly rare. In the unlikely event the hacker has accessed your computer, and the hacker has installed malware, and the hacker has recorded sensitive webcam footage, then the reality is the extortion will never stop, especially if you pay the ransom.
Holding you at a digital knifepoint is what gives the hacker power, and there are many cases of unlucky victims paying the ransom only to have the video leaked to their family and friends anyway.
The greater message is if it’s going to happen, it’s going to happen, and paying out isn’t going to stop it.
How to avoid this in the future
The most important step is to ensure you stick to reputable sites while browsing the internet. While data breaches are somewhat inevitable wherever you go, the bigger websites will be doing more to actively protect your data, keeping it further out of the reach of potential hackers.
Conducting frequent antivirus/security checks on your devices can also minimise the chances of any virus or malware finding a footing in your computer.
As we mentioned in our last article on the topic, a very simple yet brutally effective solution is to put tape over your computer’s front-facing webcam, removing any ability to record video unless you want to.
Remember: This is a scam. So do not pay the ransom. Change your passwords and run a full scan of your Antivirus software.
After doing all that, don’t panic.
Full scam email I received on 30/07/20:
Lets get directly to the point.
Not one person has paid me to check about you.
You do not know me and you’re probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
Best solution would be to pay me $1099.
We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.
My -BTC -address:
[case SeNSiTiVe, copy & paste it]
You could go on your life like this never happened and you will not ever hear back again from me.
You’ll make the payment via Bitcoin (if you do not know this, search ‘how to buy bitcoin’ in Google).
if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it’s hacked too.
I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.
if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.
Nevertheless, if i do get paid, i will destroy the recording immediately.
If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.
it’s a nonnegotiable offer and thus please don’t waste mine time & yours by replying to this message.