An email has been addressed to you with your password inside. It says if you don’t pay, a dirty video will be released. Is this real, or is there something else going on?
It arrives without warning, just like all other greetings. Not the same piece of spam you expected, nor is it a bill. This is something different.
It starts rather directly, reading as:
Lets get straight to the point. You do not know anything about me whereas I know a lot about you and you must be thinking why are you getting this email, correct?
It can seem daunting: an email directed to you, with one of your passwords staring at you blank in the face. It’s there in the subject line, and it’s there just before that introductory paragraph.
One of your passwords has fallen into the hands of someone you don’t know, someone you’ve never met, and yet someone who has reached out to tell you that they not only have your password, but something else lurid that could get you in hot water.
It is just your misfortune that I go to know about your bad deeds. Later I invested in more days than I probably should have looking into your data and generated a double screen sextape.
We all have secrets, and we all have things we’re not necessarily proud of. For some of us, what we surf and what we visit in the privacy of our homes may be a part of that.
Mix that with being unsure about modern technology and its ability to capture what we’re doing at all times, and you have a combination that can be easily taken advantage of.
Unfortunately, that’s precisely what this latest scam takes advantage of, and makes everyone who doesn’t understand security a potential target, even some who feel they might. That means anyone could be in the firing line of this scam, which is being labelled a sextortion email scam due to its propensity for extorting based on the threat of a pornographic video. Your pornographic video.
How does this new scam work?
You get an email with your password addressed to your email address, and even though it’s a little ambiguous about names and other identifying information, the password is a clear message: you’ve been found.
But that’s not really what’s going on.
There’s a good chance at least one of the many services you’re using online has been hacked in the past, and you’ll know it because you’d have been asked to reset or change your password. Generally, when a company or service asks you to do this, there’s a good reason, and that good reason is security.
When this has happened, hopefully you’ve followed its advice and done just that: changing the password to something slightly different, so as to avoid any repercussions.
If you didn’t, you’re opening yourself up to potential problems later down the track, but this scam doesn’t care if you did or didn’t change passwords. It cares that it has one of your passwords, old or otherwise.
In fact, it has one of your passwords because the world has your password from one of those hacked services. Passwords that have been broken free from what should be otherwise secure systems are often left in the lost and found of the internet, systems that basically provide text files on offer to the world, so that anyone can go in and see what has been provided.
On the one hand, this can make for some frustrating security concerns, but on the other, it also means you can look to see whether your account has been hacked and what passwords were tied to it, so it might be regarded as helpful. Frustrating, yet helpful.
This information storage system means that anyone can come along and check your data, grabbing it and turning it into something else, such as an email made to convince you that hackers have your password and are unleashing a fictional video of yourself doing some naughty to the world.
Is there any risk?
It’s doubtful that there’s much risk at all, as the payload from the sextortion email scam is built from fear, not from anything viral.
With a password of yours highlighted at the top, the payload is that you’ll be too afraid to even question the email and subsequently pay the ransom, which is set in Bitcoin.
But question it you should, though not with a response. Look at the password and investigate whether it’s an old password of yours, and whether the email is authentic or not.
As of July 2018, this type of email scam is very common, making its way to anyone who has had their password details dumped on one of these systems, meaning if you get one of these emails, you are not alone. It’s happening across the web to millions of individuals. If it works with just a handful of people, it will have made the cyber criminals money.
That makes it important to ignore, to delete and move on, not giving this form of scammer and their ransom the time of day.
How do you defend against password scams like this?
As long as there’s money to be made, there will be scammers trying to make money off everything they can get away with, which means password scams like this aren’t likely to go away anytime soon.
One is to keep your passwords strong and individual. If something like this happens again and you’re using a unique password, it will be easy to work out just how fictional it all is, helping you to delete the fabrication even faster.
Another is to always ensure you have some form of security in your life. Whether it’s an internet security solution on your computer, your phone, your network, or something else, security solutions can help protect you from prying eyes or other situations where external forces might be trying to break into your devices. Likewise, they can alert you to any service hacks you might have a connection to, helping you to change passwords as and when you need to.
And as always, use common sense. The internet is filled with people who want to take advantage of you, much like life in general. It can be particularly daunting to always stay on guard, but it’s important to question emails from people you don’t know, especially those written in a rather ambiguous way.
Scams like the 2018 sextortion emails won’t be the last time we see this technique used, and criminals will always look for new ways to relieve you of money, particularly if there’s little effort involved.
In this scam, the threat is of a pornographic video filmed of you in secret, and baited because they know your password, but there are great reasons why they have the password in the first place, making it unlikely the criminal is telling the truth. However, if you’re at all concerned, consider blocking up your the camera on your phone, tablet, laptop, or computer, as that will restrict any would-be hacker from filming you in the first place.
And always use common sense, because fear has the capability to override that in a flash.