Blackmail scam going around
I recently received two different emails to two different email addresses with the following content. The threat is same in all cases except the email and passwords stated are unique to the recipient. In both cases the passwords were, in fact, actual passwords I sometimes used. But since I always use an email alias the address they claimed to have hacked was given as the alias which does not exist as an actual email account. The compromised passwords were only used on unimportant sites such as to post a comment to a forum or news article. All logins of any critical value each have strong and unique passwords. Basically I know I have no wories.
Actual hacking is involved to some extent given they had real passwords but only email alias used as part of logins to inconsenquential sites. No date of value there!
If you can, you should always use an email alias that is NOT used to log into your actual email account and never use the actual account's email for this very reason.
They are spoofing your email which is easy just by editing the reply-to to make it appear as if it came from your own email...chances are small it actually did. In each case the messages I received came from forged IP addresses, not from the IP of my mail server. Also note the reference to "my web cam"...I have no web cam on my desktop computer and I disable webcame in laptop in hardware settings. ( Do that...you can always enable it if you need it )
- Nothing in this should concern you unless...well you really have something to hide and they really did get into your accounts.
- Check your provider but don't send any money !
- Change your passwords!
- Use email alias only as your reply to email.
Consider a free, secure email account such as www.tutanota.com
Here is the text of the scam/blackmail threat. Don't fall for it.
Hello! I'm a member of an international hacker group. As you could probably have guessed, your account [your email] was hacked, I sent message you from it. Now I have access to you accounts! You still do not believe it? So, this is your password: [password] , right? Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we've gotten full damps of these data. We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know.. But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one... Transfer $700 to our Bitcoin wallet: 1DzM9y4f___qpZZCsv___x4HupbE5Q5r4y
( The bitcoun key was altered by me to make it unusable)
I guarantee that after that, we'll erase all your "data" :D A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.
An ounce of prevention folks.