Blackmail Scam Campaign

 

  • Have you received a scam email with your username and password?
  • The attacker probably took your password from a publicly available database of old leaked passwords and email addresses.
  • Here’s how to keep yourself safe.

 

There is a new scam campaign going around sending legit passwords to people asking for money asking or they will hack them/publish their browsing history on the social media!

  • The subject line includes a password that you probably have used at some point.
  • The sender says they have used that password to hack your computer, install malware, and record video of you through your webcam.
  • They say they will reveal your adult-website habits and send video of you to your contacts unless you send them bitcoin, usually $US1,200 or $US1,600 worth.

Here’s one example of these scam emails, sent in the past month:

 

 

Scam email

 

The email will look like as if it’s coming from your email address which is likely will pass through the spam filtering system (if you were using one).

This isn’t a good sign because it means that your email server is allowing emails coming from rouge accounts claiming it’s originating from your account.

But how did they get my password?

Most likely your password was included in one of the big leaks in the past few years – databases have been stolen from LinkedIn, Yahoo, and eBay, for example. You can check whether your password is in one of these leaked databases over at the website Have I Been Pwned.

Basically, the attackers don’t actually have video of you or access to your contacts, and they haven’t been able to install malicious code on your computer. In reality, they’re taking a password from a database that’s available online, sending it to you, and hoping you’re scared enough to believe their story and send them bitcoin.

Some scammers have even made over $US50,000 from the blackmail scheme, based on an analysis of bitcoin wallets.

How to avoid this issue?

Make sure not to use your business emails in signing up on unknown/bad reputation web sites.

Make sure you setup the correct SPF and test it before going live!

Leave a Reply

Your email address will not be published.