New Scam...Don't Be Fooled!

There is a new scam on the Web that very effectively scares users and attempts to extort them. But this scam has no teeth.

Typically a user will have been on a porn site and subsequently they receive an email showing your password (and the fact that the password is correct is what really scares folks) and saying that while you were on the porn site all of your contacts were downloaded. The scammer threatens to send a split screen video of your face from your webcam along with the video you were watching to many of your contacts. Generally they want you to send a ransom to a particular address to keep them from doing that.

By all accounts the ransomer doesn’t have the goods to follow through on their threat. The scammer has your password from a previous large break-in to company or Web site. (There have been a shocking number of these reported in the press over the last number of years.)

So, if you are confronted by this scam, all that you need do is make sure that all of your passwords are updated, and you should be fine to then ignore this scam. There is no malware on your computer and nothing is going to be sent to your friends/contacts.

See:
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

The nice thing about using unique credentials (email and password) for every single site and service you deal with is that you always know exactly what has been breached but can also be quite certain that everything else is unaffected.

A few years ago, when I started receiving spam to kickstarter.com@mydomain.com I knew immediately that Kickstarter had been hacked long before they went public and acknowledged it (I had already closed that account a while back). Good thing is I just added that address to my mail server’s black list, discarded the single-use password associated with that account, and went on with my day. :slight_smile:

FWIW, I got one of these emails, but the thing is, not only have I never been to a porn site, the password it claimed was mine wasn’t anything like any password I’ve ever used, nor was it anything like a password that would have been generated by Safari or 1Password. I ignored it. Nothing happened.

I just got one but it didn’t show a password just threatened to brick my computer if I don’t send them 500 bitcoins. Since I don’t visit those kind of sites and it was sent to an address I rarely use, I marked it as spam and ignored the whole thing.

Mike

They are out of luck if they send me such an email because I have absolutely no idea how bitcoins work. Sometimes, ignorance is bliss.

NOBODY EVER visits porn sites. Just ask anyone. It’s amazing how many people don’t visit porn sites… it makes you wonder how they stay in business. :stuck_out_tongue_closed_eyes: