There is a new email extortion phish on the rise. This new scheme involves the attacker scraping the internet for lists of compromised email address and passwords. They then are sending out a scripted email that claims that the attacker has a compromising video of you and your computer activity. They also list a password that they have obtained that is associated with the email address. The attacker then says they will send the video they have to your friends and family if you do not pay them a not insignificant amount of money via BitCoin.
This type of extortion scam is nothing new, however, the inclusion of a utilized password can make it seem more legitimate than an email with threats and no proof.
The best way to guard against these extortion scams is to :
- Use a password manager like 1Password or LastPass.
- Use an Antivirus software like BitDefender or ESET (heck even windows defender)
- Never re-use passwords on other sites
- Change your password when compromises are anounced
- Check haveibeenpwned.com This site is ran by Troy Hunt, a security researcher who maintains databases of breaches and the info in them. He provides this as a free service for users to find out if they are compromised.
- Never open email attachments from people you do not know, even if you do know them call them or send them a text to verify
- Use a web cam cover on webcams not in use or turn them off
If you think that some one has personal information on you and is extorting you and you and you are in the USA then you can always contact 1-800-CALL-FBI.
I got some stuff from here – https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
Hard Cyber 