Extortion scammers have found a new hook to bait Internet users: old passwords.
“These sorts of online extortion schemes — which try to guilt people into paying off hackers claiming to have compromising information — are nothing new,” writes J. D. Biersdorfer in The New York Times. “But a new wave of messages that began popping up in mid-July has stepped up the ploy by showing passwords in the subject headers as attention-grabbing ‘proof’ that someone has deeply burrowed into your computer and has your personal information.”
The perpetrators claim to have hacked into a webcam to obtain incriminating video of the victim. Scammers threaten to share the video and stolen passwords with a victim’s contacts unless a hefty payment is made in Bitcoin.
Thomas Brewster in Forbes writes, “The perpetrators of this particular deception have simply collected passwords from previous data breach leaks. Nevertheless, they’re duping enough people, making more than 30 Bitcoin in a matter of weeks, according to a cybersecurity expert who has been tracking the attacks.”
The stolen password lure makes this scam particularly tricky, tech writers note.
Jeff Parsons writing for The Mirror UK reports, “Where this particular scam gets a bit scary is that often the password quoted at the top of the email can be a legitimate password that the victim has used in the past.”
Parsons offers the following advice:
Scammers will try to rush you and pressure you to make a hasty decision to pay them. Authorities recommend you don’t pay, because it only encourages them and may make you more vulnerable to other attacks.
Change your password immediately. Be sure to use separate passwords for each online account and that you use strong passwords or passphrases. Enable Two-Factor Authentication (2FA) wherever available.
Do not communicate with the scammers.
Keep your technology updated with the latest anti-virus software and operating systems.
Cover your webcam or turn it off when not in use.
Parsons adds that the scammers only need a fraction of intended victims to react. “If you receive an email like this, it's best to ignore it. And most people will, but that doesn’t mean the scammers aren’t making a lot of money out of the sizable minority who panic and pay.”