Recently, Krebs On Security released a story about a new sextortion scam that is hard to ignore. Why? Because the person trying to extort the recipient mentions previously hacked passwords as validation that the threat is real.
What is Sextortion?
In this case, a hacker has a list of hacked passwords and email addresses. They use this information to send an email to each person on their list stating that they've hacked your computer. They claim to have used your video camera to record you looking at porn. The hacker goes on to threaten to release the video to all of your contacts if you don't pay a ransom in the form of BitCoin. Scary, right?
The thing that makes this scam more effective than other scam emails is the fact that the hacker is using a real password that used to be associated with your email address. Here's the problem that led to this scam working so well... people use the same password on most of the websites they visit. It's a known fact that many people use the same password on multiple websites, and worse, those passwords are generally easy to break with brute force attacks. In other words, the passwords are too simple.
What Should You Do?
If you get an extortion email like this, our recommendation would be:
- Don't respond. Report the incident to your IT support team.
- Make sure your team has been trained how to handle scam emails. (Don't click any links embedded in these types of emails.)
- Use complex passwords and use different passwords for each site you have an account with.
If number three above sounds impossible, please read our recent blog post about a password manager called RoboForm. It will take care of all the heavy lifting for you.
And for the full story on the Krebs on Security website, click here.