New 'Sextortion' Ransomware Uses Your Password to Appear Legit
This new ransomware scam is very convincing so beware of this lurking in your inbox
A new internet scam is tricking internet users by providing their password in plain text via email.
The scam is designed to make the email look legitimate, but the passwords in the emails are actually from old hacks that date back over 10 years.
In the email, the hacker falsely claims that he or she has captured your passwords, and footage from your webcam. The email claims that this was achieved by installing malware on a porn site that you’ve visited.
It them demands a ransom payment in exchange for deleting the supposed web cam footage.
Sextortion hacks sometimes involve people being forced to ‘perform’ on camera, and then being blackmailed with the actual footage. This is called webcam blackmail.
In the case of this email, no real footage exists, but the twist -- including a real password -- is designed to make it look like the malware has captured your password as you typed it in.
Password Hygiene is Crucial
If you don’t regularly change your passwords, you could be vulnerable to your online accounts being hacked or compromised. Most of us have old accounts that we no longer use. (How long is it since you used MySpace? Would you even notice if someone broke into your account?)
And if you’ve had the same email address for a while, there’s a good chance that it’s linked to passwords you’ve used in the past via an old data breach. Unless you’ve actively checked using a site like You’ve Been Pwned, you may not know that your passwords are out there in the wild.
This sextortion email also proves why it’s important to change passwords regularly. If you get an email like this containing a password that’s 10 years old, you’d immediately know it was fake. But if it contained a real password that you still use, you could be forgiven for panicking and being hoodwinked for the cash.
How to Deal With Sextortion Emails
If you’ve received an email with a fake sextortion claim like this, the first thing you should do is delete it. Do not click on any links or reply to the email it came from.
Then, you should undertake a thorough assessment of your online accounts -- ones you use, and ones you no longer need.
Under the GDPR, EU residents have a right to have their data removed from any website. You just have to ask. In some cases, you may be able to log in and request account deletion, which could be quicker.
For accounts you still use, it’s wise to change the passwords regularly, and use a password manager to generate a unique password for each site.
Finally, TechCrunch points out that it’s a good idea to cover your webcam with a physical object, like a sticker or sliding plastic ‘lens cap’. This might sound like overkill, but it’s sensible. Mark Zuckerberg and James Comey do it because they believe there’s a risk to security, and it doesn’t hurt to be cautious.