Phishing scams are on the rise again! Phishing is a type of scam where hackers or cyber criminals send you an email that seems to be from a legitimate company. The email contains a link that directs you to a page that appears to be the company’s website.
A phisher’s ultimate goal is to trick you into entering sensitive information such as passwords or usernames. Today, phishers are working harder than ever to trick you.
Unfortunately for many people, phishers are taking things up a notch. Now, phishers are using your real passwords to get your attention!
Sextortion Emails; A New Twist on Phishing
In this new email scam, the sender claims to have installed a virus on your computer. This virus allegedly monitors your website traffic, accesses your webcam, and remotely records you watching explicit videos. The sender then demands that you pay a ransom to avoid having these videos leaked to your entire contact list.
This new type of scam email is known as sextortion. The FBI defines sextortion as being “a serious crime that occurs when someone threatens to distribute your private and sensitive material if you don’t provide them…money.”
Above is the “sextortion” email that owner and CEO Nick Bernfeld received. Initially he wasn’t too concerned about the threat because his computer doesn’t have a webcam. However, the email caught his attention because it contained one of his old passwords.
Besides being blackmailed and threatened, there’s more. What’s the worst part about this email? The sender uses one of your real passwords to increase the authenticity of their threat. Suddenly the threat seems much more credible because the sender presented you with a real password.
When you’re presented with one of your passwords, you’re more likely to comply with their demands and pay the ransom because you don’t know what other information then sender could have.
How’d They Get A Real Password?
Are you sitting there frantically wondering how they got your real password? Are you afraid they installed a virus? Don’t worry; the chances of the someone recording you through your webcam or accessing your computer are highly unlikely. Even though the sender has a real password, there’s a good chance that the password is old and not in use anymore.
In the deepest part of the internet, known as the Dark Web, there are “data dumps” where hackers and cyber criminals buy and sell usernames and passwords. These credentials were either stolen or leaked from some of the worst database breaches. Breaches like Equifax, Yahoo, and other big companies left millions of people vulnerable. Unfortunately, if you were a victim of a company breach, some of your old passwords may be floating around on the internet.
How Can You Protect Yourself?
Do Not Recycle Old Passwords
Are you one of those people that repeatedly uses the same few passwords? Do you use the same password but add different numbers or symbols to the end, for example: Password, Password1, Password2, and so on? If you’re guilty of this, stop immediately.
Use Unique Passwords For Every Account
Do not use the same password for multiple accounts. If a hacker gets that one password, they can access and control all your online accounts. Think of all the information or credit card numbers they’d obtain!
Use Two-Factor Authentication
Two-factor authentication gives your accounts an extra layer of security. Even if a hacker gets your password, they can’t get very far. Think of two-factor authentication as being your PIN number for your debit card. Without that PIN number, you can’t access your money.
The number one thing to remember is that if you receive a threatening blackmail or extortion email, you are not alone. After a quick internet search, there’s a very good chance you’ll see numerous articles describing this scam and others like it. Don’t be afraid or embarrassed to tell someone about the email.
If you have the slightest suspicion that your account could have been compromised, change your passwords immediately. The sooner you update your passwords, the less likely you are to be a victim. Remember, you should never click on any links in the email, download attachments, or enter your information. If you have any questions or you’re worried about your cyber security, contact us today!