This morning I awoke to find an email from a digital blackmailer. This email shows one of my commonly used login email accounts plus one of my more commonly used password. Yikes! My password information has been leaked from somewhere!
I’ve received several email just like this over recent weeks.
Each time it shows my same old password “F1nkpad1967”. Years ago, this was one of my commonly used passwords for non-critical websites: gaming sites, generic membership sites, etc. This was a password I’ve used over many years. I’m sure there are still old sites out there that use this password.
Of course, the first time you read it the reaction is
“Holy Shitballs I’ve been hacked!”
After reading, rereading, worrying, drinking a coffee, preventing myself from jumping up and down and panicking — what should you do if you get one of these emails?
Special Offer for all NICKLITTEN Punters
20% Off with Coupon: NICKLITTEN
In Partnership with SNUG CBD - American readers get 20% off
CBD helps with relaxation, focus and great for pain relief. I highly recommend the SNUG CBD Tincture to help keep you in the zone when programming!
Lets review the actual text of this email from the most charming (obviously totally fake email address) of Catriona Gomes <email@example.com>:</firstname.lastname@example.org>
I do know F1nkpad1967 one of your pass. Lets get directly to point. No-one has compensated me to investigate about you. You may not know me and you are probably thinking why you're getting this e-mail? in fact, i installed a software on the xxx video clips (porno) web-site and guess what, you visited this site to have fun (you know what i mean). While you were watching videos, your web browser started out functioning as a RDP having a keylogger which gave me accessibility to your screen and webcam. immediately after that, my software program gathered every one of your contacts from your Messenger, Facebook, as well as e-mail . after that i made a double-screen video. First part shows the video you were watching (you've got a nice taste haha . . .), and 2nd part shows the view of your web cam, & it is u. You got a pair of alternatives. We are going to analyze these types of choices in particulars: 1st solution is to disregard this e-mail. in this situation, i will send your recorded material to each one of your personal contacts and also just think about the embarrassment you can get. Keep in mind in case you are in an important relationship, exactly how it will eventually affect? Latter solution should be to give me USD 804. We will describe it as a donation. in this scenario, i most certainly will instantly erase your videotape. You can go forward your way of life like this never took place and you never will hear back again from me. You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google search engine). BTC address: 15iE58FGBWm32WtyDY9DSCuMF6Aq1qehHB
[case sensitive copy & paste it]
Should you are curious about going to the law enforcement officials, okay, this message cannot be traced back to me. I have taken care of my steps. i am also not looking to charge you so much, i would like to be compensated. i’ve a special pixel within this e-mail, and at this moment i know that you have read through this mail. You have one day to make the payment. if i do not receive the BitCoins, i will definately send your video to all of your contacts including family members, co-workers, and so on. Nevertheless, if i receive the payment, i’ll destroy the video right away. if you want to have proof, reply Yup! & i will certainly send out your video recording to your 14 friends. This is the nonnegotiable offer, and so please don’t waste mine time & yours by responding to this mail.
How to spot a Digital Blackmailer
So, apart from the fact that they are highlighting one of my real passwords everything else in this email is vague and incorrect.
- I don’t visit porno websites so that was my first warning bell
- I have multi-layered anti-malware and security on all my devices so the keylogger claim was another warning bell
- They want payment in bitCoin so its untraceable and cannot be reported and refunded
- Threats to report to the Police and implication that this digital bad guy is spying on your right now
- and last, but not least, the threat to tell my 14 friends was a warning bell. I don’t have that many friends 🙂
The vague and oppressive threats are probably very scary if you are not particularly digitally savvy.
So, all things considered, this email is obviously a scam from a nefarious digital blackmailer.
I suspect there has been a data breach from some online source and my old email/password has been circulated to this particular group of blackmailers. Along with several million other peoples account information.
But No My Hacker I will not be paying you bitcoins.
Bunch of digital silly billies.
Has your account or password been leaked?
Is that why you are here?
So, even though it doesn’t particularly worry me I took the opportunity to scan through my password vault and go around updating old websites that I thought may have used this password. I even changed my passwords on all my important accounts even when they don’t vaguely look like this leaked one.
Luckily for me, I have pretty strict password control and now use online password managers to control, store and regularly change all my passwords. So the password process is easy.
First though, lets take a few steps
- Update your anti-Malware software – I use Bitdefender on my Windows machines.
- Clear all your browser caches – I use CC-Cleaner for this.
- Check your installed software and un-install any programs that you don’t recognize – just in case 🙂
- Run a full and detailed virus scan of you machine…. drink lots of cups of tea while it is running.
- Update your operating system (Windows, Linux, Apple) to apply any/all software patches
- Run a full scan again 🙂
- Install Lastpass (or your own password manager of choice) and go and do the Lastpass healthcheck
One of the best things about a password manager is that it will scan for email and password breaches. Then if anything apears that is even vaguely like the leaked password, you can go and update the passwords on those sites.
Use a password that is long, meaningless and let the password manager store it for you.
Don’t use names, dates, towns or anything that a hacking algorithm could guess by repeatedly trying over and over and over…
Sometimes, an email from the bad guys is a positive thing.
It’s a nudge to keep your on-line personality safe: Regular on-line health checks are a vital peace of digital housekeeping.
And (shhhh) it’s a reminder to reduce your consumption of online porn 🙂