Have you seen an email like this? It’s been making the rounds, but I just got my first one this morning:
Carissa Ayres to [my current email]
I am well aware [a very old password] one of your password. Lets get right to the purpose. There is no one who has compensated me to investigate about you. You do not know me and you’re probably wondering why you’re getting this e-mail?|You do not know me and you are probably thinking why you are getting this email? Not one person has compensated me to investigate about you.}
actually, i installed a malware on the adult video clips (pornography) site and you know what, you visited this website to experience fun (you know what i mean). While you were viewing video clips, your web browser initiated operating as a Remote Desktop with a key logger which provided me with access to your display screen and also cam. Just after that, my software collected your entire contacts from your Messenger, social networks, as well as e-mail . and then i created a double-screen video. 1st part displays the video you were viewing (you’ve got a nice taste rofl), and second part displays the view of your web camera, and it is you.
There are 2 choices. We are going to review each of these solutions in aspects:
1st solution is to just ignore this message. in such a case, i will send your recorded material to each one of your contacts and just consider regarding the shame you will get. Moreover if you are in a loving relationship, exactly how it would affect?
Number 2 choice should be to compensate me $3000. i will regard it as a donation. Subsequently, i most certainly will asap delete your video. You could go on with everyday life like this never happened and you would never hear back again from me.
You’ll make the payment via Bitcoin (if you do not know this, search ‘how to buy bitcoin’ in Google).
BTC address: 1Bt2G1wnvohfsqA6DS3vCgkdWKhcHHJv6q
[CaSe SeNSiTiVe, copy & paste it]
if you have been thinking of going to the cops, okay, this email can not be traced back to me. i have dealt with my moves. i am not attempting to ask you for a whole lot, i simply want to be paid for. You now have one day to pay. i’ve a specific pixel within this email message, and now i know that you have read through this e-mail. if i don’t receive the BitCoins, i definitely will send your video to all of your contacts including family members, colleagues, and many others. Having said that, if i do get paid, i’ll destroy the video right away. it is a nonnegotiable offer thus don’t waste mine time and yours by responding to this email. if you want to have proof, reply with Yea and i definitely will send your video recording to your 5 contacts.
Oh no! Scary, right?
First off, I know it’s a hoax, that’s pretty easy to spot. The broken English is one giveaway. The other clues:
- I don’t watch porn on my computer (yes, I realize a lot of people do, which is what makes this scam effective).
- My webcam is covered or unplugged when not in use.
- That password hasn’t been in use for almost 10 years, and I know EXACTLY where they got it — the Gawker breach back in 2010. This is why we don’t reuse passwords, and this is the breach that taught me that lesson.
It looks like what happened is that someone was skimming email/password combinations out of breach lists, and sending mass emails to everyone hoping to get a hit. All it would take would be a few people out of thousands (or hundreds of thousands) to bite, and they now have a nice little chunk of untraceable bitcoin.
What do you do if this happens to you? Just delete it. Is it a password you’re currently using? Start changing it now. Use a different password on every single site you use, and use a password manager to keep track of them. Use two-factor authentication whenever possible. Also… cover your webcam when not in use. You can call the FBI to investigate, though they probably can’t do much. And, if it makes you feel better, run a complete malware scan on your computer using a tool like Malwarebytes or HitmanPro. Make sure you have good (not free), up-to-date antivirus on your computer.
What do you NOT do? Don’t pay the ransom. Don’t reply to the email. Don’t click any links if there are any.
Our managed clients are covered on the antivirus side. We use a variant of HitmanPro (Sophos Intercept X) to protect your computers from any malware. In some cases, we use Webroot, which also has excellent virus prevention ability. If you’re concerned about your computer, give us a call at 970-639-0629.