Today, I received an alarming email to myself from myself that came with the subject line: Your Account Was Hacked!
This was a pretty good social engineering attempt and actually got me to open and read the email instead of just deleting it.
The “international group of hackers” who sent the email seemed to have collected an old password that is no longer active on my account. It said they hacked my email because I practiced bad security and went to porn and adult sites; and that they had all kinds of dirt on my web browsing, and the collected video captures from my camera that they’d share with my friends if I don't pay up.
So now the clock is ticking. I have 48 hours from the moment I first read the email to respond or they will send all my boring and mostly spam emails to all my friends and associates.
Sorry “international hacking group,” but I’m not falling for it and I'm not sending you that $700 you’re demanding.
First of all, I don’t go to porn sites because that’s just stupid.
Secondly, my office where my computer lives is boring. Maybe I don’t have makeup on in some of the pix but that would be the worst worry I’d have about them.
The truth is, anybody can fake your email address and make it look like it’s coming from you. So if you get a note like the one below, DON’T click any link and DON’T reply to them. They are trying to scare and coerce us. Don’t fall for it.
And read the fine print for variations that seem untrue about your online habits. Here’s the note they sent me verbatim (except I crossed out the old password they had):
Hello!
I'm a member of an international hacker group.
As you could probably have guessed, your account [email protected] was hacked, I sent message you from it.
Now I have access to you accounts! You still do not believe it? So, this is your password: ####, right?
Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.
We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...
Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y
I guarantee that after that, we'll erase all your "data" :D
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself.
My social media account has never been connected to my email address. I don’t go to porn or adult sites and I don’t have ‘weird’ tastes in those things (that I know of). I don’t use Messenger. And they had the wrong (albeit an old) password.
If I had the time and energy, I’d chase down that bitcoin wallet they want me to transfer the money to! (Maybe one of you brave readers will feel the urge to follow through, please do!)
The puzzle to me now is how they got that old password and from where??? So I’m going to change my passwords across all my accounts now just to be safe.
If you get an email like this that includes an old or even current password, do change your passwords like I am. Also don’t re-use old passwords. And do not share the same passwords with all of your accounts – because once the "international group of hackers" gets one password, they have access to all your accounts using that shared password.