July 12, 2018

They DO NOT Have Your Password

That Password They Have is Most Likely an Old One;
They STILL Are NOT Watching You Through Your Webcam





Not too long ago, we discussed the latest e-mail scam, in which they claim to be recording you through your webcam.  Well, the scammers have upped their threats, and you may be the recipient of multiple e-mails threatening to release illicit videos if you do not pay a ransom.  And these latest e-mails have a twist: they include your password! But not to worry; they are NOT legit.

When you see the password they include, you will most likely panic, as you will recognize the password as one you have used.  But most likely, it is not a current password. In my case, the e-mail included one of the earliest passwords I used on the Internet, and one I haven't used much in over a decade.

Having used Roboform for eons, I opened it and did a search to see where that ages old password they had might still be active. I found it had been my password for lycos, zappos, altavista, and treeloot. With the exception of Zappos, are any of those sites around still? AND the password they got was a mere 6 characters...does anyone require less than 8 any more?

But the fact they got a password I once used was enough to get my attention, despite the fact I had already published an article on the earlier version of this scam, in which I commented that I had NEVER removed the tape off of the webcam on my current PC.

If you have used the Internet at all, chances are you've been involved in a password breach, and chances are, that data is floating around the Dark Web.  These particular Bad Guys bought a list and are using it to phish.  

When that breach occurred, the site most likely forced password resets on all accounts.  In other words, the site that was breached deleted all current user passwords so that the Bad Guys could NOT use them to hack into that account. After looking through my password manager, I think this password may have come from the Zappos breach. I've really only made about a half dozen purchases from them over the last decade, and none in recent years. The last time I shopped there, I had to reset my password in order to log in. It is one of the few sites I had only 2 passwords for EVER, and one of those passwords was in my ransom e-mail.

I am cutting/pasting the e-mail below, with the password info redacted.  In my case, it was supposedly sent by Reinwald Poole [qzlmabellefo@outlook.com].
I do know, [redacted], is your password. You do not know me and you're probably thinking why you are getting this mail, correct? 
In fact, I actually placed a malware on the adult video clips (porn material) web-site and do you know what, you visited this website to experience fun (you know what I mean).
While you were watching video clips, your browser initiated working as a RDP (Remote Desktop) with a key logger which provided me with access to your display screen and also cam. Right after that, my software collected your complete contacts from your Messenger, Facebook, and email. 
What did I do?
I created a double-screen video. 1st part shows the video you were watching (you've got a nice taste omg), and second part shows the recording of your web cam. 
What should you do?
Well, I believe, $2900 is a fair price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google). 
BTC Address: 13Pqu5UWBZ4Nn5FomzaZSk9vpUhbBg89oV(It is cAsE sensitive, so copy and paste it)
Note:You now have one day to make the payment. (I've a special pixel within this message, and now I know that you have read through this e-mail). If I don't receive the BitCoins, I definitely will send your video recording to all of your contacts including members of your family, co-workers, and many others. Having said that, if I do get paid, I'll destroy the video immidiately. [sic] If you really want evidence, reply with "Yes!" and I will certainly send your video to your 7 contacts. This is the non-negotiable offer, therefore please don't waste my time and yours by responding to this mail.

Like with the earlier scam, there is NO tracking pixel in the e-mail. There are some nonsense quotes hidden in the message source, but nothing that can actually track whether you receive or open this e-mail.  You just need to junk it and move on with your life. DO NOT reply or take the threats seriously.

Now, if you receive a follow up e-mail that says "You ignored my last message, so now the price goes up," you can ignore that too.  Even if you are naive enough to respond and pay, you will STILL get follow-up e-mails. In fact, if you make the mistake of replying, then you will receive a barrage of e-mails demanding payment for a slew of non-existent offenses.

IF the password contained in the threatening e-mail is one you still use anywhere at all, well change it wherever you use it. As these attacks increase, the scammers may come upon a more recent database.  The less lazy ones may mine sites like spokeo so they can include more identifying information to convince you their threats are real.

I expect the threats to ramp up after I publish this.  I expect them to try to break into my lycos account, if that is even possible to do in 2018.   I expect them to try to use that old six character password wherever they can, but they will find it no longer works.

Perhaps the lesson to learn from this scam is if a bad guy claims to have a password you are currently using anywhere, it is time to retire that password for good. 


No comments:

Post a Comment

Thank you for contributing to the discussion! Your feedback is valued! (Unless you are a sunglasses or work at home spammer, in which case, your comment will be promptly deleted. :D) The Mods are reviewing it, to keep those types away! ;)