24 Oct 2018

Is Your Password Really Compromised

Have you gotten an email that looks similar to the one shown below?  It can be a bit scary.

I know ******** is one of your passwords.  Lets get right to purpose. You may not know me and you’re probably thinking why you are getting this e mail? No-one has compensated me to check about you.  I actually setup a software on the X videos (adult porn) website and there’s more, you visited this web site to have fun (you know what I mean). While you were watching videos, your browser started out operating as a Remote control Desktop having a keylogger which provided me accessibility to your screen and web cam. after that, my software program gathered your entire contacts from your Messenger, Facebook, and email account. Next I made a double video. 1st part shows the video you were watching (you’ve got a fine taste lmao), and second part shows the view of your cam, yea it is u.

You will have not one but two possibilities. Let us read up on the possibilities in aspects:

First choice is to skip this email message. In such a case, I most certainly will send out your very own tape to each of your your personal contacts and also consider regarding the awkwardness you can get. Or should you be in a romance, precisely how it will eventually affect?

Other option will be to give me $5000. I will refer to it as a donation. As a consequence, I most certainly will right away erase your video. You can go forward your daily routine like this never occurred and you will never hear back again from me.

There is more to the email but you get the point by now.  This is another phishing/extortion attempt that is circulating the internet right now.  There are several variations and we are getting asked about them frequently.  What makes this email look more legit than others is that the password they show is actually one of the passwords you use (or have used).  You should be asking yourself, where did that password come from?  Our initial research shows the passwords appear to be those found on the dark web and freely available.  Bots search the dark web for passwords and emails they can combine into these automated emails.  Those emails are then sent to scare people into paying the extortion fee.  The creativity level of the criminals is quite amazing.

In a nutshell, when breaches happen such as FaceBook, LinkedIn, etc. your password and email can get leaked out to the dark web.  That doesn’t mean your computer has actually been breached but your credentials have been at that specific website.  Where you get in trouble is if you use that same password at other websites.  A crafty criminal will take your LinkedIn password and try using it at Amazon, bank websites, etc. in hopes of getting access to a live account.  This process is now all automated so it is inevitable they will find a few combinations that will let them in to do damage.

If you receive one of these emails, your job is to make sure any accounts using the password is immediately changed.  Also investigate those accounts to make sure there are no fraudulent charges or activity on it.  Moving forward, never use the same password on multiple accounts.  Change any passwords that are being used in multiple places.  That helps limit your exposure if there is a breach.  Odds are good all the info in the criminal’s email is just hype to scare you.  Regardless, keep a vigilant eye out for any suspicious activity just in case your system has actually been breached.  So far we have not seen a single instance of this happening but anything is possible these days.  Being careful and observant is always the best practice for everyone.

For more information on a closely related topic, please take a moment to watch the short video blog from June 2018.  Are your employees equipped to identify cybersecurity threats to your business?

Today’s blog author is Mike Farlow, Chief Executive Officer at ComTech

Facebook
Google+
Twitter
LinkedIn