I had a few customers come into the shop last week and print out a very peculiar and lengthy email from someone who claims to have used their webcam to record the user watching pornography on their computer and they want to collect a hefty ransom. If the ransom, paid in Bitcoin, is not paid within 24 hours, the hacker says they will send the video to all of the person’s contacts and the authorities. What makes this scam really interesting (and caused high concern to the clients who came to me with this) is the inclusion of an old password in the subject line that once was tied to the person’s email address.
Let’s break this one down, shall we…
1. ALWAYS ASSUME THESE ARE FAKE. Even though I’m telling you this is a new twist on an old scam, never let your guard down, especially on today’s internet. Scammers are clever, and always thinking one step ahead.
2. “OK, but they put my password in the subject line. They must have hacked me.” -No, they didn’t directly hack you. Hear me out. We all hear on the nightly news fairly often about certain corporations who confess that data from thousands of customer was stolen in a hack against their systems. In South Carolina, the Department of Revenue was compromised in 2012, a breach that exposed thousands of Social Security, credit, and debit card numbers. The list goes on. 2016 – Yahoo was breached. 2014 – eBay. Target and Home Depot – hacked. Last year, Equifax. You get my drift.
With those hacks, passwords were exposed. And I know many of us have what I call a “go-to password” that we like to use for the many different sites that make us create a password. So, just because the hacker put an old, hopefully, (more on that in a second) password in the subject line, its only intention was for sheer “shock value” – to make you actually consider “Wow, yes, this person does have my information.” DO NOT BE FOOLED. I know it can be scary, but do not be caught off-guard.
3. Bitcoin is often desired for these “ransoms.” This should clue you in. Bitcoin is a new type of electronic “cryptocurrency” that is decentralized, meaning no bank or financial instruction is involved. Of course, hackers conducting illegal activity would want to involve as few people as possible to get paid.
4. I mentioned this scam involved employing an old password. The password mentioned may be an old password. Here is where a lot of you will fail the test. MAKE IT A POINT TO CHANGE YOUR PASSWORDS AT LEAST ONCE A YEAR. The people that came to me all said, “Well, it used to be my password, but it’s not my current password.” That’s good. But I know many of you who won’t change your password until you are forced to. Don’t be this person! Change all passwords at least once a year. This includes email accounts, shopping sites (Amazon), and especially banks and credit card sites. Email accounts are probably the most important ones to change – maybe even twice a year if you can manage it. Why do I say this? A hacker who has access to your e-mail can essentially try (through sheer brute force) to use the “Reset Password” options that are on every login page ever. Because of this, email is the most important account to protect.
5. Enable Two-Factor Authentication if possible. Two-factor authentication is a method of authenticating your account whenever it is trying to be accessed by an unrecognized device. Many of you may already be familiar with this. When you go to log in somewhere, and the site says “Hold on, I’m going to be absolutely sure it’s you. I just sent you a code, please tell me what that code is.” Many banks have this as an option by default.
6. WHEN IN DOUBT, FORWARD THE EMAIL TO SOMEONE YOU KNOW AND TRUST (LIKE ME!!!!). Forwarding the email to someone to check with them on this is not dangerous. This leads me to my last point.
CHAD’S NO-NO LIST FOR FRAUD OR SCAM EMAILS
1. Never open an attachment in an email you consider to be fake (or might be fake).
2. Never click on a link in an email you consider to be fake (or might be fake).
3. Never call any telephone number that is listed in an email (or a website popup). These numbers are often the scammers themselves who set up call centers (often overseas) who are scamming people every day.
Be safe out there!
Chad Droze
Post & Computer Center – Freshfields Village
chad@compu-experts.com
843-768-2626
http://www.twitter.com/c0mpuexperts