Here’s the threat delivered to your email: They've infected your system with remote computer control malware. Pay a ransom in bitcoin or they’ll release evidence of you watching adult material. They show your password, or part of it, to prove their case.
Is this threat credible? No, it’s a scam. The bad guys got your information from a breach and are using it to shake you down. The evidence is manyfold:
It’s an untargeted, mass email scam
The scammers are not targeting specific individuals. Your inbox is one of thousands in a database. They’re only hoping to capitalize on panic and embarrassment to force some small number of people to pay the ransom. Their goal is making fast cash from the volume of people who give in, they’re not interested in running high effort blackmail. We know this because the content of the email is nearly identical in many, many reports.
Not only is there no concrete proof offered, the scammers actively dissuade the would-be victim from looking for evidence. There’s no mention of which adult website you had visited. Your full name often does not appear in the email. There are no images or videos of you attached or linked to.
No malware detected
The emails also claim to have installed malware through which they gathered this incriminating material - yet, malware scans reveal no threats. True, malware scanners vary in accuracy when it comes to more subtle infections. Software capable of remotely accessing your system is not one of those.
Nothing new under the sun
The history of this threat is also a clue to it being a scam. These reports have been floating around since the end of 2017. The nature of their threat, the amount of money they’re demanding and the method of ‘evidence’ collection has changed but it is essentially the same scam.
A stranger threatens to reveal embarrassing information about you and will remain silent in exchange for a ransom.
So, what should you do?
First, you should not pay this ransom. You SHOULD definitely see this as a big wake up call about your data security.
This data was pulled from one of the many data breaches that’ve been popping up in the last several years. That means that your email and password have been compromised.
Whichever password appeared in the email: change it, everywhere and never use it again. You can check if your password has ever appeared in a breach. If it has, never use it again.
Adhere to good password practices when creating new passwords.
Run a malware scan on your system - (Malware Bytes)
Consider cloud-based password vaults like 1Password or LastPass.
If you only have to remember 1 master Password, you can make it as secure and strong as possible
Create long and high-strength passwords by forming a memorable phrase, then adding capitalization and punctuation.
It would take a computer running a brute force password cracker approximately 2 Sexdecillion years to crack "Iwaswanderingthroughthetulips1day!" - that's a 2 followed by 96 zeros.
It may feel overwhelming, but the best thing to do whenever anything comes in from the Internet is to calm down, and then critically assess it. Scammers RELY on the instinctive reactions of the uninformed.
Concerned about keeping your website more secure?
Besides weak passwords, neglecting your websites security patches and web software updates are the most common cause of security breaches.
Learn about on-going website maintenance services or reach out for a free website review and consultation!