In The News‎ > ‎

Phishing scam: Scammer knows your password, wants hush money

posted Jul 20, 2018, 6:39 AM by Craig Cox   [ updated Jul 20, 2018, 6:39 AM ]
Brian Krebs reports that a new twist on an extortion scam is going around.  The email accuses you of surfing bad sites and claims that you've been recorded side-by-side with whatever you were watching, and if you don't pay up then the video will be shared with your contact list. To make it seem more believable, the scammer knows your password!

In fact, the scammer downloaded or bought a list of compromised passwords and email addresses, and put them into a form letter.  The scammer figures that with a big enough list of emails and passwords, somebody's got to have a guilty conscience and will pay up.

If you get an email with this or any other story that is made more compelling because they have a password you recognize, the bad news is you have to immediately change that password wherever it's used, and never use it again.  The good news is that there may be no more damage than that - but you need to follow up and check the account on which you used the password.
  • If it was your banking password, check your balance, make sure you recognize all the debits, and so on.
  • If it was a social media password, check that the posts and messages you've sent recently are really yours, and that the scammer hasn't been spamming people in your name
  • If it was your doctor's portal, make sure nobody else has been getting your prescriptions
In general, make sure no mischief has been done with the password, and again, change the password and don't re-use it.