Take extra care if you have received an email that actually uses one of your old passwords to try and scam you. Thousands of dollars have been illegitimately paid in order to keep what is already a secret, a secret. We’ll show you how they do it below.

1. You Receive an Email from the Scammers

One such email read:

SUBJECT LINE:
Your account has been hacked! Change your password now!

EMAIL BODY:
I have bad news for you. I hacked your operating system and have full access to your accounts.

Don't bother to change the password, my malware will intercept it every time.

How it was:
In the software of the router to which you were connected that day, there was vulnerability. First, I hacked your router and placed my malicious code on it. When you entered the Internet, my Trojan was installed on the operating system of your device.

I then did a full dump of your disk including your history of viewing sites, all files, and addresses of all your contacts.

I was going to lock your device and ask for a small amount to unlock it. Then I looked at the sites that you visit and was delighted at your favorite resources. I’m talking about adult sites.

You are a big, big pervert and have unbridled fantasies!!!

An idea came to mind. I made a dual video where you have fun (you know what it is about, right?) on one side and a video of your joys (using the camera of your device). It turned out beautifully, do not doubt it.

I strongly believe you would not like to show these pictures to your friends, relatives, or colleagues. A sum of $1,000 is a small amount for my silence because I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet is XXXXXX

You have little more than two days (exactly 50 hours) to send payment. The timer started the moment you opened this letter.

After receiving payment, my virus will self-destruct automatically.
If I do not receive the specified amount your device will be locked and your contacts will receive the video.

Do not try to destroy and or even find my virus as all your data is already uploaded to a remote server. Do not try to contact me (this is not feasible, I sent you an email from your account) Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee I will not bother you after payment, as you are not my only victim as a hacker code of honor.

I advise you to use good antiviruses and update them several times a day!

Don’t be angry with me, everyone has their own gimmick.

(Of course, we have cleaned up the grammar and such.)

" Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message. "

— Wikipedia

2. They Send Instructions on How to Pay Them

Payment is usually asked through Bitcoin, but there are many ways scammers ask for payment. These include but are not limited to:

  • Gift cards
  • iTunes cards,
  • Credit card payment over phone,
  • Other forms of crypto currency.

Bleeping Computer reports that over $50,000 in blackmail money was collected in just one week with this very scam.

3. How the Scam Works

The email sounds personalized. However, the scam is most likely done via automation. The scammers get an old password that is listed on a scam site. They connect your email to it. They send an automated email with your info copied/pasted into it. Then they cross their fingers that you fall for it. They aren’t far off. Of the 42 people who received this scam email in that week, 30 victims actually paid it.

4. How They Get Your Information

Your information may have been subject to a virus and leaked on the internet. However, with this scam it is most likely the crooks got your email / password combo from on the many big leaks over the past year. These include breaches in often used sites like Yahoo, LinkedIn, and eBay, for example. Although they are likely to tell you “I’m aware that XXX is your password,” which can be horrifying. Recipients of this scam email admitted that was a password they had used, but it hadn’t been current in years.

5. How to Protect Yourself From This Scam

There is no one silver bullet to protect yourself from all scams but we recommend the following:

  • Install a firewall to prevent unauthorized software.
  • Install a malware/virus scanner to get software that gets past the firewall.
  • Use secure passwords AND a password manager like 1Password.
  • Check to see if the password sent to you matches the site you’ve visited.
  • Get a webcam cover. They start at $5 on Ebay and are worth the piece of mind.
  • Copy and paste the email message into a search engine to see if others have reported on the scam.
  • Check to see if your account has been compromised in a data breach by entering your email here.

The first reason this scam is so successful is because emails are being spoofed, or receiving emails that are from a forged sender. Scammers deliver their emails by altering their sender information. They can use an email alias, which can be seen through by using your email platform to see the real address by viewing the source code of the email. However, SMTP information (the server that delivers outgoing emails) can be easily altered, which is harder to catch.

The second reason this scam is successful is because it is personalized to your email and / or password. Remember to engage with your web guru first if the scam email came through a work source. Report any and all suspected scams to appropriate authorities. Do not engage with scammers.