There is a new email scam circulating that uses victims' stolen passwords to con victims into paying a ransom. The messages appear to be sent from a hacker that has compromised your computer and used your webcam to record a video of you while you were watching porn.
The scammer threatens to release the video to everyone in your contact list if you don't pay the ransom using Bitcoin cryptocurrency. As "proof" that the hacker has compromised your computer, the email includes your password or other personal information that has been stolen in previous security breaches.
Unfortunately, many people are unaware that their sensitive information such as passwords, name, address, and password "hint" answers are available to scammers. This information has been released or sold by the attackers that successfully stole this sensitive information during previous large-scale breaches of popular websites and online services.
Take the opportunity to make yourself aware of any security breaches in which your information might have been stolen. Fidelis' managed security offerings include a Dark Web Breach Assessment that will help make you aware of the breaches your email address(es) and others at your company have been involved with. Services such as Have I Been Pwned can also be used to perform a scan.
If you receive an email that says that you have been hacked, be skeptical (as you should be with any email you receive). It is always better to be safe than sorry, so by all means have your technical support folks check your system out and confirm that your system is clean.
And if the password revealed in the message is currently being used, take the time to change your passwords--immediately! Re-using passwords is not a good idea. Take the time to implement a password manager such as LastPass so that you can have complex, secure, unique passwords for every site and service you use.
