Scam Emails with your OLD password

Business IT Services

Scam Emails with your OLD password

October 4, 2018 articles 0

We’ve had a number of clients that have received recent email from someone claiming to be a hacker who broke into their computer and used their webcam to watch them looking at adult websites. That part of the message may tip off most people that it is a scam, but wait! It contains an old password that I actually used!

Don't believe this!

Sample of password scam message

Don’t panic! I have received two of these myself! Admittedly, the first was a bit disconcerting, but a bit of sleuthing uncovers it for a very annoying, scary, but benign attempt to part you from your money.

These sorts of online extortion schemes — which try to guilt people into paying off hackers claiming to have compromising information — are nothing new. But a new wave of messages that began popping up in mid-July has stepped up the ploy by showing passwords in the subject headers as attention-grabbing “proof” that someone has deeply burrowed into your computer and has your personal information.

The real passwords have been floating around on the “dark web” for several YEARS already from old, major data breaches (Yahoo!, eBay, Sony, Playstation, etc). That data is now being used in more traditional scams.

Our Analysis

HCST did examine the several emails similar to this in detail, to make sure they were benign. In all cases, we found:

  • The email originated “outside” the recipients network. Despite the email showing as having some from me (and to me), it was “spoofed”, and originated from somewhere else.
  • Detailed message tracing (a capability we have with Microsoft Office365 email accounts we manage) additionally shows the message originating outside the network.
  • Despite many of the messages saying “I have an unique pixel within this email message, and right now I know that you have read this email“, they do NOT have any embedded images or attachments that could be used to track the message.
  • A web search shows MANY reports of this same or very similar message being received by others.

What should you do?

This is one message that can be safely deleted, and we are certain there are no extra issues associated with this message (at least not until the next iteration of similar messages).

It is always good practice to make sure you use STRONG, UNIQUE passwords on all websites. HCST recommends Lastpass as a secure password management system.

Are you still using this password?

If you are still using this password, you REALLY need to change it. NOW. Our recommendation is that you should be using strong, unique passwords on each site you access and using a good password management system to control your passwords.