A new phishing scam has been reported on the University’s campus, and it would not be out of place in an episode of Black Mirror. In fact, it is disturbingly similar to the “Shut Up and Dance” episode.
Basically, the attackers use an old password in the subject line to get your attention, and claim that they have installed a virus on your device that gives them access to your webcam. The criminals then claim that they will release sensitive or embarrassing footage of you to all of your contacts if you don’t meet their demands, which is usually to pay them thousands of dollars in bitcoin.
The threat of such a video being released to friends, family, and coworkers is enough to send most into a panic, and that is the goal of any kind of extortion. It is to sow enough fear in an individual’s mind that the criminal is able to demand vast sums of money for their “privacy.” However, this particular scam uses passwords that you likely haven’t used in years to get your attention–passwords which the attackers likely got when that password was compromised in an old breach. In addition, the hackers don’t actually have any kind of video of you, they are just bluffing in order to get you to pay them.
If you see an email that is similar to what is described above, do not click on any link within the email or respond to the message. And you should certainly not give them any form of payment. If you’re still using the password revealed in the email on any sites or services, change it immediately.
Unfortunately, we have an exaggerated idea of what can happen when you give in to these attacks, and like most Black Mirror episodes, the ending is bleak.
There is a chance that as this scam evolves, that criminals might start getting their virtual hands on more recent passwords of yours. You can take preventative measures, such as making sure all of your passwords are complex, long, and unique. Also, wherever possible, enable two-factor authentication to give your personal information another layer of protection. Common sense and a clear head are the most effective weapons in your arsenal, as the attackers are counting on fear taking you over.
The bottom line is, do not engage with these kinds of extortion schemes. Keeping yourself aware of the threats to your information and privacy, helps you properly protect yourself. Exercise caution, and be sure to forward any suspicious emails and/or phishing attempts to firstname.lastname@example.org.
And as always, Think B4 U Click!