Blackmail and extortion are some of the oldest tricks in the book — because they work. That’s why a fresh wave of these scams hit the internet last month, ensnaring dozens of victims. Here’s what you need to know about these scams.
How it works
The victim gets an email from a “hacker” claiming to have cracked their passwords, broken into their computer and used their webcam to watch online activity. They’ll threaten to reveal that the victim has been visiting disreputable sites or to loot their accounts—unless the victim pays a steep price.
To prove that they are “legitimate,” the scammers will share a password that the victim had used many years ago. They’ll often include the password in the subject line to grab the victim’s attention.
If you receive an email like this, don’t panic. There’s no professional hacker behind the scam, and no one has watched your online activity. The simple explanation for how the scammer got your password lies in previous breaches.
Over the last decade or so, there have been massive database breaches of major corporations, sites, and retail stores like Yahoo, eBay, Target, and more. Thanks to these breaches, there are now huge amounts of personal data and passwords floating around the internet. This data can be easily nabbed by a partially skilled hacker or bought on the black market.
How to spot the scam
Many potential victims recognize this scam for what it is as soon as the hacker claims to have dirt on them. For others, the outdated password is their clue. However, for victims who have been using the same passwords for years, this old code might still be in use and the scam seems legit.
If you receive an email with your password in the subject line, ignore the message and delete it.
There’s not much you can do about the sensitive data loose on the internet. However, you can protect yourself from falling prey to this, or a similar scam. Here’s how:
- Update your and use strong, unique codes for each site.
- Choose two-factor authentication when possible.
- Never open emails from suspicious sources.
- If you are targeted, alert the FTC at ftc.gov.