Email messages with your password in the subject are scams
If you received an email message that has your password in the subject you’re not alone. The email message is part of a sextortion email scam campaign that gained momentum in September 2018.
The email message body will typically say that your computer or mobile device was hacked or corrupted with malware and a video of you was recorded through your device’s camera while you were watching an adult video.
The message will then insist that you pay the alleged hacker a certain amount of Bitcoin or risk having the video of you sent to your contacts including your friends, family, and colleagues.
Here’s an example of an email message:
Subject: [Email Address] – [Password]
From: Spike DifabioI am aware [Password] one of your pass. Lets get right to the point. No one has compensated me to investigate about you. You don’t know me and you’re probably wondering why you’re getting this e-mail?
Let me tell you, i installed a malware on the X video clips (adult porn) web-site and do you know what, you visited this web site to experience fun (you know what i mean). While you were watching video clips, your internet browser initiated functioning as a Remote Desktop having a keylogger which provided me access to your display and web cam. after that, my software obtained all of your contacts from your Messenger, social networks, and e-mailaccount. after that i created a double video. First part shows the video you were watching (you’ve got a good taste lol), and second part shows the recording of your webcam, yea it is you.
You have only 2 options. We will understand these types of possibilities in details:
Very first option is to ignore this e mail. in this situation, i most certainly will send your very own tape to each of your your personal contacts and thus consider concerning the shame you will get. Moreover if you happen to be in a relationship, how this will affect?
Latter option is to compensate me USD 976. We are going to think of it as a donation. Consequently, i will instantly discard your video. You could go on daily life like this never took place and you will not ever hear back again from me.
You’ll make the payment via Bitcoin (if you do not know this, search for ’how to buy bitcoin’ in Google search engine).
BTC address: 1MaQzmakdSNFKXSoMc7ZuNky7ZAYeCjkQf
[CaSe sensitive so copy and paste it] if you have been curious about going to the authorities, anyway, this e-mail cannot be traced back to me. I have covered my moves. i am also not attempting to ask you for much, i prefer to be rewarded. You have 48 hours in order to make the payment. i’ve a unique pixel in this mail, and right now i know that you have read this e mail. if i don’t get the BitCoins, i will certainly send your video recording to all of your contacts including family members, colleagues, and so on. However, if i do get paid, i’ll destroy the video right away. it’s a nonnegotiable offer, so please don’t waste mine time and yours by replying to this mail. if you really want evidence, reply Yup then i will send out your video recording to your 13 contacts.
As you can see, the ‘password in the subject’ email scam is designed to scare you into sending the scammer a Bitcoin payment in order to have the video of you destroyed. However, no video of you exist.
To be clear, there is no video recording of you, no one accessed your email account, and malware was not placed on your computer. If your computer or mobile device does not have a camera on it you will still receive an email message that says you were recorded through your device’s camera. If you have never visited an adult website you will still receive an email message suggesting otherwise.
Although the email message is a confirmed scam you may be wondering how your email account’s password was obtained by the scammer. Your email address and email account’s password was most likely leaked online following a breach that occurred on a site like Adobe, Experian, LinkedIn, Yahoo, and so on. The scammer possibly obtained your information along with countless others in the black market.
To locate which breach your information was leaked from go to https://haveibeenpwned.com/ and submit your email address to receive a free detailed analysis.
Since your account information was probably leaked online and a scammer was able to pick it up on the dark web it is strongly advised to change your password immediately to avoid unwanted access. Also, change the password to other accounts you may use for safe measure.
Employ the use of these best practices when making a new secure password:
- Do not reuse the same password for multiple accounts. Use unique passwords wherever possible.
- Use strong passwords with numbers, letters, and special characters such as !@$#.
- Use two-factor authentication to add an extra layer of security along with your password.
- Use a reputable password manager if you have trouble remembering multiple passwords.