Imagine the scenario. You get an email from an unknown sender. The email claims to be from a computer hacker, and they say they’ve managed to gain access to your webcam and have been covertly spying on you for days, even weeks.
Not only that, but they’re spied on you visiting adult websites, and recorded the webcam footage as proof. And they plan on using that to blackmail you into parting with your money. Refuse, and they claim they’ll release the compromising footage of you to all your friends and family.
It’s an alarming prospect, and certainly one that will likely panic the recipient. And that’s probably why it’s such a prolific email scam hitting inboxes.
But it’s worth remembering that it is, indeed, just an email scam. It’s not real. There is no hacker. There is no compromising webcam footage. The sender of the email is a hopeful blackmailer who has fired out the exact same scam email out to countless other email addresses, and is currently waiting to see who bites.
It’s a type of extortion that’s been dubbed sextortion. That is, blackmailing victims with the threat of releasing compromising or embarrassing photos or videos of them. It’s called sextortion regardless of whether the compromising content actually exists or not.
An example of such an email scam is below, which demands the recipient pay the ransom using Bitcoin.
But what if the email also includes my password?
The aim of the crook is to make the recipient believe they are legitimate and that they really have the footage of you. To add authenticity, they may include your password, whether it’s a current password or an old one.
But how did they get it?
Your password was most likely leaked during a data breach. Large companies, including companies you may have an account with, can often suffer data breaches, meaning your email and password gets leaked online with hundreds of thousands, even millions, of others. (Which is why we never recommending reusing passwords.)
Many different breeds of online scammers will try and use that leaked data to their advantage, including blackmailers. If an email contains your password (or more likely an older password since the data from the data leak may be old) it means the crook has based their emails from a database of leaked email and password combinations.
If you still use that password anywhere, YES you must absolutely change it straight away. But worry not, it doesn’t mean the person emailing you has any compromising footage of you.
So don’t pay up!