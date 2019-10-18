(DATA DOCTORS) -- There was a considerable increase in extortion-based scams in 2018, according to the FBI Internet Crime Complaint Center, because they are generating lots of money for the scammers.
The scarier the perpetrators can make the situation sound, the more likely the victim will act hastily. Click here to see an example of a sextortion scam.
Q: I received an email showing me one of my passwords and [saying] that my computer had been compromised. They say they're going to release my private information and a video they took of me with my computer's webcam unless I pay in Bitcoin. What should I do?
A: This is a long-running variation of what we call a sextortion scam, with claims that somebody has captured you in a sex act of some sort.
The scammer will generally claim that they gained access to your computer through malware. They'll tell you they had full access to spy on you using your webcam and gathered up all your private data. They then claim they removed the malware so there is no trace that they were ever there.
They add an element of stress to the scam by saying that you have three days to figure out how to pay them and that they have access to your email account, so they'll know that you have read the message. It will seem like the clock is ticking.
But they have my password!
These messages usually start with, "I know one of your passwords," which they include to grab your attention right away.
If you're the type of user who tends to use the same password on lots of sites, it can be scary to see that somebody has a valid password. You might think that perhaps they've done what they say they've done.
The reality is that they merely made use of password data dumps that are plentiful on various nefarious websites. The data cross-references the stolen password with an email address. That's how you became a target.
Scammers know how common it is to use the same password. They're playing the odds that some small percentage of people who get the message will believe it because it contains a password the victim is currently using.
You can quickly check to see how many of the publicly known breaches exposed your password and email address at sites like HaveIBeenPwned.com.
What to do
Slow your roll and take a deep breath. The first thing to know is that none of what is in the email is true. It's nothing more than a very cleverly constructed scam message.
In many cases, the password that the scammers include is an old one that you haven't used in years. That said, if it is a current password, you should immediately change it on every website that you are using it on.
This is just another reason it's critical to use long, unique passwords on each of your online services -- a different password (or phrase) for every site and service. Always. And the only way to manage those passwords is with a password manager. Whether you write them down and keep them in a secure place or use a service such as LastPass, 1Password, or Dashlane, it's better than using the same password on multiple sites.
