Scam Alert: Using Passwords and a Threat to Your Privacy

Terrapin Technology has learned of a new scam that has shown up in client mailboxes.

How the Scam Works

The scam involves sending you an email with your current or past password (or something very close to it), and alleging they have seen you watching porn on your web browser and threatening to reveal that fact if you don’t pay. This is a scam. The password referenced may be similar to one you’ve used or are currently using. Please do not fall for this scam, but instead change your password(s) immediately. I am providing links to a few news stories on this topic, some of which include the actual text of the “sextortion” email:

https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/

https://blog.knowbe4.com/scam-of-the-day-sextortion-old-passwords-and-you

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

What Else Can You Do?

Please forward this newsletter to members of your organization. Take extra care in changing your passwords regularly, especially after a breach happens at a website you frequent (i.e., LinkedIn, Yahoo mail, etc.). If you need assistance assessing the validity of an email or link contained in an email, please reach out to our team at Terrapin Technology.