The "Your Password" Email extortion scam
If you have received an email with the subject line "Your password" followed by a password that you used in the past or are still using, you may wonder whether the allegations made in the email are true and whether you should pay the sender money.
The email claims that the sender set up malware on adult video sites that you visited to gain access to the computer, screen and webcam. The cam was used to record a video of your activities while being on the adult video site, and other software was used to obtain lists of contacts from Facebook, email and other places.
The sender asks for a sum in Bitcoin and wants it sent to an address within one day. Failure to comply to the demand will lead to the publication of the video and the informing of all contacts about it.
Fact is: the password is correct and that may be a shock to you depending on whether you still use the password or not. From what I could gather, it appears that the revealed passwords are quite old and may not be in use anymore. The rest of the email is very generic and contains no personal information.
If you received such an email, you may want to think logically about it. If you don't visit adult sites or don't have a webcam, then it is obviously fake.
The most likely scenario is that the sender used password leak databases for the scam. It is easy enough to break weak passwords using today's computers and that is probably what happened here as well.
What you should do
If you received such an email, ignore it and don't send any money to the sender. You may want to make sure that you don't use the password anywhere anymore.
It is probably a good idea to start using a password manager, KeePass if you want to keep things on the local device, or an online password manager like Dashlane, LastPass, or 1Password.
Make sure you change any account password that uses the revealed password. If you use a password manager you may use the built-in functionality to create unique strong passwords for your accounts.
Another thing that you may want to consider is putting tape over your webcam if you never use it, or one of these protectors if you do use them.
What you should not do
You should not pay or reply to the email.
Here is the actual email:
It seems that, [password], is your password. You may not know me and you are probably wondering why you are getting this e mail, right?
actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.
What did I do?
I created a double-screen video. 1st part shows the video you were watching (you've got a good taste haha . . .), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, in my opinion, $1000 is a fair price for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
(It is cAsE sensitive, so copy and paste it)
You have one day in order to make the payment. (I've a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I'll destroy the video immidiately. If you need evidence, reply with "Yes!" and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don't waste my personal time and yours by responding to this message.