Security warning: the bad guys don't have a video of you looking at porn

The bad guys know where you live.

The bad guys know your old passwords.

But the bad guys do not have a video of you looking at porn. They’re lying to scare you.

If you get an email asking for money and threatening to release an embarrassing video taken with your laptop camera, it is a scam. There is no video. The bad guys don’t have your address book. They won’t contact your family.

The people doing this have no shame and no morals. They make up crap to scare you. It’s all lies. That’s why we call them “bad guys.”

The latest messages include a password that you recognize or another bit of personal information to make the scam seem more believable. Don’t be frightened.

The message may include one of your old passwords, probably several years old. If you’re still using that password, drop everything and start changing that password. That advice has nothing to do with this hack; it’s because of how the bad guys got the password originally. Keep reading.

One client got this message by postal mail addressed to his house, which seems to be scary because it means the bad guys have his home address.

If the message includes a password, or your home address, or part of your social security number, it’s still a scam. Don’t be frightened.

This is an example of the email that you might get.

Sextortion sample email

There is no easy way for you to know whether the bad guys can actually do something like this, or if it’s just techno-gibberish. Ransomware is real, after all, so it’s true that a couple of poorly chosen clicks can cause all your files to be encrypted and held hostage.

This time, though, the threats are imaginary. Random bad guys cannot activate a keylogger or turn on your webcam or steal your contacts just because you visit a website. Your computers have defenses against that sort of thing. It’s not that keyloggers don’t exist, it’s not that webcams can’t be turned on by hackers, but there are really only three ways for those things to happen: (1) you click OK on a warning dialog and give permission to install something, or (2) you allow someone to connect to your computer remotely, or (3) you are a very high value target of the NSA or elite Russian intelligence agencies.

But just by visiting a porn site? Nope. That can’t happen.

 


What about the personal stuff? The password, the home address, your social security number?

Your personal information is available to the bad guys. They’re going to mix it into their scams. This is just the beginning  – they will be getting more inventive and you will have to be even more paranoid and skeptical.

For many years, large companies and governments have been storing information in poorly secured databases. Your information has leaked out during all the hacks you’ve read about in the last few years, big and small.

•  When Equifax got hacked, the bad guys got names, birth dates, and social security numbers for 146 million Americans, plus drivers license, home addresses, email addresses and more for many people. (The numbers keep growing.)

•  Yahoo finally confessed that hackers stole names, email addresses and passwords for every single account it controlled (including Yahoo, Tumblr, Flickr, and others) – a total of three billion accounts.

•  There have been many more large hacks – credit card processor Heartland, Target, MySpace, eBay, Uber, JP Morgan Chase, Sony’s Playstation network, health insurer Anthem, Home Depot, Adobe.

•  Not to mention a catastrophic government breach when Chinese hackers obtained vast amounts of personal data on 22 million current and former federal employees from the Office of Personnel Management.

All of this information is available to bad guys. It’s being sold, traded, given away. The bad guys are developing sophisticated tools to merge and manipulate the data to create – for today’s example – an email blast that matches your name and email address to a password you used with a hacked account.

Want to see something scary? Go to this website and put in your email address: https://haveibeenpwned.com/  It’s okay, it’s safe.

Oh no! You’ve been pwned! (Pronounced “poned.” It means defeated or humiliated. Comes from the gaming community. Use it in conversation, it will make you sound young and hip.) Your email address shows up in 9 breached sites. Or 20 sites, or 45 sites, or whatever. If you want to be angry or sad, you can scroll down to see which data breaches included your data. You’ll recognize some, others will be mysteries.

Just don’t be surprised. Everyone’s email address is included in databases that have been hacked. Welcome to the cyber world of 2018.

If you haven’t brushed up lately, review the Rules For Computer And Online Safety. If you get a phishing message, delete it and ignore it. Don’t click on links in email messages. Use a password manager like LastPass. Back up your files. Do not call the 800 number. And don’t let the bad guys fool you into falling for a scam!

Share This