Fraudsters use every tool at their disposal to separate you from your money. In this scam, fraudsters use your own password to convince you they have incriminating evidence about your activities. Specifically, they tell you they activated your webcam while you were browsing an embarrassing Web site and they have your password to prove it. The concerning part is, many times the password is correct! But how?

When hackers steal data from websites, they attempt to monetize that information in many different ways.  A popular monetization method is an attempt to extort money from people using this stolen data. However, in many cases, they simply publish the stolen data online - passwords and all!

The scam starts when you receive an email from the fraudster, stating that (s)he has information about you (usually video) from a recent visit to a porn site. An example email is supplied below:

We have seen some variations of this in the past. Usually, the data the fraudster has is very old and often times the password is no longer used (if it is, change it and never use it again!). Other, more opportunistic fraudsters will leverage openly available databases, such as the one referenced here https://www.forbes.com/sites/leemathews/2017/12/11/billion-hacked-passwords-dark-web/ in an attempt to monetize others' work. This also means the passwords referenced may have been legitimate in the past, but are no longer valid.

Prevention

You're not likely going to prevent phishing emails. At some point, your password has been, or will likely be compromised from a third-party website. There is also a lot of other information in the public domain that can be gathered as well, like your address, voter registration information, property information, and much more. Don't let that public information fool you in to believing that an fraudster has private information. 

As a bonus tip: Look in to using a password manager to store all your passwords and generate a unique password for each website you use. Some options include LastPass.com, 1password.com, Dashlane, and more. 

The short answer is, if you receive one of these emails, move it to your spam folder and move on.

Did this answer your question?