There’s a good reason why should you should never reuse the same password for all your accounts and online services.I recently got an email from a scammer threatening to release a “dirty video recording” of me to all “contacts including close relatives, colleagues, and so forth” if I didn’t pay him $2,600 in Bitcoin. Why? Because he had in his possession an old password of mine, and allegedly a video recording and all my contacts.These kind of extortion, blackmail emails are quite common, and in no way should scare you. However, they exist because of a much bigger underlying problem. And that is the poor security practices that we follow in our daily online lives. So, let me take this opportunity to educate you how these scams or extortion emails work, and how you can protect yourself from potential damage. Let this be an example for you to stop using the same password for every website!
Here’s A Copy Of The Email
From: Douglas Burnett [email protected]
Subject: ******<- an old actual password of mine
It is just so unfortunate. I am aware is your password. More to the point, I know your secret and I have proof of this. You don’t know me personally and nobody employed me to check out you.
It’s just your misfortune that I stumbled across your misdemeanor. Let me tell you, I placed a malware on the adult videos (porno) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your web browser initiated operating as a Rdp (Remote control desktop) that has a keylogger which gave me accessibility to your display screen as well as web cam. Right after that, my software program gathered all your contacts from your social networks, and email.After that I gave in much more time than I should’ve into your life and generated a two view video. First part displays the video you had been viewing and 2nd part shows the capture of your cam (its you doing nasty things).Frankly, I am ready to forget exactly about you and let you get on with your regular life. And I am going to present you 2 options that may accomplish that. The two choices are with the idea to ignore this letter, or simply just pay me $2600. Let us understand those 2 options in details.Option 1 is to ignore this e mail. Let’s see what is going to happen if you take this path. I will definately send out your video recording to all of your contacts including close relatives, colleagues, and so forth. It doesn’t help you avoid the humiliation your self will face when relatives and buddies find out your dirty details from me.Option 2 is to make the payment of $2600. We will call this my “privacy fee”. Now let me tell you what will happen if you choose this path. Your secret remains your secret. I’ll destroy the video immediately. You keep your routine life that nothing like this ever occurred.At this point you must be thinking, “I will go to the cops”. Without a doubt, I have covered my steps to make sure that this mail cannot be linked returning to me also it will not prevent the evidence from destroying your life. I’m not planning to break your bank. I just want to be compensated for efforts and time I place into investigating you. Let’s assume you decide to generate this all disappear completely and pay me my confidentiality fee. You’ll make the payment through Bitcoin (if you don’t know how, search “how to buy bitcoins” on google)Amount to be sent: $2600
Send To This Bitcoin Address: 19e1AoQVPDX*dihH69xV4xP582apmSEWfUS ( You need to Edit * from it and copy and paste it carefully)Share with no person what you will be utilizing the Bitcoins for or they might not give it to you. The method to have bitcoin usually takes a day or two so do not wait.I’ve a special pixel in this e mail, and now I know that you’ve read through this email. You have one day in order to make the payment. If I do not get the BitCoins, I will definately send your video to all your contacts including members of your family, coworkers, and many others. You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I’ll destroy the recording and all other proofs immediately. It is a non negotiable one time offer, thus kindly do not ruin my time & yours. Your time has started. Well, my software will definitely be tracking the actions you are taking when you’re done reading this message. Frankly, If I see any suspicious activity from your search history I will send out your video to your relatives, colleagues even before your time finishes.
Contrary to what the email says, Douglas did not get my password from a keylogger. Because if he used a keylogger, he wouldn’t come to me bragging about an ancient password of mine. No, here’s how he actually got hold of my password, and perhaps a million other passwords of other users.Have you ever read in the news that a certain website got hacked, or had a security breach? I can think of Yahoo! that had two security breaches, and LinkedIn that had one. More recently, Reddit was also hacked.In such cases hackers usually go after user credentials (usernames and passwords), and any other data such as credit cards, etc. And once they have this data, they sell it over forums, or somewhere on the dark web.
Are You Guilty Of Reusing The Same Password?
Sadly, most of us are guilty of this poor practice. We use the same password for multiple websites, and services. When hackers get away with millions of usernames and passwords after breaking into a website, they know that small percentage of these users would have reused the same password on other websites. In fact, the hackers’ success relies on you reusing your password for multiple websites and services.
So What Do They Do With Your Stolen Username and Password?
They have a few possible options:
Sell this database to multiple parties/highest bidder.
Use a tool that tries to login into some of the most popular websites in the world using the millions of combinations of usernames and passwords in their possession. Have you used the same password for your email and Facebook accounts? Has your Facebook account ever been hacked? This is probably why.
Extort the victims by sending them the email that I received.
Well, you can’t prevent a website from getting hacked and having all its database stolen. But you can prevent any negative outcome to yourself by following good online security practices.Now imagine if I had used this password for all my online accounts? I would have gone crazy trying to change all those passwords to prevent a hack! So…
Never use the same password on multiple websites
Just don’t do it. Use a unique password for every website and service. Now, you’re probably thinking that this is too much work. Trust me, it isn’t. All you need is a password manager like LastPass or 1Password. These apps securely store all your passwords.And also you should use their password generator to create strong, secure passwords (like: js87*^AUDnf3). Passwords don’t need to be remembered by you. As long as you remember one password for the password manager app, that’s all you need.
Use 2-Factor Authentication (2FA)
Sometimes, using strong passwords isn’t enough. Most banks today enforce 2FA on their customers. 2FA ensures that there is an additional layer of security after you’ve entered your password. It could be in the form of an SMS, code generated from a proprietary app, or 2FA app like Authy.Whenever possible, enable 2FA. That way, even if a bad guy gets your password, they won’t be able to get past the 2FA.
Cover Your Webcam (if paranoid)
I bet that part in the email about ‘I have a video recording of you’ spooked you a bit. And it’s true, you can never be too sure of who has access to your webcam. I mean, even Mark Zuckerberg is paranoid about people snooping on his webcam.More recently, there was an interesting piece of news of how some Chinese apps were using the front facing camera of a smartphone without the user’s knowledge. How this came to the limelight was because two phone on the market now have hidden front facing cameras that pop-up only when required. Users noticed that the camera would pop-up even while using some apps.Of course, the line in the email was only to scare, but there are reasons to believe that someone could gain access to the camera.
Don’t visit shady websites
This goes without saying. Don’t go around visiting any shady websites, seriously!
Many of us don’t really think of the implications of things we do or say online. Online privacy and security is equally, if not more important, than offline security.Would you use the same key to your house, car, and bank locker? Obviously not! Imagine if someone found that key, or made of a copy of that key? You’d be screwed!Would you share photos or information to random strangers that are outside your close friends and family? Would you openly announce your location, and let large corporations send their goons to track your every movement?Then why do these things online, where the implications are much worse!