There is a scam going around where a hacker says they have recorded you on your webcam doing naughty things! In this article, we talk about how this scam works and what to do about it.
Many users have reported recent scam messages from individuals claiming to have intercepted their username and password. The scammers typically say that while you were on an adult website having fun, they recorded a video using your webcam! They will also claim that your computer is infected and will tell you one of your passwords... which makes it even more convincing and scary!
Typically, attackers threaten to broadcast footage to your contacts, colleagues, or social media channels. Demanding payment in Bitcoin, malicious hackers blackmail their victims to keep confidential information private.
Where Have the Attacks Come From?
In many cases where hackers have claimed to have a victims' password, this has turned out to be true.
In the last few years alone, many large websites have suffered enormous hacks which have released confidential details on many of their users. LinkedIn, Yahoo, and Myspace all suffered massive and devastating hacks. Some users of these services are still feeling the consequences today.
The details leaked from these sites, and others facing the same issues, are sold online for years after the initial breach. Hackers buy username and password combinations in the hopes of reusing them to access services, steal money, or blackmail their owners.
By the way, if you want to check whether your personal details have ever been exposed in a data breach, go to the website haveibeenpwned.com. Type your email address and click the button "pwned?". I found that my own personal details have been compromised in two data breaches - including one recently! And I have to admit, I also received those emails claiming I've been doing naughty things... which may or may not be true 🙂
How to Respond
If you have been contacted by one of these hackers, it is a scary reality that they could have access to your credentials, data, and online services.
The only thing you can do in response to this type of email is to ignore it. This “we recorded you” email is a scam made much more believable because they probably do have one of your real passwords gained from a site hack.
That said, accounts that share the same password should be changed immediately. Security on additional services you use should be updated too.
Self Defense On the Web
When using online services, a unique password for every site is your number one defense. A good password manager makes this practical and straightforward too.
Using a different password for each site you use means that hackers can only gain access to one site at a time. A hack in one place should never compromise your other accounts by revealing the single password you use everywhere.
Often, people think that maintaining many passwords is hard work or even impossible to do. In truth, it's almost always easier to keep tabs with a password manager than it is to use the system you have in place today.
A high quality and secure password manager such as LastPass, or 1Password, can keep track of all your logins efficiently and securely. They often offer the chance to improve your security by generating random and strong passwords that hackers will have a tougher time cracking.
Password management services offer a host of features that help you log in, remind you to refresh your security, and make your safety a number one priority. After using a manager for just a short time, you can be forgiven for wondering how you managed without it.