Authorities Warn Of 'Sextortion' Phishing Scam Using Real Passwords
SAN FRANCISCO (CBS SF) -- The newest "sextortion" phishing scam circulating online is targeting victims with threats of exposing their use of porn and actual passwords.
It's a new, more-believable twist on an old scam that is popping up in email accounts across the country.
Con artists are threatening to release compromising videos and using victims' real passwords to convince them it's not a scam.
Imagine opening your inbox to find your name -- and one of your real passwords in the subject line.
KPIX 5 ConsumerWatch reporter Julie Watts recently received once such email.
Once they get your attention with this new, more credible and creepy twist, they try to extort money using an old sextortion scam.
The culprit will claiming they have webcam recordings of the victim watching adult videos and threaten to send the videos out to your entire contact list if you don't pay up using Bitcoin.
While the good news is that the bad guys don't have comprising video, the bad news is they do have your real password.
CNET staff reporter and cybersecurity specialist Laura Hautala says the scam may evolve from porn threats to something victims may actually fall for.
If somebody saw that a hacker had your password, you could believe they had more dirt beyond that password said Hautlala. You might not be worried about your non-existent porn history being used, but you might be worried about something happening to someone you love. We could see different variations of this.
In Julie Watts' case, the scammers used an old password she hadn't used in years, likely something purchased on the dark web following a data breech.
By visiting on to the haveibeenpwned.com website, users can see if their email addresses and passwords have been compromised over the years in several breaches dating back to 2013, including Adobe, Dropbox, LinkedIn and MySpace.
And with an increasing number of data breaches and easy access to other personal information online, it's likely the new "I know your password" twist will only get more sophisticated.
If a hacker wanted to spend more money to buy something new, you might get an email that's a bit more convincing that has your current password or something really recent, said Hautlala.
The bottom line? Your best bet is to ignore the emails demanding money. Even if they appear to have personal information, don't engage with the sender.
Security experts recommend a password manager that creates a unique passwords for each account. If your password are secure you're less likely to encounter these scams.
And in general, it's a good idea to keep you web cameras covered when not in use, just in case.