Have gotten a blackmail email with a password of mine - what to do?

Question

I've gotten the following email today (the password has been changed; and the Greek characters are reproduced verbatim):

Your ρasswοrd is REPLACED. Ι kηow α lot more τhngs about you τhaη τhαt.

How?

I ρlaced α malwαre on τhe ροrn websιte αηd guess whαt, yοu visιτed this web sιte to hαve fun (you kηow whaτ I meαη). Whιle yοu were wατchιng the video, yοur web brοwser αcτed as aη RDP (Remoτe Desκτoρ) aηd α κeylogger, whιch ρrοιded me αccess το yοur dιsplαy screen and webcαm. Righτ αfter τhατ, my sofτware gathered αll your conταcτs frοm your Messenger, Fαcebooκ αccouητ, αnd emaιl αccοuηt.

Whατ exαctly did I dο?

I made a sρlιτ-screeη νideo. The fιrsτ ρarτ recοrded τhe vιdeο you were νiewing (yοu'e goτ aη excepτιoηal τasτe hαha), aηd the next pαrt recorded yοur webcam (Yep! τ's you \doing ηαsty τhιngs!).

Whaτ shοuld you dο?

Well, I belιeve, $2000 ιs a fair prιce fοr οur little secret. You'll mακe τhe ρayment vιa βiτcoιη το the below αddress (if yοu doη't kηοw τhιs, seαrch "hοw to buy βιτcoιn" in Gοogle).

Βιτcοiη Address:

bc1qsqhjhalkn5e9m06vvph7mtml8ryuvzxcgdrhqy (Iτ is cAsE sensitινe, so copy aηd ραste ιτ)

Imροrταnt:

You haνe 24 hοurs τo make τhe pαymeηt. (Ι haνe a unιque pιxel withιn this email message, αnd rιght now Ι κnοw τhat you have read thιs emaιl). If I dοn'τ geτ the ραymeητ, I will seηd your νιdeo το αll οf your cοntacτs, ιncludιηg relατiνes, coworkers, and sο fοrth.Nοneτheless, if I do geτ ρaid, I will erase τhe νideo ιmmedιαtely. Ιf you waητ evidence, reply with "Yes!" aηd Ι wιll send your videο recordιng tο your fiνe frιends. Thιs ιs a ηοη-negotιαble οffer, so doη't wαste my τιme aηd yοurs by reρlyιηg το thιs emαιl.

Millicent Brillinger

Now, I wasn't watching porn online, nor do I have a webcam connected to my computer; nor are my email contacts available online (that I know of), but that password is a weak one I am using on quite a few websites. Also, some careless mailing list servers occasionally send that password to me as plaintext every once-in-a-while.

I'll mention the email comes from some outlook.com address; and my email was migrated to MS Outlook 365 a couple of years back.

My question: What - if anything - would you suggest I do, both to defend myself from the person behind me and to possibly warn/protects others above/from him?

If it's a password that you use on several sites, then it could very well be that you used this password on a site that suffered a breach. Then, the site's user database may have ended up online (this is how sites like https://haveibeenpwned.com/ get their data). If none of the other stuff in the threat that you received pertains to you, I think you can simply ignore the email. — mti2935, Apr 09 '20 at 17:43
@einpoklum I think this particular scam has been discussed on this site before, like around a year ago. — Fire Quacker, Apr 09 '20 at 18:09
Here we go: [Should I be worried by an email which said my account was under attack? {duplicate}](/questions/206319/should-i-be-worried-by-an-email-which-said-my-account-was-under-attack) and [What to do about email threats containing leaked passwords?](/questions/195063/what-to-do-about-email-threats-containing-leaked-passwords) — Fire Quacker, Apr 09 '20 at 18:12
@SteffenUllrich: The questions are very much related, yes. Fine, let this be a dupe. — einpoklum, Apr 09 '20 at 19:14
I got the same email with the same style today. I don't know how my contacts would react seeing a sρlιτ-screeη νideo of me writing an answer on SE. — Esa Jokinen, Apr 09 '20 at 19:52
What's interesting is that you got exactly the same bitcoin address. I've been collecting those addresses to estimate how much people really fall into these scams, as the transactions are public. A while ago they were collecting quite a fortune, but luckily people are more aware of these scams now and don't pay so easily anymore. — Esa Jokinen, Apr 09 '20 at 20:23
@einpoklum Apparently, this scam campaign is being pushed very heavily right now: https://www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ — Fire Quacker, Apr 10 '20 at 12:50

score 3 · Answer 1 · answered Apr 09 '20 at 17:54

3

Ignore the email.

Change all your accounts that use that password.

Move on.

answered Apr 09 '20 at 17:54

auspicious99

493
3
17

einpoklum · Accepted Answer · 2020-04-09T19:01:57.133

2

Things suggested to me so far:

(Obvious, but must be said) Go change those passwords!
Don't answer the email and don't pay anybody anything.
Search for my address at Have-I-been-Pwned; if you find it, your password has been leaked, regardless of this particular person, and is essentially public now. He's just lame.
Figure out the abuse reporting address for your mail provider (for Outlook365, it's abuse at outlook dot com) and report the incident there.

In my case, "Have I been pwned" says:

Oh no — pwned!

Pwned on 6 breached sites and found no pastes

Three of the breeches only contain email addresses, not passwords. The other three are:

Collection #1 (unverified)
Linkedlin
Onliner Spamerbot

edited Apr 09 '20 at 19:01

answered Apr 09 '20 at 17:42

einpoklum

429
3
12

+1, but you're missing an important point: GO CHANGE YOUR PASSWORD!! – Mike Ounsworth Apr 09 '20 at 17:50
@MikeOunsworth: I thought that was too obvious to write, but, fair enough. See edit. – einpoklum Apr 09 '20 at 17:59
1

Note that not all of those listed breaches include passwords. Data Enrichment Exposure, GeekedIn, and Verifications.io included email addresses but not passwords. You can see the write ups here: https://haveibeenpwned.com/PwnedWebsites – Fire Quacker Apr 09 '20 at 18:22
@FireQuacker: Thanks. See edit. – einpoklum Apr 09 '20 at 19:02

score 2 · Answer 3 · edited Apr 09 '20 at 19:15

This is a blackmail scheme that has been used for a while now. The text is very similar each time. They often include well known porn sites, which they claim you have visited. In many cases they just randomly guess right, which gives their claim more credit.

You personally cannot do much against such a widespread attack. You haven't been hand picked for this blackmail attempt, but are just a name on a list. You got on that list, because your password was leaked somewhere else and now they use this password to support their claim that they have actually hacked your system.

Change this password on all services which you are using it on and delete the mail. Case closed.

And if you used this password on more than one service, take this as a lesson and start using different passwords for all sites and services that you have an account on. A password manager can help you keep track of those passwords and make your life much easier and more secure.

Have gotten a blackmail email with a password of mine - what to do?

3 Answers3