Last year alone, we saw 14.9 billion raw identity records circulating in underground communities. While a large portion of those were recirculating old passwords, this doesn't stop cyber criminals from using them to their advantage. Along with the billions of passwords to choose from, our personal information --- used as bait --- is up for grabs as well.
As cyber criminals increasingly become more creative and personal, consumers need to be aware of the latest hoaxes and scams but that's not always possible. If you're not reading security related news articles regularly, how are you supposed to keep up to date?
We need to become way more creative and organized when it comes to combatting cybercrime: work together to surface insider threats compromising businesses and their consumers, unmask bad actors conducting malicious campaigns, educate each other across companies and organizations on the latest tactics, trends and strategies, and disseminate information and awareness to all levels of consumers is a good start.
Here’s a clever new twist on an old email scam. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address. The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo: “I’m aware that <substitute password formerly used by recipient> is your password,” reads the salutation. The rest is formulaic.