Jim Fisher

This is a refreshed version of a previous article from over 2 years ago. I’ve recently received lots of phone calls recently about this scam. I do not know what may have happened to cause the uptick in this scam, but I thought it might be a good idea to refresh the memories of my reader.

The short story is that I received an email that threatened to send salacious pictures of me to all my friends unless I paid a ransom. Such an email is terrifying the first time you receive one, but I’ve since received hundreds of them since I wrote the original article. This is funnier if you read it in an evil Russian spy accent:

“FordF150 is your passphrase. Lets get straight to purpose. I actually installed a software on the a pornographic website you visited to experience fun (you know what I mean). When you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which provided me access to your display and web camera. Immediately after that, my software gathered every one of your contacts from your Messenger, FB, and emailaccount. After that I made a double video. First part shows the video you were watching (you have a fine taste : )), and second part displays the recording of your web camera, yea it is u.“

The email goes on to threaten to send the salacious video to all my friends unless I send them a $7,000 ransom within 24 hours. Is that scary or what? Well, since I have not subscribed to any website like that, I’m gonna say, “No.”

But there is something a bit unsettling about this that certainly got my attention. The password “FordF150” actually is a “throwaway” password I used long ago when I actually owned a Ford F150. I used it for one-time logins for websites such as newspapers that require an account to view an article. So how did they know my password?

These scammers know that most of us use the same password across many websites. Email and passwords have been stolen from legitimate websites such as Netflix over the years. These leaked email addresses and passwords are shared between scammers. They also know that many of us have signed up for naughty websites. Mix these facts together and you get a recipe for extortion. The scammers simply copied my stolen email address and password into their form letter and sent it to me hoping that I had signed up for some naughty website sometime in the past.

There is a website you can use to see if your email address and password has been hacked called haveibeenpwned.com. I plugged my email address in there and it does show that a trial account I used for Netflix was hacked back in 2014.

So what should you do if you receive one of these? First, give your cardiologist the good news that you passed a stress test. Next, calm down and ignore it. You aren’t about to be exposed. I promise.  

Jim Fisher owns Excel Computer Services in Florence. Reach him at www.ExcelAL.com