In the past 48 hours, security operators have seen a new ‘sextortion’ message begin popping up in client inboxes almost everywhere.
The most frightening part of this message is that it lists a password either in the subject line or the first sentence.
This password probably looks familiar, and if you’re one of the (too many!!!) people who reuse the same password for multiple sites (or everything), then this email seems very concerning.
We received a notification from a client that they had received something much like the following message:
Our customer indicated this was a password they currently used, and they were justifiably concerned that the threat was factual. We advised to customer to change all of their passwords to everything, being especially mindful to reset this password any place it was used in conjunction with the email address which had received the warning.
Upon conducting some research, we found that this customer’s password was compromised in two separate data breaches and associated with that email address as part of those breaches. We then found others who had received that same email—some indicating it was their current password which was compromised, others indicating it was a password they had used one time on one system years ago, but had long since been changed.
Our hypothesis is that the scammer has accessed data from a breached site and is mass mailing this threatening message to all email addresses contained in that data in order to extort money in the form of Bitcoin. This hypothesis seems to be born out by the facts above.
What you can do…
In order to avoid being victimized by such a scam, it’s important to take the following actions:
• Do not use the same password for multiple sites
• Change passwords regularly
• Review sites like https://haveibeenpwned.com/ in order to determine whether or not an account of yours has been compromised
• If you receive a suspicious or threatening email, do not click on any links or download any attachments. Contact your IT or security team immediately.
Thankfully this particular case seems to be a false alarm. In order to more fully protect your email system, please contact us about our Email Security solutions today.