‘We have your password’

By Jason McNicholas
Cyber Security Apprentice

A Family member came to me saying that they received this Scam email from their own account which included her actual password, the Email however, went into spam.
This is an example of credential stuffing for blackmail/extortion. If you receive an Email like this it’s extremely unlikely that they will carry out their threat and the best thing to do is change your account passwords and ignore it.
There are quite a few red flags that make it obvious that this is a template that is sent out to many people with the hopes of scaring at least some of them into paying.
What makes it clear that this is fake is that they have stated that there’s a video from a webcam but the user didn’t actually have a webcam.
The language used is obviously meant to scare the user by threatening to send the exposure video to their contacts. The broken English did make it comical at times however.
The password in question which was on the email and was, in fact, used by the user on multiple accounts, not the Email address however which points to an Email spoof, using the haveibeenpwned service it came up that the password was in 4 separate breaches, as was the email address, the latest of which was in the Collection#1 Data Breach in January 2019.
Takeaway points:
• Do not use the same password over multiple accounts. Attackers often publish passwords that they find – hence the ability to scare you into thinking they have your current password.
• Take a look at haveibeenpwned.com to see if a password has been found for any of your accounts on the internet.
• Try not to panic when you receive something like this. Calmly change all accounts where you think this password may have been used.
• Just because someone has a password you have used in the past, it doesn’t mean they have your current password. If you have reason to believe that the attacker has access to any of your systems, contact Action Fraud via their website: https://www.actionfraud.police.uk/ or call 0300 123 2040