So two days ago I was checking my email and a curios message popped up from someone calling themselves Cora Duran. The title read “Topic – password.” It actually didn’t say “password” but instead used an old password of mine that I haven’t used for about twenty years. My interest peaked, I read the email. I have since deleted it so this isn’t the actual text, but it is very similar. According to some research I did about this scam they’re all worded just about the same.
It was almost identical to this:
Except the email I got stated, “Pay me $192 in bitcoin or I will release this video to all your friends and family. You have one day to comply!” and it didn’t have all weird accents.
I’ve seen countless internet scams but not this one before. Turns out it’s very common. And amazingly some people fall for it. It was huge in 2019 and has once again picked up steam.
Sounds scary, right? Except for a couple problems. I have never owned a webcam so there is no video of me choking the chicken. It simply doesn’t exist. Sorry, Bear. 😉 Further, I don’t have a Facebook account, or Instagram, or any of that other crap. AND wouldn’t a proper blackmailer send you a copy of said video to prove they actually have it? No. They threaten to send it five people you know if you ask for proof. If you do that then there’s no reason to pay you anyway, dumbfucks.
So checkmate, fucker!
I didn’t send them shit. No bitcoins for you, bitch! And they said I had one day to comply. That time period is long expired and none of my friends or relatives have contacted me to laugh at or shame me.
But the password they claimed to have was indeed real as I previously stated. So I looked into it. One site on this topic stated,
The last piece of ‘evidence’ the crooks give in this attack is to ‘prove’ that they do have access to your computer by including a password of yours.
Often, the password you’ll see really is (or was) one of yours, but it’s usually very old and you almost certainly changed it years ago.
And that’s exactly what it was. But how did they get? So I looked into that too. Another website stated,
Other versions of this phishing attack include one of the recipients’ passwords and/or part of a phone number. These have usually been obtained from one of the security breaches that have exposed details of billions of users.
So I went to this site, Have I Been Pwned to check if that’s what happened. And the answer was yes. I was “pwned” twice. These were the two incidents:
Collection #1 (unverified): In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services.
xploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Exploit.In”. The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password.
Whatever. Hey, I’m no saint. I used to visit porn sites when I was younger but ceased that activity in 2010 when I met my wife because I respect her. In the end, I just wanted to make people aware of another liberal scam . . . yes, I blame the liberals because who else would such an underhanded thing? So if you get an email like this, simply delete it. It’s a fraud.
Except you, Jay. Pay them.
God only knows how many perversions he’s committed with his webcam. 😉