{"id":142,"date":"2018-11-29T16:21:11","date_gmt":"2018-11-29T16:21:11","guid":{"rendered":"http:\/\/scaine.net\/kb\/?p=142"},"modified":"2021-07-15T09:25:16","modified_gmt":"2021-07-15T09:25:16","slug":"sextortion-phishing-and-you","status":"publish","type":"post","link":"http:\/\/scaine.net\/kb\/the-internet\/sextortion-phishing-and-you\/","title":{"rendered":"Sextortion, phishing and you"},"content":{"rendered":"<div class=\"author author-section\">\n<p><em>What is it?<\/em><\/p>\n<\/div>\n<div class=\"description-text-bigger no-padding card-view\">\n<p>Sextortion is a label given to phishing emails that claim to have recorded you while browsing pornography. The \u201chacker\u201d claims that he used your password to gain entry to your computer, then used the webcam to film you. The reason these sound so convincing (to many) is that the phishing email actually includes your password, lending credence to the story!<\/p>\n<p><em>How do they know my password??<\/em><br \/>\nData breaches are happening constantly and often the breach will include your password, along with your email address. The hackers are simply leveraging that against you to extort money. My own email address has so far been involved in 12 breaches, such as the 2013 Dropbox breach, the 2017 Disqus breach and a host of others, such as Kickstarter, LinkedIn and Last.fm.<\/p>\n<p>Prominent security expert, Troy Hunt, runs a website which can check if your email address has ever been included in one of the many data breaches over the years. Just put your email address into\u00a0<a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/haveibeenpwned.com<\/a>\u00a0to see if any of the breaches might affect you.<\/p>\n<p>If so, then there\u2019s a good chance that you\u2019ll get one of these sextortion phishes.<\/p>\n<p><em>So I\u2019ve been hacked?<\/em><br \/>\nNo, there is absolutely no evidence that this is anything other than a sordid scam. Hackers are\u00a0<em>not\u00a0<\/em>breaking into your computer just because they know one of the passwords for one (or more) of the websites you use. They\u2019re simply relying on your emotional response to pay up, sometimes to the tune of thousands of pounds.<\/p>\n<p><em>What should I do?<\/em><br \/>\nIf you still use that password anywhere, change it immediately. This really brings home the need to\u00a0<em>never<\/em>\u00a0re-use your passwords \u2013 always have a unique password for every account or site you visit.<\/p>\n<p>That would normally be impossible, but you should also be using a password manager which can do exactly that. In the past, I\u2019ve talked about Lastpass, and that remains a great option. However, any of the popular options will work, as long as you use it with two-factor authentication (2FA).<\/p>\n<p>Otherwise, the advice is of course to\u00a0<em>not\u00a0<\/em>pay the ransom. Incredibly, the scammers have reportedly already reaped nearly half a million pounds from this type of phish, but there\u2019s absolutely no need to pay.<\/p>\n<p><em>More information<\/em><br \/>\nThe BBC recently covered this very topic on their BBC Trending page. You can watch the short video here: <a href=\"https:\/\/www.bbc.co.uk\/news\/av\/stories-46323625\/what-happened-when-sextortion-scammers-targeted-a-bbc-trending-reporter\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.bbc.co.uk\/news\/av\/stories-46323625\/what-happened-when-sextortion-scammers-targeted-a-bbc-trending-reporter<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>What is it? Sextortion is a label given to phishing emails that claim to have recorded you while browsing pornography. The \u201chacker\u201d claims that he used your password to gain entry to your computer, then used the webcam to film you. The reason these sound so convincing (to many) is that the phishing email actually [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_expiration-date-status":"saved","_expiration-date":0,"_expiration-date-type":"","_expiration-date-categories":[],"_expiration-date-options":[]},"categories":[3],"tags":[],"_links":{"self":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/142"}],"collection":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/comments?post=142"}],"version-history":[{"count":3,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/142\/revisions"}],"predecessor-version":[{"id":188,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/142\/revisions\/188"}],"wp:attachment":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/media?parent=142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/categories?post=142"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/tags?post=142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}