Latest spam CryptoBlackmail – Bitcoin demands for compromised passwords

Latest spam CryptoBlackmail – Bitcoin demands for compromised passwords

Latest spam CryptoBlackmail – Bitcoin demands for compromised passwords 150 150 Small Business IT Solutions

what is crypto image

Had a few calls and emails from concerned clients regarding the latest wave of spam demanding bitcoins – which appears to be known as CryptoBlackmail.

So, what is CryptoBlackmail ?

Like traditional blackmail, cryptoblackmail is a “pay up or or else” style threat with the demand for payment being in cryptocurrency. Cryptocurrency tends to be harder to track and payments can not be revered.

Here is a typical example of the email, which normally starts with the line

I am well aware XXXXX is your passphrase. Lets get straight to the point. You don’t know me and you’re most likely wondering why you are getting this mail? No-one has compensated me to check you.

Example of cryptoblackmail email

As with other spam demands, i.e technical support “you have been infected” email, you should NOT pay any demand.  Most of these type of scams work on the principle if you hit enough people, someone will pay up eventually, either out of misplaced fear or ignorance.

Nothing personal but ….

The most important thing to know is that is not a targeted attack against your personally.

If the email includes one of your passwords, this has mostly likely come from a data breach on one of the websites you use.

You can check for your email and password being leaked on the great site, put together by well know security expertTroy Hunt, called Have I Been Pwned .  Troy’s site allows you to see data which has comes from “breaches” where data is exposed to persons that should not have been able to view it.

How to protect yourself

As listed on many websites, there are a  few simple steps to help protect yourself :

  • Don’t use the same passwords – If you were sent an email which contained one of your passwords, it’s very likely that password was from one of the leaked password databases available on the internet. You should never re-use passwords between websites and, if you are re-using that leaked password on any other websites, you should change it right now. Use strong, unique passwords, especially for important accounts.
  • Change Your Passwords –  If you’re using weak passwords or you’re re-using passwords on multiple websites, it is highly recommended that you should change it.
  • Enable Two-Factor Authentication –  To help secure your sensitive accounts such as  like your email, social media and bank accounts, where possible it is recommend to enabling two-factor authentication. Two factor authentication or 2FA  means that you must enter a security code each time you sign in these accounts from a new device.  The 2FA code will be sent to your phone number via text message or generated in an app on your phone.
  • Make sure your computer is secure  – Make sure your computer is up-to-date with the latest security updates and antivirus software.

The most important thing to do—aside from never paying the scammers—is to ensure you aren’t re-using passwords, especially if they’ve already leaked. Use strong, unique passwords and you won’t have to worry about password leaks. Just change a single password whenever there’s a leak—the service that suffered the password breach on will generally force you to change the password, anyway—and you’re done.