Last night my middle school grand daughter got out her Chromebook to do some homework. Her dad, seeing a stirp of yellow paper at the top of the screen asked ” Is that a sticky note over your camera?”
“Yeah, a Sheriff told me I should.”
Good advise. Especially on a device that relies on being on-line with the Internet, being aware that bad people can hack into the systems and do things like turning on your camera, and take pictures of you, is wise.
There is an Internet scam going around that deals with this. The email comes in and the subject is something like “xyz123! is your password”.
Well, if you have ever used that as your password it will pique your interest! Then it says the sender has hacked your computer with malware, has got your personal information and wants you to send a payment in bitcoin to him and provides a link. Then, he says, if you don’t he will send the embarrassing or obscene or whatever videos he claims to have captured from your camera to all your contacts from your email or Facebook or whatever.
Wow, the guy must have actually hacked your computer – you got to send him the bitcoins – right? Well, absolutely not!
Lets go back – the thing that got your attention – the password! Okay, it is a password you have used – probably one that you used to log in to sites that didn’t really mean anything, maybe to get free access to something, a newsletter, a free game, almost anything. It could be a password you used on several sites like that figuring you would just get junk emails.
So that site could be a false front put up simply to gather email addresses (which are saleable in quantities) and —- PASSWORDS. So this “hacker” probably bought a list of email addresses and passwords (and whatever other information you gave to log in to the site) and he is in business.
If you do anything except delete the email and ignore it, he will probably get more info from you in his fishing expedition. And certainly if you send bitcoins to the link he provides that will be in his pocket (or more likely in some Russian, Chinese or Nigerian organization’s bank account).
Even if he did have all your contacts and compromising pictures what makes you think sending $600 worth of bitcoins (for some reason $600 seems to be the number they start with) will be the end of it? But, they won’t send anything to anyone – if they did it would make it a bigger crime and would make it much more likely that the FBI or someone would become involved and they could get caught.
If you get one of these emails, you probably will get more similar ones, from different email addresses. The list gets sold to more than one creep, they all figure that for a little work sending these emails hoping for a bite, they will get the payoff.
What should you do? Well first off, stop using throwaway passwords particularly on sites that you would not want to be hacked. Change your passwords regularly and make them something like “hjU^764Kkidrq!O0zl”.
You might create a throw away email on hotmail or yahoo or something using a fake name and fake info and use that when you sign into sites that don’t mean anything (or just don’t sign into those kinds of sites). And never, ever use the same user name and password on more than one site.