Now that we have your attention...
The following email text has been received by multiple contacts. Although the original email contains a user's accurate password, in the opening sentence, it has been verified that this action was not possible and no ill-effects were realized by the parties involved. Their contacts did not receive explicit videos, even though a ransom was not paid.
However, this serves as a real-life, close-to-home example of what the outcome of the plethora of modern data breaches is. We learn daily of another cyber-attack where user information is compromised. If you receive an email indicating that your password has been compromised, if you don't remember the last time you changed our password, you use the same password for all log-ins, or if your password is "password" (please don't tell your DCNC tech if this is the case, because they may actually laugh outloud), we strongly suggest you proactively change your password.
Here some current suggestions for creating a secure password.
-Create a pass-phrase; make your password a series of words that you will remember and that is harder to guess than a series of numbers.
-Replace letters with numbers; @=a, 3=e, $=s, etc.
-Put a punctuation mark at the end; this makes it easy to change your password periodically by just working your way along the symbols line to update your password.
-Include random capital letters in unexpected places.
-Include the year when you are required to use numbers; this helps you remember the last time you changed your password. If it says 2017, it's time to change it.
In case you were wondering what the email might look like. Below is the exact text that was sent to us.
"I am aware, XXXXX1234!, is your pass word. You do not know me and you're most likely thinking why you are getting this mail, correct?
In fact, I actually installed a malware on the adult video clips (sexually graphic) web site and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated operating as a RDP (Remote control Desktop) that has a keylogger which gave me access to your display as well as webcam. Immediately after that, my software gathered every one of your contacts from your Messenger, social networks, and email.
What exactly did I do?
I made a double-screen video. 1st part shows the video you were watching (you have a good taste haha), and 2nd part displays the recording of your web cam.
What should you do?
Well, in my opinion, $2900 is a reasonable price for our little secret. You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address: 12nz596y8CzFpFQDr5LHXszqFmZmN6TSZc
(It is cAsE sensitive, so copy and paste it)
You have one day in order to make the payment. (I've a specific pixel within this email message, and at this moment I know that you have read through this e-mail). If I don't get the BitCoins, I definitely will send out your video to all of your contacts including family members, co-workers, and so on. Nevertheless, if I receive the payment, I will erase the video immidiately. If you want proof, reply with "Yes!" and I will certainly send out your video to your 13 friends. This is the non-negotiable offer, and so do not waste my personal time and yours by replying to this message."
Because there are multiple sites on the dark web that will provide a malicious user with your personal information, the fact that this email contained a valid email user password was alarming but not surprising. The parties involved were rightly disturbed and took proactive measures, without falling prey to some criminal's money making scheme.