There is a scam named "Sextortion" claiming that scammers have installed malware on your computer and contains your real password. According to reports, the email states that they have your password and victim’s computer was infected with malware while he visited a porn site. The attacker also claims he has recorded videos of victim visiting the porn site using the webcam and threatens to release the videos to all your contacts unless the victim pays a bitcoin ransom.
Even though the email is just a scam and attacker doesn’t have any videos of recipients, but the email contains the real password used by the recipient making it more convincing for the recipients to fall for the scam. The password will be either recipient current password or formerly used password which in some cases goes back to ten years older passwords. If the password looks familiar to you, you likely are one the (very many) people who reuse the same password for multiple sites like hkust, gmail, hotmail, etc. According to reports, scammers may have got the password in any one of the data breaches happened in the last decade.
More information about this scam can be found at :
- Does Sextortion Scam knows your Password? Do Not Panic & Pay! (Secure Reading 15/7/18)
- Sextortion Scam Uses Recipient’s Hacked Passwords (Krebs on Security, 12/7/18)
This is just a scam, and they do not have malware installed on your computer and videos of you, but if you are still using the password mentioned in that email, you are advised to change it immediately. In order to avoid being victimized by such a scam, it’s important to take the following actions:
- Do not use the same password for multiple sites.
- Use unique password for your HKUST account.
- Change passwords regularly
- If you receive a suspicious or threatening email, do not click on any links or download any attachments.