Scammer used information taken during LinkedIn’s data breach in 2016 to target our editor.

by Chris Burns

How ironic. I had completed our latest elearning module, Preventing Cyber Attacks, and pressed ‘Publish’. As I waited for the module to finish publishing, I checked my emails and there in the spam folder was an email that included one of my passwords in the title.

I checked the preview pane. The email was a blackmail threat that quoted personal information, including my old login details and password for LinkedIn, and claimed to have access to my PC, webcam, files, folders and browsing history.

The sender (‘Debby’) claimed:

‘I installed a software on the adult videos (pornographic) material web-site and do you know what, you visited this website to have fun (you know what I mean). While you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as email. after that I created a double video. 1st part displays the video you were viewing (you’ve got a nice taste haha), and next part shows the recording of your cam, yeah its you.’

The cyber-criminal demanded $899, to be paid through Bitcoin, and included a link to an account where the ransom should be paid. Then came the threat:

‘If I do not receive the Bitcoin, I will send your video recording to all of your contacts including family members, co-workers and so forth. If you really want proof, reply Yup then i will send out your video to your 9 friends. This is a non-negotiable offer, so don’t waste mine time and yours by replying to this e mail.’

Appalling grammar and punctuation aside, this is pretty nasty stuff.

Of course, it was obvious this was a scam. The password that the email quoted – although it was genuine – is no longer in use. The scammer had dug up my personally identifiable information, including my login and password, from a major data breach at LinkedIn in 2016.

I knew the scammer didn’t actually have anything embarrassing on me (Although I do enjoy my work – it’s not THAT kind of fun, Debby) but it was still a bit of a shock to see that old password.

What the attack did prove is how important it is to have secure passwords and to use different ones for different sites. I recognised the old LinkedIn password: I had changed it when LinkedIn warned me that my details had been stolen, which means the criminals can’t use it to log on to that site. But they know what it used to be. And that’s unsettling to say the least.

What to do (and not do) if you receive a similar email

  • Don’t panic. The cyber-attacker has your old password but they don’t have access to your computer. And even if you were looking at adult websites, they don’t have video of you doing so.
  • However, they might have access to the email account associated with the breach if you haven’t changed the password since your information was compromised. And that means they could try to log into other accounts using that password. So, do change your passwords – use a password manager if you need to.
  • Check Have I been pwned to find out if your email address has been compromised in a data breach (pwned).
  • Check here to see if your password has been pwned.
  • Report the email if possible. If you’re in the UK, you can use the Action Fraud website to report a phishing attempt if you have not lost any money or exposed your personal details. If you have lost money, you must report it as a crime.
  • Don’t open it, don’t reply, don’t open any attachments, don’t click any links, don’t enter any information into websites fetched by those links, and definitely don’t send any money.

Staff training is the most effective way to prevent cyber attacks. We’ve developed a short elearning module to help your people spot and deal with potential spear phishing attacks. Preventing Cyber Attacks is available to use immediately, or we can customise the content and design for your organisation.

Email info@ashfordgs.com or call us on 01962 624268 to find out more.