Imagine my surprise toΒ open an email and learn that I was about to send pornography and video footage to ten randomly selected individuals from my contact list, should I not comply with the demands of $2,000 in bitcoins within 24 hours. Where my heart skipped a beat was in the subject line that included an old password and the first sentence of the email that included the same password.
Here’s how the email started:
“πΈπ πππππ ππππ, ——–, ππ π’πππ πππππ πππ.”
According to our security experts, this password could have been harvested years ago, stored on the dark web and then sold to scammers –some nefarious individual(s) with too much time on their hands.
After more deep breathing and internet searches, I found this to be an old scam but with a new scarier twist, the revealing of a password. It also listed how many days the scammer had been capturing information about me – 182 days.
What did I do? After a few more deep breaths, I did the following:
- Sent the email with headers to abuse@ksu.edu.
- Discussed the email with our technical support staff
- Checked the scams blog to determine if this had been reported
- Changed my password on every system where I had used the old password.
- Ran malware software on my computer
- Deleted the email
- Remain vigilant about scams
A couple of red flags I noted from the email were the urgency and intimidation of the request (πππππππ π’πππ ππππ πππππππππ πππ πππ ππ ππππππ ππ ππππ’-ππππ πππππ), the demand for money (πΏπππππππ $ πΈπΆπΆπΆ ππ πππππππ πππ ππππ ππππ ππ πππ πππππ πππππππ), the email from an individual I didn’t know (mpnaneteps@hotmail.com), poorly worded email and incorrect use of capitalization.
The university has been busy processing these scams over the last week. If you are unsure about an email send to abuse and then delete. My mantra continues, when in doubt don’t give it out (your credentials).
