So I am trying to figure out how to respond to a potential threat.
I got an email this morning that contains a variation of my least secret password. It’s the password I use at sites I don’t care about. Sites where I don’t have a profile and don’t pay for anything. Sites like Udemy or Pinterest (I guess Pinterest, although I looked through Lastpass and see I have a strong password for Pinterest, which I can’t even believe I have, because I actually hate Pinterest and how it forces me to log in to see a picture from Google results. But I digress). The email was written in English by someone without strong English language skills. I think it says it has video of me watching videos as well as all my contacts from FB and my address book. It says I have to give bitcoin or it will embarrass me.
First, this is so fucked up.
I guess it means (or is trying to suggest) that it has video of me jacking off? Who wants to see that? Second, how compromising can this video be? I mean, I guess it’s from the little built-in camera in the lid? Well, shit. That’s just going to show me squinting at the screen. How compromising is that? I think it says it’s going to release the URL of the video, which now THAT could be compromising. But fuck it, I will just DENY EVERYTHING like a future SUPREME COURT JUSTICE.
It says if I give it some bitcoin it will delete all the images and we will be cool. I’m NOT going to do that. But seriously: (really) what should I do?
I’ve never gotten a request like this before.
(And I know I’ve written this in a silly way, and it’s okay to goof around in this thread, but I am seriously interested about what to do, so please offer any thoughts you have, along with any silliness, although silliness certainly isn’t required).
Here is what I’ve done so far:
- I scanned my PC and found two potential threats the Win10 machine. My (quick) research indicates these threats are the kind that pop up ad and take over your browser, but that’s not anything like the threat in this email.
- I looked at Lastpass to see the places I’ve used that password at recently. Nothing really popped up to the top of the list.
- I have thought about the meaning of the way it contacted me and the password it revealed. It sent the email to a custom address, but I use the address everywhere and it’s mapped to my name (tim @ telhajj . com) I’m not sure how much the revealed password (which isn’t an exact match, but is pretty darn close) or the email it used should factor into my analysis.
- I wrote this thread.
Thoughts? Ideas? What else should I do?
Has anyone had anything similar? I’ve heard about ransome happening to big companies, but I’ve never had it happen to me. I have had my share of Nigerian scam letters, but never the password thing. It’s pretty effective! If nothing else, I guess I wrote this.