Latest Scam Email Has Your Real Password Inside: Here’s How They Got It

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

The latest email scam going around is eye-opening because it contains a key piece of information: your real password.

Many times, a scam email is pretty easy to spot — the spelling is bad and some of the things just don't make sense.

But the latest email scam not only contains a blackmail threat but also your actual password, which is sure to raise some eyebrows about those questioning its authenticity.

The message says it has a compromising video of you, taken from your computer's webcam during a visit to an adult website. There's also a request to pay up to keep the video private. If you don't, the video will be released to friends and family.

"It's just straight blackmail," stated Rachel Plecas, an expert in email spam, viruses and ransomware at MailRoute, a company that helps protect corporate email accounts from damaging messages.

"The thing that’s really interesting about this particular scam is that it’s not a traditional email scam," Plecas said.

That’s because the message doesn’t contain a virus, malware or even a phishing link to steal your personal information.

Also, you might get it electronically by email or even printed and sent to you through regular mail.

"This is a purely psychological attack. It’s fear-based," said Plecas.

The most eye-catching aspect of the email: It contains one of your real passwords. So how did they get it? It was likely scooped up from a recent hack at one of the major websites.

A quick look at the website Have I Been Pwned reveals at least 300 websites breached and over 5 billion passwords floating around from them.

One more reason why you shouldn't reuse passwords and use a password manager like LastPass (free) or Dashlane ($60/year) to generate strong, unique passwords.

The email seems to originate from here in the United States, but it asks for payment in Bitcoin. Many people would have a hard time figuring out how to pay up.

Bottom line: The email is bogus and you can ignore it.

"I’d really like to reassure people it’s not real, don’t panic," Plecas said. "Yes, they’re preying on your fears, but they can’t really hurt you."

You can use your email providers function to report the email as spam or if you got it through regular mail, you can get in touch with the U.S. Postal Inspector.

Listen about the importance of Two-Factor Authentication and how it can help protect your personal information in the latest Rich on Tech podcast.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.