At ESET Ireland we’ve come across a novel twist on the usual “send money or bad things will happen” extortion spam email, hitting Irish mailboxes.
The extortion letter starts in the usual manner, showing a victim’s password, likely gathered from one of the major security breaches over the years, which the victim could recognise as their own, even if from many years ago:
“I know every dirty little secret about your life. To prove my point, tell me does Password1234 ring any bell to you? It was one of your passwords.
To start with, I know all of your passwords. I am aware of your whereabouts, what you eat, with whom you talk, every little thing you do in a day.”
But then it gets with the spirit of the strange times we’re living in and continues:
“If I want, I could even infect your whole family with the Coronavirus, reveal all of your secrets. There are countless things I can do.”
And then it’s back to the usual routine:
“You need to pay me $4000. You’ll make the payment via Bitcoin.”
Followed with a repeated threat:
“You have 24 hours to make the payment. If I do not get the payment, I will infect every member of your family with the Coronavirus. I will completely ruin your life.”
If you follow normal password hygiene and change your passwords occasionally, then such messages, even if they reveal an old password of yours, wouldn’t scare you. They’re usually a bluff. But even if you don’t, while the person could abuse your login details for a variety of malicious actions, science has so far not yet explained, how would infecting with Coronavirus work via the internet. So there’s at least that one thing less to worry about.
written by Urban Schrott, ESET Ireland