Were you caught watching porn or using LinkedIn?

21 July 2018 · Phishing and Fraud

If you received an email like this one, we have good news and bad news for you:
You weren't caught looking at porn; however, your LinkedIn password was exposed 6 years ago.

We caught a new and frightening extortion scam that began around 5 July, 2018 and intensified this week. It’s attractive because it includes your password in the subject line and threatens to send a video of you watching porn to all of your contacts.

ThreeShield has concluded that the scammer is using email addresses and passwords from a 2012 LinkedIn hack of 164 million accounts. This list was publicly released in May 2016 and you’ve likely changed your password since then. However, if you reused this password on other sites without additional protection, those accounts have likely been compromised by now. How can you protect yourself from this type of breach?

  1. Use multi-factor or two-step authentication (MFA) wherever you can. MFA sends a text message, call, or a phone app to add an additional layer of protection beyond your password. Here are links to set it up with popular services:
  2. Use a password manager like LastPass to generate unique passwords, notify you of compromised passwords, identify reused passwords, and encourage automated password changes.
    If you use this link to sign up, you’ll get a free month of their premium service: https://lastpass.com/f?4638226.*
  3. Train your employees to avoid phishing scams like this one by using a combination of phishing simulations and frequent, short courses. ThreeShield’s training information is at www.threeshield.ca/training.
  4. Change your passwords whenever you receive a breach notification or at least once a year. LinkedIn users who did this in 2012 were protected for up to 4 years longer than those who didn't.
  5. Subscribe to a password breach notification service. LastPass, ThreeShield’s training system, and http://www.haveibeenpwned.com would have all notified you if your LinkedIn password was compromised.

Update: 2018-07-21 5:06PM MT
We are tracking 9 Bitcoin addresses associated with this scam dating back to July 5, 2018.
24 victims have paid a total of 4.61461859 Bitcoins (approximately CAD$45,021.90) to these addresses
*ThreeShield doesn't sell LastPass; however, if you use the link, you and ThreeShield will both get a free month of LastPass Premium.