If you received an email like this one, we have good news and bad news for you:
You weren't caught looking at porn; however, your LinkedIn password was exposed 6 years ago.
We caught a new and frightening extortion scam that began around 5 July, 2018 and intensified this week. It’s attractive because it includes your password in the subject line and threatens to send a video of you watching porn to all of your contacts.
ThreeShield has concluded that the scammer is using email addresses and passwords from a 2012 LinkedIn hack of 164 million accounts. This list was publicly released in May 2016 and you’ve likely changed your password since then. However, if you reused this password on other sites without additional protection, those accounts have likely been compromised by now. How can you protect yourself from this type of breach?
- Use multi-factor or two-step authentication (MFA) wherever you can. MFA sends a text message, call, or a phone app to add an additional layer of protection beyond your password. Here are links to set it up with popular services:
- Use a password manager like LastPass or BitWarden to generate unique passwords, notify you of compromised passwords, identify reused passwords, and encourage automated password changes.
- Train your employees to avoid phishing scams like this one by using a combination of phishing simulations and frequent, short courses. ThreeShield’s training information is at www.threeshield.ca/training.
- Change your passwords whenever you receive a breach notification or at least once a year. LinkedIn users who did this in 2012 were protected for up to 4 years longer than those who didn't.
- Subscribe to a password breach notification service. LastPass, ThreeShield’s training system, and http://www.haveibeenpwned.com would have all notified you if your LinkedIn password was compromised.
Update: 2018-07-21 5:06PM MT
We are tracking 9 Bitcoin addresses associated with this scam dating back to July 5, 2018.
24 victims have paid a total of 4.61461859 Bitcoins (approximately CAD$45,021.90) to these addresses
What our clients say about ThreeShield
CTO, Tilia Inc. (Financial Technology and Online Payments)
" ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services. "
IT Architect, Financial Technology and Online Retail
" Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security. "
IT Security Director, Linden Lab (Virtual Reality)
" ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance.
All of this was achieved with minimal disruption to the engineering organization as a whole.
The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve. "
Senior Director of Systems and Build Engineering
" ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead. By doing so ThreeShield really helped change the culture around security mindfulness is positive ways. "
Popular Technical Articles
16 January 2023
26 March 2021