Were you caught watching porn or using LinkedIn?

Phishing
  • Date : 21 July 2018
  • Time : 8 Min Read
  • Media Coverage : CBC

If you received an email like this one, we have good news and bad news for you:
You weren't caught looking at porn; however, your LinkedIn password was exposed 6 years ago.

We caught a new and frightening extortion scam that began around 5 July, 2018 and intensified this week. It’s attractive because it includes your password in the subject line and threatens to send a video of you watching porn to all of your contacts.

ThreeShield has concluded that the scammer is using email addresses and passwords from a 2012 LinkedIn hack of 164 million accounts. This list was publicly released in May 2016 and you’ve likely changed your password since then. However, if you reused this password on other sites without additional protection, those accounts have likely been compromised by now. How can you protect yourself from this type of breach?

  • Use multi-factor or two-step authentication (MFA) wherever you can. MFA sends a text message, call, or a phone app to add an additional layer of protection beyond your password. Here are links to set it up with popular services:
  • Use a password manager like LastPass or BitWarden to generate unique passwords, notify you of compromised passwords, identify reused passwords, and encourage automated password changes.
  • Train your employees to avoid phishing scams like this one by using a combination of phishing simulations and frequent, short courses. ThreeShield’s training information is at www.threeshield.ca/training.
  • Change your passwords whenever you receive a breach notification or at least once a year. LinkedIn users who did this in 2012 were protected for up to 4 years longer than those who didn't.
  • Subscribe to a password breach notification service. LastPass, ThreeShield’s training system, and http://www.haveibeenpwned.com would have all notified you if your LinkedIn password was compromised.

  • Update: 2018-07-21 5:06PM MT
    We are tracking 9 Bitcoin addresses associated with this scam dating back to July 5, 2018.
    24 victims have paid a total of 4.61461859 Bitcoins (approximately CAD$45,021.90) to these addresses

What our clients say about ThreeShield

ThreeShield
Scott

CTO, Tilia Inc. (Financial Technology and Online Payments)

" ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services. "

Noelle

IT Architect, Financial Technology and Online Retail

" Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security. "

ThreeShield
Brian

IT Security Director, Linden Lab (Virtual Reality)

" ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance.

All of this was achieved with minimal disruption to the engineering organization as a whole.

The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve. "

ThreeShield
Tara

Senior Director of Systems and Build Engineering

" ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead. By doing so ThreeShield really helped change the culture around security mindfulness is positive ways. "

Ready to get started?
Popular Technical Articles
Social sites
Tagscloud