In the recent "Sextortion" campaign, attackers used one of the victim's actual compromised passwords to try to convince the victim that they had access to the victim's system and had recorded video of them watching pornography. The hacks were false; in reality, the attackers used old data breaches and had only passwords, names, and email addresses with which to work. Nonetheless, the threat of potential exposure of claimed browsing habits was an enticing lead-in to "give me some money". Five key takeaways to avoid being caught by phishing:
- Avoid clicking on links and attachments in email
- Urgency should be a giant red flag
- Don't re-use passwords
- Don't respond to spam or phishing emails
- Don't pay off extortionists
Read more at https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/