Scammer knows an old but genuine password

[4k4uNuNu]

This spooked me a little, good job I keep up to date with scams otherwise I might have fallen for it.

Got a spam email with one of my old passwords in it, a genuine one for a now defunct retailer. They were claiming, with very poor English, that they had control of my PC. Obviously some hacker has got hold of the email/passwords/god only knows what else and sold it to scammers and those scammers are now pretending they have control and are demanding money (in bitcoin, rolleyes) to release it.

I'm guessing this is an old scam, but I've never had it happen to me before. Disturbing to know what other info they have of me.

A nice reminder to always use different passwords for places as so many of them get hacked and have data breaches.

(and no, the password wasn't obvious like 12345, I only use that on my luggage)

 

[4k4uNuNu]

I found the same recently in the "bulk mail/spam/scam" folder for one of my email addresses. A password I used years ago for something, I forget what. A bit startling to see it, but the rest of the email proved that it was a scam. It was the classic "you've been watching porn and I've taken control of your computer and used your webcam to make a video of you *******" one. Yeah, right. They used the webcam I don't have to make the video they haven't shown me. They also made the threat too specific - they would send the video to the 22 people linked to my Facebook account. The Facebook account I don't have, but even if I did what's the chance of me having exactly 22 people on my friends list or whatever it is on Facebook? Amateur hour at the scammers - a scammer should only imply they have information they don't have. The more specific a scammer is about it, the more likely they are to be wrong about it and thus tip off their target. Also, I wouldn't care much if they really did have such a video and they did send it to people. I certainly wouldn't care US$6500 worth. But the scammer couldn't know that.

It's a standard tactic - acquire one piece of genuine information on the target and try to use that to manipulate them into believing you have a lot more information on them. Given that it's now routine for companies to have breaches and for data on huge numbers of people to be stolen, obtaining one piece of genuine information for each of a very large number of people is easy. A scammer only needs a very low success rate if they can reach at least tens of thousands of potential targets.

It's funny that they seem to word it like they've been put out by knowing the password and need to be "compensated" for it