An Old-School Method for Avoiding Online Blackmail and Scams

The following is a guest blog post written by Greg Wotton, AloeRoot’s hardware technician:

Today I received an e-mail from potential blackmailers, claiming that a website I had used had software on it which allowed the blackmailers to record what was on my computer screen as well as what was happening on my webcam.

They claimed to have recorded a video of me “abusing myself”, on split-screen with a porn video. For only $7,000, they would agree not to send it out to my contact list. To make the scam seem even more legitimate, they included a password that I’ve actually used before on a website.

The Anatomy of a Scam:

Because I’m an old-school (or just old) computer person, I keep a physical book of my passwords and don’t reuse them on different sites. Every site and service has a different password; and some are similar to each other, but never the same. Because of this, I was able to determine that, although the e-mail/password combination was legitimate, it was one I’d used for LinkedIn back before their security breach in 2012. Since that password hasn’t been in use for six years, I can prove they didn’t get it by key-logging any of my current equipment and that they were trying to scam me.

Why You Shouldn’t Re-Use Passwords:

Had I been the kind of person who reused their passwords, there’s no way to know what website they got the password from, nor would I be able to comfortably ignore them, because I couldn’t be sure it was a scam (aside from the fact that I’m not known to engage in what they were accusing me of, but let’s assume for the sake of this blog post that many, many other people might get caught up in this trap).

If, for example, I’d reused that password for Facebook, Instagram, and the porn sites people generally frequent, then I might be really worried (or the theoretical person in the example would be worried). But because I knew it was my old LinkedIn password, and I changed it when the LinkedIn hack occurred six years ago, I can see that this was just a case of data-mining and not a security breach on any of my computers. (Also, most of my gear lacks cameras anyway, but this is really to make a point about security.)

Write Your Passwords Down. On Paper.

So here’s the important point I want to make: I really want people to make a book for all of their passwords, to keep track of which ones they use for what site, and to never re-use their passwords from one site to the next.

“Oh, if it’s in a book, someone can just look in the book. How is that secure?” But the chances of someone hacking your computer, or one of your accounts, FROM YOUR DESK is pretty close to nonexistent. That’s not how the world works now. If one site (LinkedIn, SONY, Dropbox, etc…) gets hacked and someone publishes the Username/Password list, all you have to do is change ONE password to protect yourself. If you’ve used that username and password combination elsewhere, you can be sure the hackers will check to see if it also fits your Facebook account, and any others you might not want hacked. If you only use a password once, and it shows up in a scam like this, you know which site it came from and whether you have a problem.

PLEASE make a book where you write down and use a unique, complex password for every website and service, and don’t save them to your computer’s password bank. The Internet is now a hostile place and everything you own is connected to it, or will be connected to it in the near future. It’s not a very hard change, and it could save you a lot of time, trouble, and potentially money in the long run!