Dump Password Scam

Every once and a while, I check my email’s spam folder for fun phishing attempts and stumped upon one in particular that was rather interesting:

Title: [Some old password]

Actually, I placed a virus on the xXx vids (sex sites) site & guess what, you visited this web site to have fun. While you were viewing videos, your web browser started working as a Remote Desktop having a keylogger which gave me accessibility to your display and also cam recording.
Just after that, my software collected all your contacts from your Messenger, social networks, and email.
[Some old password] is one of your passwords.
if you send me $986 as a donation through Bitcoin, I will erase the recording immediately.
(search for in Google "how to buy bitcoin"). my BTC Address: [A brand new bitcoin wallet address with zero transactions]
If I don't get the BitCoins in 24hrs, I will definately send your video to all of your contacts, don't.reply to this email it's hacked. WxEQ

Of course it goes without saying, This is “definately”1 non-sense, yet you might ask how did he managed to get the old password?

This answer is from one of many data breaches that happens almost every few months. Almost every major company had a data breach in some point (Adobe, Dropbox, LinkedIn, …) and you can check your email using one of the following services:

have i been pwned?#

have i been pwned? checks if you have an account that has been compromised in a data breach and offer to notify you if your email appears in any public accounts dump or spam list.

Hacked Emails#

Hacked Emails very similar to have i been pwned? but requires email verification before checking your email against it’s database of public data breaches.

DeHashed#

DeHashed is similar to the other solutions but it takes this process one step further by offers a cheap subscription plan that allows anyone to get the list of publicly plaintext password for any email address.

If you happen to receive a similar email, you can report the bitcoin address to:

Bitcoin Abuse Database#

BitcoinAbuse.com2 is a public database of bitcoin addresses used by scammers, hackers, and criminals. Bitcoin is anonymous if used perfectly. Luckily, no one is perfect. Even hackers make mistakes. It only takes one slip to link stolen bitcoin to a hacker’s their real identity. It is our hope that by making a public database of bitcoin addresses used by criminals it will be harder for criminals to convert the digital currency back into fiat money.


  1. The miss-spelling was intentional. ↩︎

  2. https://www.bitcoinabuse.com/faq ↩︎