A warning from cyber security experts: don't respond to the latest phishing scam in your inbox. If you do respond, it won't end well.
San Diego resident Gena Barney Dean was about to hit "delete" on the strange email in her inbox.
“It was my personal email. It was Gmail and came on my phone and the message popped up,” she said.
But this one gave her pause. In the subject line was an old password of hers, one that only she would know, or so she thought.
“At first, I kind of panicked, like wait, what is this attached to? But then, I saw how he planned to blackmail me. I thought, ‘Oh, this is crazy,’” she recalled.
She started combing through her other passwords to make sure nothing else was connected to it. The email had no format and it was strangely threatening. She read a portion of what it said.
“I’m not going to ignore your unacceptable attitude. My eyes are locked on you. Stop, chilling at home all the time and things. If you think you can simply dismiss the email and go on with your life, you are unquestionably blank blank blank,” she read.
There's quite a bit of profanity in the email.
The scammer then asked for payment in the form of Bitcoin.
Donald McLaughlin, lead consultant for the Denver-based CP Cyber says there's a reason for it.
“It’s most likely fake, and the extreme profanity is a psychological tactic in social engineering used to instill fear and urgency and gets people worked up with that type of language, so they’re more likely to respond quicker and irrationally,” he said.
The cybersecurity firm has seen this before. There's no way of tracking where the email came from unless you engage and respond, which they don't recommend.
“You have a 50/50 chance of them not posting something, and if they really do have something they’re blackmailing you for, they’ll ask or more money or they’ll post it,” he explained.
He says the scammers are sophisticated. They look at previous data breaches for personal information. They use legitimate domains and emails to get through filters. He suggests immediately changing all your passwords and any variation of that password.
McLaughlin advises not clicking on links inside the email, immediately block the sender, and use a site that keeps track of all your passwords, so you don't have the same one for everything.
He recommends password managers like LastPass, Dashlane, and 1Password. You can also enter your email into sites like AmIBreached.com and HaveIBeenPwned.com to verify whether you are on any known breaches. He reminds people not to enter a password or any other personally identifiable information.
And if you've already responded?
“If you’ve responded go to your accounts, anything online, set it to private, lock it down and it’s damage control at that point,” he said.
As for Dean, she didn't respond, but she did break one of the scam artist's rules in telling us about the email.
"I'm not scared,” she said, laughing. “He has nothing on me."