Cyber news, tools & one smart career path.
5 min read
Quick Reality Check
A new wave of sextortion scams is hitting inboxes, and this time they’ve added a specific bait to make you panic. Security researchers found that attackers are using real passwords they’ve scraped from public, disposable inbox services to make their threats look legitimate
What happened:
Scammers send an email claiming they’ve hacked your webcam and recorded you in compromising moments. To prove they aren't bluffing, they include a password you’ve actually used in the past. They aren't master hackers who broke into your system.
Instead, they are monitoring "temporary" email services like FakeMailGenerator. These inboxes are often completely public. Anyone with the URL can see the mail inside. Attackers search these archives for password reset notifications or account sign-ups, grab the credentials, and then pair them with your email address to make the extortion attempt feel personal.
Why it matters:
By showing you a real password, these criminals bypass your skepticism and trigger instant fear. When you’re in a state of panic, you’re more likely to ignore the contradictions in the email, like the sender claiming they’ve already removed the malware while simultaneously threatening you with it. The scammer is betting fear will beat logic
Read more here
60-Second Protection Fix
Here is what I recommend you do:
-
Check if your password was leaked. Go to haveibeenpwned.com, put in your password (not your email first, just the password), and see if it shows up in a breach. If it does, that's your sign this scam targets you because your credentials are public.
-
Change that password everywhere. If your password is out there, change it immediately on any account where you used it. Use a password manager to create a new, unique password for each account so this doesn't happen again.
-
Cover your webcam. Physically block it. Tape, a slider, a dedicated cover. Even if somehow someone did have access, they're seeing nothing
-
Keep your software updated. Webcam access usually comes through unpatched software vulnerabilities. Auto-update everything: your operating system, your browser, your apps. Patches close the doors hackers try to slip through.
-
Enable two-factor authentication. If scammers somehow get your password, 2FA stops them cold. They need a second code they can't get.
-
Don't pay. This is the key one. These emails are extortion attempts. Paying teaches them it works and puts you on a list to target again.
Must-Have Tool:
Your email could be sitting in dozens of old breaches without you knowing it. Have I Been Pwned lets you check whether your email or phone number has appeared in a known breach and which companies leaked it.
If you show up in results, change your password instantly, avoid reusing passwords anywhere else, and turn on two-factor authentication wherever you can to shut down most account takeover attempts.
What You Missed This Week
Sextortion is rising fast. Attackers are weaponizing embarrassment to keep people from speaking up, and the tactic is working. I sat down with Keelin Conant, to break down why this is happening and you might be surprised to learn exactly who the most vulnerable targets are online. Listen or watch it here
Check Out Security Operations Center (SOC) (aka “The Guardians of the Network”)
SOC analysts monitor for suspicious activity, investigate alerts in real-time, and help prevent attacks before they spread. In incidents, SOC teams help interpret signals and guide response.If you enjoy fast-paced investigation and protecting people from threats as they unfold, this could be your path.
Learn more about SOC in my Free Intro Course: Cyber Paths 101
Let’s keep building together!
Stay protected,
Cybersecurity Girl
Know someone who’d enjoy this? Pass it along and have them sign-up here! And if you have thoughts or feedback, just hit reply, I’d love to hear from you.
Responses