Share this story...
Phishing scam features new twist
Latest News

Investigators warn of new phishing scam

In this new twist on "phishing," thieves already have your e-mail password.

DPS example of phishing email.

SALT LAKE CITY — Investigators want you to be aware of a new cyber scam where “phishing” crooks already have your email password.

The Department of Public Safety says scammers steal your email and exact password and send you a message.

“The email essentially says, Hey I know that you’ve been to a pornography website recent and I know that because I’ve installed Malware on that site,” Sargent Jeff Plank with the DPS said.

Plank says crooks then demand money in exchange for embarrassing videos of you. Those who’ve been doing something online they don’t want others to know worry they’ll be exposed.

“What lent credibility to the scam was that the very first sentence of the email it clearly said, I know that your login is X,Y, or Z and your password was this or that,” Plank said.

“You automatically think ‘OK they know something about me how did they get my login and password?’ Not many people realize that their logins and passwords have been compromised,” Plank added.

A statement from the Department of Public Safety reads, “The Statewide Information and Analysis Center (SIAC) has received an increase of complaints of spear-phishing scams involving the victim’s correct username and password listed in the email and are sent from an outlook.com domain. The email subject line contains a username and password. The email then describes knowing the victim’s password, installed malware on their computer, and also claims to have recorded the individual. The email then demands payment in order to destroy the compromising recorded video. The email lists a required amount to be paid in Bitcoin, in addition to a Bitcoin wallet address.”

Experts say changing your password often is best practice to protect yourself.

“It’s a good reason why everyone should regularly change their password on different sites, not share passwords between social media sites and to change it often,” Plank said.

If you’ve gotten one of these emails you can report a cybercrime tip here.