they know your password from one of the many breaches that facebook or other large entities face. Experian for example, its the same way people steal identities and such, identity lock or whatever can tell you what password from where is found on the darkweb. just change your passwords, the email is a scam they don’t have videos of you gratifying yourself, I have been getting this scam mail since the facebook exploit, however I don’t have any such videos or a webcam so how could such a video exist… just saying.

Why is that?

Any time any site gets compromised that information finds it way to someone unscrupulous who makes such an e-mail.

The one they got for me was : skyrim. I’d used that as a throwaway password on Nexusmods for Skyrim mods back when i wasn’t using a password manager to make up random ones for me.

That site was hacked in 2015. Go to HaveIBeenPwned site to see what passwords related to your e-mail addresses have been hacked in the past.

That said i don’t even have a webcam so this e-mail was moot for me (though i thought why not get informed and google this).

If they had your passwords they would sell them instead or attempt to use it themselves (not a good idea for any but the best hackers).

If they truly had your passwords they would show more than the one or two that may have been compromised by happenstance in the past.

That said if the password shown is one which you use (in any form) for a serious website , reconsider your web security. Get a password manager. Good luck !

It doesn’t exist as a virus. It hasn’t infected anyone’s phones or computers. It’s using email address and password combos from data breaches, and social engineering. See other comments.

Would you have suspected MySpace and Dailymotion of having weak security? What about Facebook? Sony?

You can get a list of sites from which a password for your email address has been leaked at https :// haveibeenpwned. com/. You can also test a specific password for having appeared in a leak.

Your computer/device has not been infected by this RAT. “After that I removed my malware to not leave any traces.” Good covering story; however, there are no traces because it was never there in the first place. There is no urgent need to follow the steps in this article, but they are useful checks to make from time to time (like checking the oil in your car).

Somebody took that data dump, created that e-mail form, and sent it to all the e-mail addresses and password combinations they have access to. User’s seeing an actual password they used, especially if it is re-used will short circuit their reasoning capabilities and be more likely to blindly follow the instructions.

Nothing is stopping the author(s) of these e-mails from re-sending multiple times.

In my case, the password they “knew” was the weak one I use on websites I suspect have weak security. I have checked that e-mail address for hits in known data leaks, and it has many hits. This tells me that they only have e-mail addresses and a passwords, and wrote an e-mail to make an optimal use of this combination.

It came in my spam email to so just to be safe I called Microsoft and they told me to file a report with the spam site. The password they sent I had used on a couple of old sites but I’ve been using a different one on my important sites for a few months

It’s almost certainly a scam. Still, if you want to be sure, you can use the recommended anti-malware tool from the guide on this page and scan your computer with it. If it finds anything, remove it to secure your machine.