malware controlling webcam

That’s a very common scam.

I receive those messages fairly often with some of my old passwords.

As for the password, one of your passwords was exposed in a web service breach.

That you’re concerned about that password implies you’ve been re-using passwords.

Re-using passwords is bad.

Not just because of these scams, but because these schmucks will also try your email address and associated passwords all over the ‘net, and across all services.

Unique passwords are your friend.

As for this message, the scammer has provided a “teaching moment” about the hazards of password re-use.

Oh, and you’re not being monitored, your device has not been hacked.

Your password (re)use is being monitored. Go fix that Right Now. An exposed Apple ID is Very Bad News.

Works profitably well for the scammers, too. Though the use of bitcoin—a cryptocurrency scheme largely known for planetary-scale power consumption and speculation and for buying illegal items—means the payments can be traced, which isn’t great for the scammers.

In any case, use unique and preferably robust passwords across all services. Use a password manager, too.

Some related reading: Scam Pop-ups, Scam Viruses, Scam Receipts, Scam Purchase

Jack_11 wrote:

I received an email with a password included in the subject line that is a previously common (few years ago) password that I used.

The person emailing said that he installed malware on a adult website that I accessed and recorded me and the video being viewed (took control of my webcam).

He then said that he had access to all of my contacts via messenger, etc., and that he would said the video he created in full to the entire contact list unless he received 1605$ in bitcoin, and provided the bitcoin account number.

Is it possible that he was able to record me and acquire all of my contacts? I have not downloaded any unusual apps, clicked on any unusual pop-ups, or downloaded any software.

Thank you.

No, not unless you have a jailbroken iphone.

Jack_11 wrote:

Thank you very much ramzee. The individual said if I wanted proof to say "yep" and he would send the video to my 17 friends. So, do you think that he is bluffing? Also, how would I know if my phone were jailbroken?

Thank you.

You can google what jailbroken means.

Current macOS and iOS and iPadOS versions will all detect and flag weak or re-used passwords.

Knocking off a few of those hazardous passwords each day can be helpful to improving your aggregate account security.

If you’re interested in seeing where your accounts have been compromised, here’s one of the services that collects and reports on password breaches: https://haveibeenpwned.com/

I got caught by cramming—re-trying known logins and associated passwords ~everywhere else—a while back, through a series of corporate acquisitions. A throw-away password on a seldom-used service became an account at a far larger service, and a service that I’d not realized I even had an account at. Thankfully the bunch that ended up with the account had a good scheme for preventing account loss.

I don’t try to presume what someone might believe about bitcoin traceability, or about their perceived risk of extradition and/or local prosecution.

Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams