Imagine receiving an email from your own email address, telling you that you have been hacked, and to prove it, the sender includes your password in the email? They also say that they have been watching you through your webcam, and tracking your online web-surfing. Having thoroughly scared you, the scammer then threatens to release evidence of you visiting adult websites unless you pay a ransom, usually in Bitcoin. This happened to a customer of mine recently.
Variations of this scam have been around for several years. Chances are that you were not hacked. Rather, your email address and password information are included in one or more of the thousands of data breaches that have occurred, and your information is being sold on the dark web. Billions of accounts have been compromised in data breaches, so the odds are pretty good that your data is included. To make it more convincing, the scammer then spoofed your email address.
So, what should you do? First, do not pay or contact the scammer. Next, run several virus and malware scans on all of your devices to check for known viruses and malware. Then, and possibly most importantly, change all of your passwords so that you have unique passwords on all of your accounts. But how do you remember all of those different passwords? I recommend using a password manager program.
A password manager can help you create and store more complicated passwords. There are numerous password manager programs available. Most have you remember one password, then keep the others locked away in a password “vault”. Some keep the password “vault” file on your device locally, others are cloud based which allows them to be used on multiple devices.
I also recommend that you visit have i been pwned to see if your email addresses have been involved in any breaches. You can sign up to be notified of any future breaches involving your email address.
#BeCyberSmart #CybersecurityAwarenessMonth #PasswordManager #UseUniquePasswords #EmailScam #haveibeenpwned