The latest scam we’ve seen – “I know your password” – is both beautiful and scary. Read on to find out how to beat it.
Recently, some of our clients have reported receiving strange emails. These are more than the run-of-the-mill spam, they are from persons unknown claiming to know one of your passwords.
And here’s the thing – they do know one of your passwords. It’s there, in the email, in all it’s uncovered glory.
The sender usually uses this information and claims that they have infiltrated your computer with some sort of malicious software, which then used your webcam to record you while on the internet; typically claiming you’d visited some salacious web site or other.
And along comes the blackmail… pay $1,000 in bitcoin (or some variation) or else!
The “or else” usually involves telling the world your dirty little secrets.
Most people freak out – and rightly so – because the password shown is genuinely one which they use, and human nature (working the way it does) leads people to be easily convinced that the sender has accessed their computer and will carry out their threat. Even if the receiver has done nothing wrong and visited no seedy web sites, the fear of what might happen is terrifying.
So, let’s pull back the curtain to see why this happened, and what you should do about it.
Many online systems (LinkedIn, Yahoo, and eBay, to name a few) have been hacked in recent years, and if you have an account on these systems it’s possible that your password was stolen. You should use this web site to see if you’ve been a victim of one of these password thefts.
If you have, then a bunch of your information would have been lifted; your name, password, possibly address and date of birth. Credit card information is usually not taken from these sites, as that information is kept separately.
In and of itself having a password stolen from an online system is not a good thing, but the real issue is if you use the same password on multiple systems.
Once the hack is done, the scam begins.
These thieves will try your email and password combination to login to other systems, and if you use the same combination elsewhere then those systems can be accessed by them. Increasingly, systems include 2-factor authentication to stop this; logging in requires more than an email and password for these systems, but most don’t.
Scammers will try many attacks, but the softest target is you.
If you receive this type of email DO NOT IGNORE IT.
The scammers most likely haven’t installed any software on your computer; their real target is money.
The #1 thing to do is change your password to any online systems which have been compromised; again, check this web site to see if you’re a victim of these.
The #2 thing to do is install anti-virus and anti-malware software on your computer. iHelp IT can help you with that, as part of our iCare Essentials package.
And finally, the #3 thing to do is to not visit any of those web sites…
Contact us at firstname.lastname@example.org to find out more about protecting yourself with iCare Essentials