I have received my share of emails that try to blackmail me into paying a sum of money to keep my network safe or my “secrets” from getting out (examples below). These emails usually include one of your current or previous passwords in the subject line to get your attention. They go on to explain in detail that the sender has your password and has compromised your privacy or security in some way. The email usually also provides a time frame and amount of money by which you can make this all go away. If you do not pay the designated amount by the deadline, they release the information to your contacts, significant other and the list goes on.
How did they get your password? The password you see in the subject line is usually a password you have previously used or are currently using, and that’s what makes the email seem legitimate. Data breaches of large organizations are happening at a staggering rate. These data breaches also include username and passwords account holders. In 2018 alone, over 350 million records have been stolen from companies such as:
- Under Armour
- Google Plus
These stolen account details are then posted on the dark web to be obtained either for free or a small fee. Once others get access to these account details, they use the information in emails to guilt or coerce people into sending them money.
The emails are also sensitive in nature for a reason. This can make it somewhat embarrassing to reach out and ask if the email is legitimate. The chance of paying may rise because of this.
At the end of the day, these emails are scams.
What should you do?
- At IT360, we understand that sending these emails in through a normal ticket may not be the most comfortable thing to do. When you receive these questionable emails that are sensitive in nature, pick up the phone. You can ask for me directly or any other IT360 employee you feel comfortable with. We may ask you to forward it to us directly so we can review and talk with you about next steps.
- Don’t use the same password for multiple sites/accounts. Use unique password for each account. It is just good security practice.
- Change your password on sites every so often – every 6 months on social media sites and probably more frequently on any financial accounts.
I have received numerous calls from clients asking about these emails. The conversation they have with myself or any IT360 employees will always be confidential. I am also posting links to the scam emails I have personally received so you can see some examples that are out there right now