“Your account has been compromised and, to prove it, here is your password.”
In recent weeks we have taken a number of calls from users who have received emails which, in amongst whatever scam is being run, try to offer up some validity to the claims by presenting a user with his or her password. Often the mail will demand a ransom, claiming that a user’s system has been hacked and that personal details (and, in some cases, personal habits) have been recorded.
Things to look out for include;
A threat to reveal evidence of adult-website use
A ‘known password’ appearing within the email subject
A demand for payment via an untraceable crypto-currency (such as bitcoin)
In all cases we have seen the emails are false. In many cases the password presented is not current which adds weight to the belief that the lists in circulation will come from an historic data breach. In this regard the threat of the email is non-existent.
Where there may still be wider cause for concern is if that email address and password combination are still used in multiple places – the scam email alerts you to the fact that this information is out there and available to the criminal element. Previous VCI articles discussing passwords have advised against the repeated use of a single password so now might be the time to re-evaluate the passwords you use and where you use them.
You can view our handy video guide to spotting suspicious emails here but if you would like further advice or help on password choice and password management please get in touch via phone, email or the contact form on the website.
“Stolen password email scam” – Part of the “May contain nuts” series of short articles discussing familiar topics which we should all revisit once in a while.