Recently, I’ve received several phone calls from panicked clients who had just received an email that scared the hell out of them. The email appeared in their inbox with the subject line “Your Password is ___” and named one of their legitimate passwords. After opening the email, they read a threatening message from some hacker who claimed to know they have been doing illegal or compromising things on their computer. My client was ordered to buy a ransom in Bitcoin or the hacker would send a compromising video to their friends and colleagues.
An Email Worse Than Spam
Faced with this frightening email, it’s no wonder security researcher SecGuru found that victims who received this email paid over $50,000 in just one week. But they didn’t have to pay to keep their personal lives secret — because this email is a total scam.
If you ever get an email like this, just delete it. As Brian Krebs from Krebs on Security pointed out, this is likely a semi-automated email. You haven’t been targeted personally, and the hacker doesn’t have a compromising video of you. That said, they do have your password, which might pose a bigger threat.
“How do they know my password?”
With the constant barrage of database leaks in the last decade, it’s not surprising that hackers have easy access to countless emails and the passwords associated with them. Last year alone, massive websites like Facebook, Reddit, and WordPress were compromised, exposing the sensitive data of millions of users. These breaches aren’t forgotten. Most of this exposed data is gathered up and sold to cybercriminals on the dark web or through sites like DeHashed.
DeHashed alone has a database of emails and passwords from everywhere, from LinkedIn to Dungeons & Dragons Online. There are almost 6.5 million passwords on DeHashed, and it costs just $4 to access passwords associated with an email. Don’t believe me? I dare you to visit DeHashed.com and search your personal email.
New Passwords Can’t Protect You
After a major data breach, these websites urged users to change their passwords. But changing your Facebook or eBay password isn’t enough to protect you from the damage that’s been done. Despite the danger, so many people insist on using the same password for multiple sites, which is why it’s so easy for hackers to make a profit.
I heard from one woman who lost thousands of dollars after her company’s payroll was breached. The hacker had broken in, added a fake employee, and made off with thousands in a single transaction. It turns out she used the same password for everything, including Facebook. My guess is that someone got her password after the Facebook breach and was able to access the payroll system that way.
Stop Trading Security for Convenience
If you use the same password for multiple accounts, every data breach is a threat to almost every area of your digital life. I’ve said it before, and I’ll say it again, you need to start protecting your reputation and your business with a password vault.
Don’t have the time or resources to create a company-wide password vault? Good news! Sklar Technology Partners is offering a new service that can take care of the hassle for you. Our Online Identity Security Service will set up a vault, seal up weak points in your password system, and teach your employees how to keep sensitive passwords from falling into the wrong hands. I’ve seen too many businesses suffer because of poor password management. Give us a call to learn about the Online Identity Security Service, or, at the very least, Google “password vault” and set one up today!
Unless you think a hacker won’t be willing to pay $4 for access to your bank accounts.
Thanks for reading,