There have been multiple reports of users around the country receiving emails with their own passwords and an email trying to blackmail them for BitCoin using convincing social engineering. The attackers begin by sending their potential victims an email, claiming they have access to their computers and have been spying on them. To make it even more convincing, they send a password that was actually used at one time as “proof” that they have indeed been spying on you. Reports say the attackers request anywhere from $1,000 to $3,600 in BitCoin to keep your “secret”.
Here’s an example of one of the emails:
How did they get my passwords?
Cybercriminals often go after large amounts of information, such as the entire collection of user login details for a website or service. Data breaches have occurred at several large sites including Myspace, DropBox, LinkedIn, Adobe, Tumblr and others. Once the attackers get the data, it’s often made available on the web. Troy Hunt, a Microsoft Regional Director and renowned security expert, has built “HaveIBeenPwned” a website that makes it easy to see if your credentials were leaked.
What should I do?
The first thing you should do: immediately change the passwords on ANY account that could be compromised so no one that has access to those accounts. The next step is to run a complete Virus and Malware scan on ANY device that was used to login to any of the compromised accounts. Regarding the email you received containing your password and a threatening message, you can safely disregard and delete the email.
If you still are concerned, would like assistance, or just have questions, please call us at 901-475-0275. We are ready and willing to help so you can continue using your technology confident that you are better protected from these types of threats.