Scary, but automated and mostly harmless
Have you received a threatening email with your password in the subject line? Your password has leaked but usually it’s an automated scam with no immediate threat. Here’s how to keep safe.
Usually this automated email scam asks for a large ransom in dollars or bitcoin. It may demand that if you don’t respond, your explicit photos and videos will be posted online.
First of all, if you get this email, don’t worry. Nobody has any explicit media of you. On top of this, you shouldn’t feel pressured to send any money. Instead, let’s look at how the email was sent and how your password is in the email title in the first place. After, I’ll explain how to protect yourself online.
What Is The “I Know Your Password” Email Threat Scam?
You used a service online that had a security breach in the past. As a result, your email and password has been sold online to criminals in an attempt to extort money from you. Sometimes this information may be outdated.
For example, it may show one of your old passwords in the subject line, but in fact it isn’t related to your email address at all. If it does match the password of the email account you are using, you should change your email password immediately.
Do it right now. Bookmark this page and then come back to it once it’s changed and I’ll share what steps to take to determine if any of your other accounts have been breached.
Now that I have explained the scam, here’s what we are going to do to protect your online accounts.
- Take steps to identify what accounts have been breached.
- Change passwords to breached accounts.
- Consider using a password manager to insure your accounts don’t get compromised in the future.
I have created separate sections for each step below. Please follow each step carefully to protect your accounts online.
How to Identify What Accounts Have Been Breached by Hacks
We can use a powerful free, online tool called haveibeenpwned to determine which of our online accounts have been hacked.
This service keeps track of which online services and websites have had their data breached in the past. All you need to do is enter all the email addresses you use online.
Haveibeenpwned will then return results based on whether any services connected to those email addresses have been hacked. You must remember all emails you’ve used online to ensure your passwords haven’t been compromised.
To use the service, simply enter your email address in the entry field on the website and click pwned?
If you get the result Oh no – Pwned!, it means your email was found subscribed to a data-breached website or service. You can scroll down to see where you were breached.
Make a list of breached services. Repeat this process with all emails you use online. It may be a long process, but it’s well worth taking the time to protect yourself online.
How To Change Passwords To Breached Online Accounts
Once you have your list of services, you should go to each of these services and change your password there. If you have ever used that password elsewhere, you should change it there too.
For example, if you had an account at last.fm and used the password – secretpassword123, any accounts that share that password may be at risk too. You should change that password wherever you may be using it online.
If any of your email accounts share any breached passwords, you should change your email passwords too, and ensure you have adequate security features set up, such as two factor authentication. Most email services, like Gmail and Outlook for example, also allow you to see recent logins and log out of all devices.
How to Use a Password Manager to Keep Yourself Safe Online
One of the major problems with online accounts is that most people use the same password across multiple services. This could mean that a motivated criminal could find all of your online accounts and gain access to them.
Typically, it would be easier for criminals to bulk purchase breached details and bulk spam emails like the one that brought you to this article. But there’s nothing stopping criminals from digging through the stolen data they have and trying to use it to log into your social media, your bank accounts, or other platforms that may have sensitive data.
The best thing you can do is to make sure all of your passwords online are different. There are two safe ways to do this. The first is to write all of your passwords down on paper, somewhere safe. Alternatively, you could use a password manager.
Password managers can generate impossibly difficult passwords for your account and encrypt that data. Typically you have one master password that logs you into your password manager, and then all of your online passwords can be copied over from there.
You can learn more about how password managers work and which are the best choices here.
Summary
I hope that this article has helped to relieve some stress. Whenever you receive unsolicited emails asking for money, usually the threat is quite minimal.
Like this scam I talked about here, there’s often a less worrying explanation. However, educating yourself and taking steps to protect your online accounts is still crucial.