A new scam is currently going around and may soon be landing in your email box, or that of one of your employees.

But unlike that con about the unclaimed money waiting for you in a bank in Kenya, this one has a more insidious and frightening component – the scammer tells you he has one of your passwords, and proves it by including it in the email.

How could this happen? Perhaps one of the companies or vendors you do business with was hacked. Maybe you used your email and password to log into a website with questionable security. Maybe the scammer found an old email address you haven’t used in awhile, but it was connected to the same password you use now. Unfortunately, there are other possibilities as well.

Once the scammer shakes you up by revealing your password, he makes all sorts of threats – he’s planted spyware on your cellphone or on your computer’s webcam; he has a record of all the websites you’ve visited, including some you may not want others to know about. And if you don’t want any of this information sent to your employer or made public, you need to pay up.

None of those threats can be backed up. But seeing your private password in an email from a malevolent stranger would certainly be unsettling. And some recipients of that email may be intimidated enough to send the hush money.

 

Be Careful Online

This goes back to something we’ve been saying for years, and something we tell all of our clients – the internet is not a safe place. The access to your online accounts and passwords that you surrender for the sake of convenience too often results in that information being shared or sold to other entities that are careless with your security. And when they get hacked, you pay the price.

We provide security services to our clients, and we’re good at it. But the reality is that most attacks these days are not against servers. Instead, hackers go after the much softer targets offered unwittingly by all of us as we surf the net, vote in polls on political or entertainment sites, and register with websites through existing social media accounts rather than creating a new login and password.

The easiest way to avoid such potential threats, while still enjoying all of these online services, is to create fake email addresses. If these ever fall into enemy hands, they can’t hurt you. Yes, it takes a little more time to create these accounts and link different passwords to them ­– but it will be worth it.

Ron Zayas

CEO

Ron Zayas is an online privacy expert, speaker, author, and CEO of 360Civic, a provider of online protection to law enforcement, judicial officers, and social workers. For more insight into onli... Read more

Why Your Online Privacy Will Always Be Our Top Priority
The Onerep Betrayal: And Why Your Privacy Will Always Be Our Top Priority
Earlier this month, it was revealed that an alleged privacy protection provider called Onerep was playing fast and loose with the personal information of its clients.
Read More
""
It’s Not Too Late To Restore Your Online Privacy
There’s an old saying that you can’t put toothpaste back in the tube. It simply means that some actions, once taken, can't be undone.
Read More
""
America is Number One!... in Ransomware Attacks
Data breaches and ransomware attacks are a global threat – but a recent report revealed that American organizations are a favorite target.
Read More

Stay up to date with online privacy best practices and news

Signup for our free IronWall360 newsletter