A new scam is currently going around and may soon be landing in your email box, or that of one of your employees.
But unlike that con about the unclaimed money waiting for you in a bank in Kenya, this one has a more insidious and frightening component – the scammer tells you he has one of your passwords, and proves it by including it in the email.
How could this happen? Perhaps one of the companies or vendors you do business with was hacked. Maybe you used your email and password to log into a website with questionable security. Maybe the scammer found an old email address you haven’t used in awhile, but it was connected to the same password you use now. Unfortunately, there are other possibilities as well.
Once the scammer shakes you up by revealing your password, he makes all sorts of threats – he’s planted spyware on your cellphone or on your computer’s webcam; he has a record of all the websites you’ve visited, including some you may not want others to know about. And if you don’t want any of this information sent to your employer or made public, you need to pay up.
None of those threats can be backed up. But seeing your private password in an email from a malevolent stranger would certainly be unsettling. And some recipients of that email may be intimidated enough to send the hush money.
Related: Meet 360Civic's New Security Chief
Be Careful Online
This goes back to something we’ve been saying for years, and something we tell all of our clients – the internet is not a safe place. The access to your online accounts and passwords that you surrender for the sake of convenience too often results in that information being shared or sold to other entities that are careless with your security. And when they get hacked, you pay the price.
We provide security services to our clients, and we’re good at it. But the reality is that most attacks these days are not against servers. Instead, hackers go after the much softer targets offered unwittingly by all of us as we surf the net, vote in polls on political or entertainment sites, and register with websites through existing social media accounts rather than creating a new login and password.
The easiest way to avoid such potential threats, while still enjoying all of these online services, is to create fake email addresses. If these ever fall into enemy hands, they can’t hurt you. Yes, it takes a little more time to create these accounts and link different passwords to them – but it will be worth it.