Have you received an email recently that started out with something like this?
“*****is your pass words. Lets get straight to the point. Neither anyone has compensated me to investigate about you. You don’t know me and you’re most likely thinking why you are getting this e-mail?”
The email than goes on to say that they have installed a virus on your computer while you were visiting a certain website and that they recorded you on your webcam. Scary right? The scary part is it seems all of this could be possible because the password they used in the email is a legitimate password that you have used before, or are currently using.
Please be aware that this is a massive phishing campaign. We’ve received dozens of questions from our clients about these emails and want to make everyone aware. This latest phishing attempt is designed to trick you into paying them via bitcoin.
DO NOT PAY THEM!!! Your computer has not been hacked, and there is no video of you via your webcam. This is a complete scam. The real question is how did they get your password in the first place??
According to Identity Theft Resource Center® (ITRC) and CyberScout®’s 2017 Data Breach Year End Review, there were roughly 1,579 reported breaches that compromised approximately 4 BILLION credentials last year alone. We all remember some of the most recent breaches including Facebook, Equiafax and even Whole Foods. Lists generated from these types of breaches is most likely where they received your password.
So what should you do with this email?
First, delete the email immediately and be sure to not click on or open any attachments. Email attachments can carry viruses or lead you to phony websites encouraging you to expose personal or sensitive data. For more information about Phishing emails and how to protect yourself AND your employees, check out our blog, Phishing: The SMB Plague.
Second, if the password is legit and still in use, you should change it right away! We also recommend that you begin to use a password manager as an added layer of protection going forward. The average business user must keep track of 191 passwords. This can be overwhelming and result in lazy password management. There are a number of password management tools available, some better than others. We can help you identify the best tool for you and your business. If you need any help give us a call!
Finally, be sure to notify your company’s IT department or provider about the phishing email. Your IT department or provider can quarantine the malicious email to prevent it from spreading across the system and to warn all employees of the attempt.
If you have any questions about this or other phishing emails, reach out to us for assistance. Be safe.