We have been chatting to some friends recently and it appears that the hackers are getting a bit more aggressive in their attempts to get money out of people. Over the years we have received loads of these, but there is something different about this one that gets your attention. It includes a password that you do or have used on some websites, or it is nearly right (maybe missing a character or number).
We have had these emails and some friends have asked for advice on it, so we thought it may be helpful to share some suggestions on what to do (in addition to do not pay them). The email will probably look something like this:
I am well aware letmein69 is your pass. Lets get straight to the purpose. No person has compensated me to check about you. You do not know me and you are probably wondering why you’re getting this email?
in fact, i setup a malware on the adult video clips (porn) site and guess what, you visited this site to experience fun (you know what i mean). When you were watching video clips, your web browser started out functioning as a RDP that has a key logger which provided me with access to your display screen and also web camera. immediately after that, my software obtained every one of your contacts from your Messenger, Facebook, and email . and then i made a double-screen video. 1st part displays the video you were watching (you have a good taste ; )), and second part shows the view of your web cam, & it is u.
You do have not one but two possibilities. Why dont we explore each of these options in particulars:
First choice is to disregard this e-mail. in this situation, i most certainly will send your very own tape to every single one of your contacts and also just imagine concerning the shame you will definitely get. in addition if you happen to be in a committed relationship, precisely how it is going to affect?
Second alternative would be to compensate me 1000 USD. Lets call it a donation. in this situation, i will right away remove your videotape. You will keep going your daily routine like this never took place and you will not ever hear back again from me.
Sounds all a bit scary I know!
First thing to do is follow the Hitchhikers Guide to the Galaxy’s first piece of advice – don’t panic!
If your your PC or Mac has all the latest updates installed and you have your Anti-Virus and Security up to date then the chances of having a virus or naughty bit of software that they claim to have used is remote! But there is never any harm in checking they are up to date and running a full scan to be sure.
But there is one thing to do – change your password! And change the password on every site that uses this password.
We have included some more advice below the link on passwords, how to protect your accounts and how to manage your passwords. It’s not very exciting, but its really important stuff to protect your privacy and money. You can also find out how they probably got hold of your password.
You’ve probably not been hacked, but someone else has
Guessing your password takes a lot of work and computing power … after this there is a guide to secure passwords and simple steps you can take to make it as hard as possible to guess.
And its most likely this isn’t how they found your password, they probably got it from a website that has been hacked previously. Websites like LinkedIn, Tumblr, KickStarter, Adobe or some others you have probably used have been hacked and the hackers downloaded a huge pile of email addresses and passwords.
And now with that information they can just send out millions of emails demanding money in the hope that a few hundred / thousand of those people will pay up.
Now you know your password is compromised what can you do? Read about Password Managers below for a suggestion, you can skip the secure passwords bit if you like.
A Guide to Secure Passwords
The first change you can make to your password is to mix upper case letters in. So password123 could become PassWord123 … these read the same to you, but to a computer they are two very different passwords as the case of each letter has to match.
Quite often people will swap letters for numbers, but they want it to be easy to remember so they may opt for Pa55w0rd123 … it still reads as the same password but it isn’t a standard word. A lot of these substitutions are very easy to guess, so that looks more secure but it is still fairly easy to guess.
The next stage is to use punctuation symbols in the password.
Some examples may be Pa55w0rd!123, Pa$$w0rd!123 or Pa55w0(rd!12?3.
Using upper and lower case letters, numbers and symbols makes it harder to work out the password. With just lowercase letters and numbers each character can be one of 36, but we can take that up to 93 characters. To give you an idea a 6 letter password like this is one of 646,990,183,449 combinations whereas just lowercase letters and numbers has 2,176,782,336 combinations.
For a secure password, it is recommended that the password is least 10, characters in length. And very random! A good example would be:
And of course each website you use needs to have a unique password! So if one password is compromised, so is only one website. The hackers can’t then access any other accounts!
Have you seen one of the best films of the year Ready Player One? The guy with the password on a post-it note on his chair the team use to hack in to him. Most people who work in IT will tell you they have seen post-its on monitors all over the place.
So how do we remember all these passwords when most of us don’t have the brain or memory of Sheldon Cooper? You use a Password Manager!
Quite simply these are websites that safely and securely store your passwords for you. You have one “master password” to access your passwords. The Password Manager will install into your browser, when you open your browser you enter your master password once and then it will automatically fill in the passwords for you on the websites you visit. And add new ones as you sign up to a website.
Then there will be an app on your phone or tablet that you can use as well to access the passwords on the go.
Some of them also let you add additional things like wifi keys, secure notes etc.
How secure are they? Very – their entire reputation and business relies on their security! Databases are encrypted using your master password for example, so if you forget your master password you may loose access to all your passwords! They also offer two-step security as well as your master password, you should definitely use this! See further down.
There are several companies providing password management solutions, you can find a list and reviews of some of the leading companies here.
One piece of advice – pay for this service! It is too critical to rely on a company hoping to make some money one day from something else. Your privacy and security is at stake here … so surely that is worth $10 a year?!
You will also find that these will have a security check tool, they will advise on sites with the same password or insecure passwords so you can go through and change them.
Two Stage Authentication
This is starting to become more common now. And for good reason, passwords aren’t secure enough by themselves for sensitive data.
The principle is simple – login with username and password, and then get a separate random security code on another device or by other means – very commonly a text message. Then type this code in to confirm you are you, basically are you in possession of another device that is personal to you and you are very unlikely to not have with you.
If this is available on sites you use that contains financial or personal data (banking, social media, email, shopping sites that have card details) it is recommended you use it!
It’s Hard Work
Putting all your passwords into a site like Lastpass isn’t easy, and it’s certainly not what most people would call a fun weekend.
Your password is your passport, your wallet, your debit and credit cards. An example of why it is important to ensure you have secure passwords on sites.
Someone has the password for your Toolstation account for example. They can login, there is no payment cards stored – they may see your name and address, and the fact you clearly have thing for big powertools. With your name and address some potential for identity theft / fraud but they are both fairly easy to get hold of realistically.
Now what about your email password? They can see you’ve been cheating on Toolstation and buying powertools from Screwfix and also Amazon. They try your Amazon account with the same password – doesn’t work. Phew, you were good having different passwords!
But since they can now login to your email, they can request a new password from Amazon to access your account. Password reset, oh look Amazon has all your payment cards stored … they can go on a shopping spree and have a load of stuff delivered to an amazon locker for to collect and no-one will know who they are or where they live.
Or worse still they can take over all your social media accounts and you won’t be able to prove who you are or reset the passwords if they change the email password to.
So it is hard work, but the risks of not doing are quite scary!
So pour yourself a large Gin, sit down and get changing those passwords.