Picture this scenario: You receive an email which appears to have been sent from your own email account in which the sender claims to have hacked your computer and proves it by showing a password. The password may or may not be the password to your email account, but it is a password that you used.
The email’s authors go on to claim that they have proof of porn sites you’ve visited, naughty videos you’ve watched, and that they have access to your list of contacts, and that unless you pay a ransom in bitcoin, they will send incriminating info about you including proof of porn sites you’ve visited to all of your contacts….this can be pretty scary.
The question is:
Was your account really hacked?
Is this just a scam to extort money from you?
This particular scam was actually showcased on ABC News because of how often it appears to be happening.
But it’s just another targeted or ‘phishing’ email
This type of phishing email is just another targeted email from nefarious folks who know something about you…in this case the ‘hackers’ may have gotten your password info from a site that was hacked and had a password you used. This is the main reason you should not reuse passwords, and since so many people reuse passwords, the password they sent in this scam may very well look familiar to you.
How can you tell it a scam?
By reviewing the emails header information you can determine that the email was not sent from your email account. This is called email spoofing.
How to protect yourself from online scams
Be very wary of clicking on a link in an email
Never click on a link in an email unless you are absolutely sure it is legitimate, and even then, be careful. If in doubt go directly to the source. For example, if the sender claims to bank, go to your browser and type your banks web address directly into the browser bar. Or verify the old fashioned way by picking up the phone and calling. Here’s some more ideas on how to protect yourself from email phishing scams.
Don’t reuse passwords and set up a good password security system
We keep saying it again and again. Simple passwords anyone can guess. When one system gets cracked bad actors will often try the same passwords on other sites. We’ve written an article on password security.
Don’t whitelist yourself
In many spam and phishing filtering services, it’s easy to allow a known user to send you spammy email. It’s so easy that you may have inadvertently allowed or whitelisted yourself. If your getting phishy email purporting to be from you, check.