Recently we have seen a large amount of malicious emails, in which the sender claims to have hacked your email account and placed malicious software on your PC to steal your personal information.
These emails can be fairly convincing, often containing an old password of yours that has been compromised in a data-breach and will use email spoofing to make it appear as though it has been sent from your own email account.
This is almost certainly not the case and is a scare tactic used to convince people into sending them large sums of money.
“How do they have my password?”
With so many different passwords to remember across all of the online services that we rely on daily, many people slip into bad habits and use similar, if not the same password for multiple platforms.
Over the last few years there have been many large scale data breaches, that have leaked a wide variety of personal information ranging from usernames and passwords to home addresses and dates of birth. Once obtained this information will either be illegally sold or leaked to the masses online via message boards or paste bin sites.
“Has my data been compromised?”
Prior to the GDPR regulations it was not required for a data processor to notify affected users of a data breach and as such a large majority of the people were and still are unaware that their information has been compromised.
The most effective way to find out if you have been affected by a data breach is to use a site called haveibeenpwned, simply pop your email address into the homepage to see if your email is attached to any known data breaches. You can also use this site to check how many times your password has featured in a data breach, this does not necessarily mean you have been affected but can be used as a measurement of password strength and security.
We have installed one RAT software into your device.
For this moment your email account is hacked (see on “from address”, I messaged you from your account).
Your password for <insert firstname.lastname@example.org>:<insert a password that you have used>
I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records.
I posted my virus on site, and then you installed it on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time, in addition, the software is synchronized with the video you choose.
For the moment, the software has collected all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $xxxx in BTC (crypto currency).
This is my Bitcoin wallet: <insert bitcoin wallet address>
You have 48 hours after reading this letter.
After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!
And henceforth be more careful!
Please visit only secure sites!
“I’ve been compromised what do I do?”
DO NOT give them any money.
If you pay the ransom you are effectively making this method of scamming profitable, encouraging these individuals to continue phishing/scamming.
DO NOT respond to the email.
With the nature of this attack/scam, the senders rely on the likelihood that a small amount of the recipients will respond out of the batch of millions.
Change your passwords attached to the account.
More information on how to create a secure password can be found here.
Delete the email.
The best thing to do with emails like this are permanently delete them from your inbox.
Consider setting up 2FA (2 factor authentication).
More information on 2FA and password security can be found here.
Purchase spam filtering tools.
This will not completely stop these types of emails, however, it will significantly reduce the amount of these emails that you will receive and filter out any malicious emails of other natures such as Phishing and Ransomware.