A clever new email scam that has arisen in the last few days claims to have hacked into your machine and recorded you on a webcam. The sender of the message references an actual password you recognize, offering support to their scare tactic. In some cases, it will be a password you used a long time ago, but (hopefully!) not one you’re using now. The point of this particular email scam is to extort money out of you to prevent the sender from sharing the alleged video (which they don’t have) with all your email contacts.
In the last several months alone, there have been many reported cyber attacks against popular sites like Netflix and Twitter. Passwords stolen during those attacks can eventually make their way to lists on the web that are used by other hackers, sometimes with malicious intent. If you receive an email message like the one shared by Krebs On Security, and the password included by the sender is one you currently use on one or more websites, our best recommendation is to make sure you change it immediately via those official sites.
6 Password Security Tips
- Never reuse passwords between sites
- Change passwords at least once a year
- Use a passphrase that is long but easy to remember. An example would be “Safety Net k33ps me safe!”
- Use a base passphrase and make a unique piece for each service or website
- Password managers like LastPass work across multiple devices and make it easy to securely manage multiple passwords
- Never share your passwords
Passwords, whether they’re for social media, shopping and banking sites, your favorite restaurant delivery service, or personal email accounts, should not fall into the “set it and forget it” category. IT security is complex, but good password habits are simple and helpful, both for personal use and in the workplace.