Help! My Email has been Hacked!
You do not know me and you are probably wondering why you’re getting this email? My virus grabbed all your personal info and turned on your сamеrа…
If you have recently received an email from a purported hacker who is demanding payment or else they will send compromising information—such as pictures—to all your friends and family, this probably sounds familiar. Now you’re searching for what to do in this frightening situation.
First, don’t panic- and do not pay the ransom. Contrary to the claims in your email, you haven’t been hacked. This is a type of online phishing that is targeting people around the world and preying on digital-age fears. The general gist is that a hacker claims to have compromised your computer and says they will release embarrassing information to your friends, family, and co-workers. The hacker promises to go away if you send them money, usually with bitcoin. What makes the email especially alarming is that, to prove their authenticity, they begin the emails showing you a password you once used or currently use.
Although alarming, this still doesn’t mean you’ve been hacked. The scammers in this case likely matched up a database of emails and stolen passwords and sent this scam out to potentially millions of people, hoping that enough of them would be worried enough and pay out that the scam would become profitable. Here are some quick answers to the questions many people ask after receiving these emails.
They have my password! How did they get my password?
Unfortunately, in the modern age, data breaches are common and massive sets of passwords make their way to the criminal corners of the Internet. Scammers likely obtained such a list for the express purpose of including a kernel of truth in an otherwise boilerplate mass email.
If the password emailed to you is one that you still use, in any context whatsoever, STOP USING IT and change it NOW! And of course, you should always change your password when you’re alerted that your information has been leaked in a breach.
Should I respond to the email?
Absolutely not. With this type of scam, the perpetrator relies on the likelihood that a small number of people will respond out of a batch of potentially millions. By default they expect most people will not even open the email, let alone read it. But once they get a response—and a conversation is initiated—they will likely move into a more advanced stage of the scam. It’s better to not respond at all. And remember, Don’t pay the ransom! If you do pay, then the scammers may also use that as a pressure point to continue to blackmail you, knowing that you’re susceptible.
What should I do instead?
As we said before, stop using the password that the scammer used in the phishing email, and consider employing a password manager to keep your passwords strong and unique. One other thing to do to protect yourself is apply a cover over your computer’s camera. We know this experience isn’t fun, but it’s also not the end of the world. Just ignore the scammers’ empty threats and practice good password hygiene going forward!
Finally, The Federal Trade Commission (FTC) is the main agency that collects scam reports. Report your scam online with the FTC complaint assistant, or by phone at 1-877-382-4357 (9:00 AM – 8:00 PM, ET).