October 2018

Sextortion Scam threatens you with passwords lost in Data Breaches

There is a new kind of e-mail based scam that is targeting internet users. It’s called the Sextortion Scam and it works like this: you get an email from someone claiming to have logged into your account and installed malware, they say that they have recorded you or the programs you are using and will share that information with your contacts unless you pay them a ransom. The scammers also usually show you that they have your password to prove that they’re serious.

The good news is that you haven’t been hacked, the bad news is that they might have your password.

There have been dozens of data breaches over the last three years, most notably the massive Equifax breach in September 2017. Millions and millions of people have had their data exposed online by this kind of breach. What this means is that bad actors are able to purchase lists of the exposed data in order to extort money from unsuspecting internet users. With the purchased data these scammers email users their own passwords to “show” that they’ve been hacked, assuming that most people will keep their passwords even after they’ve been informed of a big data breach.

You can see if your email has been exposed in a breach by entering it into this website: https://haveibeenpwned.com/
And you can see if your passwords have been posted online by checking this page: https://haveibeenpwned.com/Passwords

If your email or password shows up in those searches please immediately change your password. For better security in the future, and to mitigate the risks of data exposure, please call PMCS at (818)957-5647 and ask for information about setting up a strong password policy for your business.