TL; DR – It’s almost certainly a confidence trick, and highly unlikely the criminals are on your system. Change the affected password EVERYWHERE you have used it to unique passwords and add two-factor authentication where available.
So you, like many others right now, may have received a creepy sounding e-mail quoting an old (or sometimes current) password; maybe it claims to be from someone with an edgy “darknet username”. They’ve allegedly managed to compromise your computer, infect it with some technical sounding malware and they’ve been watching you for months – during which time they have captured your salacious web browsing history and compromising webcam footage of you which they intend to send to all your contacts unless you pay them Bitcoin,
Except, or course, that it is all a basic confidence trick and they’ve done precisely none of those things.
I’ve dealt with a number of these incidents and there is currently no evidence, to my knowledge, that any victim has had their computer compromised by a Trojan virus, had compromising footage captured without their knowledge, nor that any distribution of such footage has been carried out in relation to this particular strain of e-mail.
However, the attack demonstrates the ease with which a criminal can obtain passwords from breached websites used by the public, and use that information to potentially log-in to other accounts and/or send extortion e-mail. In fact, LinkedIN itself suffered a huge breach some years back, and it is entirely possible that at least some of these e-mails represent opportunist criminals painstakingly working their way through the 100+ million passwords that might have been compromised in that incident alone.
Follow these simple steps to make your online accounts and e-mail more resilient against attack in future.
- Don’t pay. It’s a simple confidence trick.
- If you have identified any accounts where the password quoted is still active, change it immediately. If you are able to identify beyond doubt that the password was only ever used for one specific service, you should consider notifying the service provider and/or the Information Commissioners Office that a data breach of your personal information may have occurred through that service.
- Enable Two Factor Authentication (2FA) for any accounts in the Cloud/Web Based (including personal, for example Facebook). If your e-mail accounts (or remote access) are exposed to the internet with only a password as a security barrier, you can expect to be breached at some point in the future. 2FA is the most effective way to prevent this from taking place. (You can find helpful guides on how to switch on 2FA for a variety of common applications at www.turnon2fa.com)
- Use a unique password for e-mail accounts. Re-used passwords can be breached elsewhere, and if they are breached in conjunction with e-mail details, full access to the e-mail account is now available to an attacker. Follow National Cyber Security Centre guidance on how to create a strong, memorable password – I advise using this method to create two passwords, one for your e-mail account, and one for a “password manager” (an application that will generate long complex passwords for all your online identities – not to be confused with your browser “remembering” your logins). If you have unique passwords for all accounts in this way, then should you be a victim of a similar attempt in future you will know which account has been breached.
- Be wary of links within e-mails that require you to “login” to your e-mail or other online accounts eg Dropbox in order to view them. These may come in the form of “shared” plans, or offers of business from seemingly legitimate client prospects. The login screen will visually look identical to your Cloud system portal (Microsoft 365 being the most common), but it is actually a captive portal hosted on a criminal domain, set up to harvest Cloud login credentials. 2FA, described above, mitigates against the impact of this threat, but remember that the password will still be compromised.
- Check your e-mail accounts regularly for any unusual “rules” or folders that have been set up without your knowledge. Rules can typically be found in the same menu as “Out of Office”. Criminals will often set rules to forward all inbound mail into duplicate folders in your account (or externally to their own e-mail account) so they can read and act on them before dropping them into your active Inbox so you don’t notice.
- Make sure your operating system, browser and software packages are patched and up to date.
- Make sure you are running an up to date anti-malware package
- Share these tips with your friends and business network so that awareness of these scams becomes more viral than the scams themselves!