Password Scam – How Does It Work?
Here at Wilson Computers we get contacted on a regular basis by businesses who are targeted by scams. Consequently, we see many different techniques that scammers use to try and extort money. Recently this “Password Scam” has became very prevalent and has been causing many un-due concerns.
The Email
There are several variations of this email but normally it will claim to be from a hacker or a “programmer who cracked your email account”.
It will usually have a password that you use in the topic, that’s what really grabs your attention. The email will then accuse you of viewing “sites of intimate content”, in other words, porn, and ask for payment by bitcoin.
The Reaction
Many recipients of this email will think it is very credible since it cites a password. Users that have visited sites that they wouldn’t want publicly disclosed, are likely to be anxious at this point. As a result, many will make a payment to scammers, hoping to protect their dignity.
The Password Scam
As if often the case, things aren’t as they seem with this password scam. The scammers obtain passwords from publicly available lists of user credentials. In recent years there have been several high-profile hacks in which user data has been leaked online. Therefore, this gives scammers easy access to information they can use to target and extort money.
To see if your credentials have been leaked online, this website lets you search by email address. If it returns any results, then it’s important you no longer use the password that you used for the site listed.
How To Protect Yourself
As scams get more and more sophisticated, businesses who don’t take precautions are becoming victims. There are several things that can be done to protect yourself and your business. The following steps are strongly advised so a business can protect themselves against this password scam and other types of attack.
Password Policy
It’s good practice to change the passwords you use regularly. It is also a good idea to use different passwords for different sites. This means, if a site does get hacked, then the credentials that you used may be useless to an attacker.
Antivirus and Firewall
Security software that monitors for risks is an essential part of any I.T. system. Many attacks involve malicious software or scripts that will be blocked by good antivirus and firewall systems. It’s therefore advisable to make sure your I.T. company provides this and that it is monitored and kept up to date.
Backup
Encryption extortion attacks are very common at the moment. Should the worst happen, and you suffer a data loss as a result of one of these attacks, a recent backup is essential. Therefore, speaking to your I.T. company will make sure they have all your essential data covered. A good I.T. company will also monitor and test your backup system regularly.
Education
While all the above measures are extremely important, it’s no substitute for education. Being aware of the threats is important if you want to be vigilant. Reading articles such as those we publish at Wilson Computers can make the difference between being a smart I.T. user or another victim.
As always, we are here to advise if you aren’t sure of anything. Feel free to pick up the phone if there is anything of concern or if you would like more info. Our helpdesk is open Mon-Fri 9-5 and can be contacted on 028 9146 9751 or by emailing [email protected].
