Malicious emails are a common means of cyberattack, and usually dealt with before they have the chance to reach us, and even when they do, they’re unlikely to come across genuine enough to be a worldwide worry. So, when a large-scale email spoof is problematic enough to reach mainstream news, it’s no surprise that people begin to panic. It’s not as worrisome as it may seem, however. Recently, a new email stating your email and password has found itself in many inboxes. The email begins by establishing itself as a “real threat” by sending your email and an old/current password for an unspecified site you used in the past. The sender will make some ludicrous claims, stating they have access to emails, social media accounts and webcam footage.
Luckily, you have no need to worry, as most of this is not true, so don’t go fulfilling the email’s requests, some of which are asking for transactions of as high as $3,000. Technically, the sender could have access to some accounts, but they won’t for long after you’ve dealt with the miniscule security threats you now face. For clarity, the only information the sender has is an email and password combination, which you have used on an account at some point. This has been lifted from some site and placed in a database, for use in this kind of attack. The sender doesn’t know what other websites this combination works for, and certainly doesn’t have a trojan on your pc, or webcam files, or whatever else they claim in the email.
Now, here’s the solution to the issue. The positive is that the attacker has sent you all the details they have on you; they’ve laid all their cards on the table. If this email and password doesn’t match any account you use anymore (for example, the password is old), then congratulations, you can delete the email without a second thought. If these details do belong to one or more accounts, it’s time to start changing passwords. An attack like this is the perfect example why duplicating passwords between accounts is a security risk. In a situation like this, it’s the reason the attacker can harm you. So, if this email has left you scrambling between accounts trying to update any vulnerable account details, take the precautions to avoid any panic in the future.