October 31st 2018
“The most important is to remain calm. Do not reply or pay. In most cases you can just delete the email and go on with your day. This blog post deals with these threatening emails to avoid the worry they often cause.”
Scam emails causing concern
In the last few months, a special kind of scam emails has been going around and is causing a lot of concerns for recipients worldwide. You have probably already received one of these, know someone who has or heard about it in the media. In the emails, the scammers claim to have gotten access to your account or computer and prove it by showing a password. Then they claim to have recorded you in a private moment and threatens to expose it to your friends, family, and everyone you know unless you pay.
The most important thing when receiving one of these emails is to remain calm. This new scam is very hurtful and goes directly for blackmailing the victims. Even so, we recommend you to not reply or pay. In most cases, you can just delete the email and go on with your day.
Password included in the email
The main concern we experience is that the email includes a password that the user is using at the moment or has used earlier for their account. Your passwords are safe with us. Our highest priority is security and to make sure to keep your data safe. In most cases, we see, that the email address has been used as a username on another site either in the past, or still is, and that place has had a data leak. Most people tend to use the same password in multiple places because it is easy to remember, therefore it becomes very easy for hackers to use the leaked login details everywhere else where the same combination of email address and username has been used. The password in the email is from one of these data leaks and may not have been in use for years. Hackers have large databases of such stolen data and usually use it to gain access to accounts and send spam.
It is a very good idea to change your password on a regular basis, as well as all your other passwords. Having different passwords for various sites is always a good idea. And of course, make sure your passwords are secure and not commonly used, such as PASSWORD, name and birthday or ILOVEYOU. Sentences, with or without spaces, are one of the safest passwords you can use; it is very hard for a bot to guess and you can more easily remember it. Add a special character for extra security.
You should also check if your email password has been leaked before so you can take precautions and keep you and your data safe.
Email from your own account?
The scammers are very clever and hide their tracks in many ways. One of the most obvious is that it seems like the email was sent from your own email address, even though it was not. This is called spoofing and it makes it look like your own address is the sender. Modern email technology makes this possible. If you are not sure, our support is always ready to help you check. A good tool against spoofing is setting up an SPF record. It lets other servers know which servers are authorized to send your emails. If an email arrives with your email as sender but the server is not on the list, the email will be flagged as suspicious and, in many cases, completely denied. But please note that this is dependent on the receiving server checking the SPF. Not all servers do, and then the email will be delivered regardless.
If you have a website with a form where visitors can send you messages, it is a good idea to make sure that the form is secured and cannot be abused.
What should I do?
Change your passwords
Always start by changing your password if you are still using the password mentioned in the email anywhere. Anywhere where you have used the same combination of email address and password is vulnerable, and it is a very good tactic to change the password to a secure one.
Delete the email
There is no risk as long as you do not reply, click on any links or pay them. You can report the email to the local authorities, but most of them have already received many reports of the same kind so it might not be needed. Check with your local authorities if you are not sure.
Check antivirus and updates
Make sure your computer is safe with antivirus software and regularly updating everything, so you have the latest security updates for your systems. Set up SPF for your domain to help prevent scammers begin successfully in pretending they are you.
Turn on the spam-filter
Quite a lot of the scam emails are automatically tagged as spam so do yourself a favor and make sure to have turned on your spam-filter from the email settings.
If you have any doubts or concerns, please do not hesitate to contact us. Our live chat is always open on One.com/chat.