Nobody likes to receive spam emails, and while most are nothing more than irritating, every so often there is one that’s frightening. We’re all familiar with the infamous Nigerian Prince who is just looking for somewhere to park his money, but what if you receive something altogether more sinister? An email that claims to know personal information about you and goes on to threaten oblivion if you don’t do as instructed? Email-based blackmail scams are on the rise, and we don’t see much sign of the trend coming to an end.
In part, this is thanks to data breaches at firms like Ashley Madison and Yahoo. In the case of Ashley Madison, the very nature of the data source coupled with the identities of those who used the service — and subsequently had their data stolen — meant for some very uncomfortable conversations. It also meant a rise in the number of fake blackmail attempts making their way to people’s inboxes, which inevitably leads to panic.
Thankfully, as is so often the case with these things, an analytical approach can save the day.
But, why me?
First of all, we need to work out why you of all people are receiving the scam email in the first place.
The chances are pretty good that your email address was part of a previous data breach, of which there are unfortunately too many to get into here. What we do know is that large companies, whether they are retailers or online services, have been big targets for hackers in recent years, with customer data being stolen.
This does at least give us an idea where to start: you know a scammer has your email address, and they may also have given you “proof” that they have access to more information — or even worse, your computer.
That’s very unlikely to be the case, but we need to be sure. This is also where 1Password and specifically Watchtower has your back.
Time to confirm the story
At this point we know that someone has your email address and, potentially, a password. You may not even recognise the password that the scammer claims to know, but thanks to 1Password and Watchtower, you don’t need to rely on memory.
With data breaches becoming more common, a security researcher by the name of Troy Hunt set up the Pwned Passwords database. This database contains passwords and email addresses that have been “Pwned,” which means they have been stolen following a security breach and have subsequently found their way into the wild west of the Internet. That’s not great, but with Watchtower integrating with the database, 1Password knows when a password has been compromised and, as a result, can warn you.
If the scammer claims to know your password, and shares proof of that, we’d suggest checking whether that password appears in Watchtower. If it does, change the password for all logins that might have used it. While you’re here, change any other passwords that you’ve reused, too. While this won’t prevent any nasty blackmail emails landing in your Inbox and demanding Bitcoin in the future, it will mean you can be confident in ignoring them. Remember, unique, strong passwords are the name of the game here. Let’s not make life easy for hackers by only making them hack one website to gain access to multiple.
Belt and braces
1Password also offers Breach Reports as part of our commitment to keeping your passwords and data safe. The Breach Report, available on 1Password.com, will not only identify accounts you’ve saved in 1Password that may have been breached, but any breached account using your registered email address, even if you haven’t saved it in 1Password yet.
If your search for the password this scammer claims to have doesn’t turn up results, you may have used it for an old account you’ve since forgotten about. Your Breach Report will let you know about these accounts so that you can change the password, add the account to 1Password for the future, or delete the account if it’s no longer in use.
A sigh of relief
Ultimately, if anyone emails you and threatens to “dish the dirt” or claims to have access to your computer, they’re likely being economical with the truth. They clearly have an email address, and they may even have an old password. But that’s fine, because you just checked whether that password is in use and, thanks to Watchtower, you changed the password for any logins that may have used it.
Now you can sit back, relax, and wait for the next Prince to offer you a few million dollars. Don’t be a stranger, either. Be sure to check Watchtower and the Breach Report regularly to stay on top of any further password breaches that may crop up.