Have you received an email saying that your email account has been compromised? Did they also claim to have infiltrated your computer and hacked your web browser and webcam and they are threatening to share 'intimate' footage of you, and your contacts, if you don't pay them bitcoins?
If so, this might make you panic - but each time that we've investigated these threats, they are all fake and are simply a scare tactic.
The reality of email is that it's very easy for someone who is knowledgeable about emails to send a message that 'appears' to come from any 'from' address they wish. So when they say "You can prove that I hacked your system as I sent this message from your account" and the from field says your email address, it really doesn't mean anything at all in terms of vulnerability.
Now, some users receive a message that says something similar to the above, but also includes their password! This can be extra scary, but it's not indicative of a definite attack / hack on your email account. Instead, in the most recent cases, a computer parts / products supplier website hosted in Western Canada was hacked a few years ago and their user email accounts and passwords were compromised. With this information, scammers / spammers are able to send an email out to the compromised addresses with the same password embedded, hoping that the receiver will use the same password for their email that they used on the compromised site, and thus believe that their machine / account has been hacked. However, in reality, it's just a 'hope' on the part of the scammer, and again, not necessarily indicative of a compromised email account.
With all of the above being said, this is a good opportunity to remind all Back2Front clients that the best way to prevent your accounts from being compromised, is to use good password management practices. Actions such as the following are all effective methods to help prevent your password(s) from being cracked:
- Using multi-factor authentication where possible
- Using different passwords on different systems and accounts
- Not using passwords that are based on personal information that could be easily guessed
- Using the longest password allowed by the given system
- Not using words that can be found in a dictionary of any language, etc.
The harder you make it for a hacker to crack your password, the more time and resources they'll have to invest in doing so, and then more likely they will simply move on to easier targets rather than spending a longer time trying to crack yours.
While no password is ultimately uncrackable, it's all about making it difficult enough for a hacker to not bother investing the time to crack your password when there are easier targets available.