“Your Password” Phishing Scams – But They Had My Password!

Your Password phishing scams are nothing new.  Email phishing scams that actually have your password are something new and on the rise rapidly.  The FTC says that ransom email is the now the number one phishing scam.  This newest version is the most real yet.

This week I received an email that I talked about in an earlier article.  The subject line of the email had a password that I actually used.   The funny part is that I hadn’t used it in years.  Since I am in the tech world, I have an encrypted list of passwords hidden in a couple of places.  At last count I had over 600 websites, servers or pieces of equipment that required a password.  As you know some devices require a 4 digit pin.  Others a 6 digit pin.  Some banks don’t allow special characters.  Others require it.

Your password is safe here - host your website at FireRock
Host Your Website at FireRock.Online

Many many years ago, so many ago I won’t admit it because then I have to say the “o” word, I learned how to create passwords.  Early on just adding a number in between a word was enough.  Eventually we replaced letters with numbers, added special characters and next thing you know your password is nuts.  Apple Safari has an auto suggest feature for passwords, which appears handy, but lately, the “auto saved” passwords on my macs haven’t been playing nice with my new iPhone X.

When you enter your password into a website the idea is that your iPhone should know the password and you can essentially forget about it.  It used to work, now it doesn’t.  In some ways this is the safest method because you don’t even know your password.  I turned off face recognition after a friend showed me how easy it was to access my banking by holding my phone to my face.  More secure?  Not if you are grabbed on the street and they want all of your money or your friends just want to jack with your phone when you aren’t looking.

The other thing about Apple auto suggest passwords is they are the same length and have the dashes in the same spots.  You just made a hackers job easier by defining how your password is generated.

Sadly there are no easy answers in the world of cybersecurity.  The best advice I have is to create your own password, make them weird like B3ach-$treet_N3ws!  The tough part is remembering all of that stuff.

The email I received said that in 24 hours my entire contact list will get a video of me watching porn at my computer if I didn’t pay.

The steps to take if you receive an email with your password

  1. Forward it to spam@uce.gov,
  2. Mark the email as junk mail
  3. Delete or trash it.
  4. Empty Trash
  5. Run an anti-malware program to clean up your computer
  6. Go change your password everywhere that one was used.

Thankfully the password that was sent to me was an old one.  I am starting to wonder if they purchased an old computer from a company I was a customer of and that is how they got the password.  It also wasn’t one of my more cryptic passwords, so it isn’t anything I used for banking, home security, or even my laptop.  It did get my attention in a big way though.

Hopefully all of my friends won’t see a photoshopped version of me watching porn today but if they do, that is the price of being an actor.  It’s not like it is hard to find a photo or video of me online.  Even if you aren’t an actor, google yourself and see how many photos of you are out there.

Maybe I can get SAG-AFTRA, aka the actors union,  to get me a cut of the guys profits from the scam.  If the video does go out, sorry you had to see that Mom, but it wasn’t me.  Well it wasn’t me unless the video I am watching is @vancityreynolds in #Deadpool and I am laughing so hard I p a little, then yup, that might be real.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *