This particular e-mail I received invoked anger.
What I got looked like other spam messages, but this one was a little different. It started with the normal junk about my e-mail address being hacked, blah, blah. It looked like a mass e-mail. They alleged that they sent the message FROM my e-mail account (which I noticed they didn’t). But then they revealed one of my personal passwords! Wait, WHAT!?
They said they know the password to log into my e-mail account and then provided “proof” that they actually did. I was not happy. How could this be? How do they know my password?
So after a little digging, here’s what is happening.
This might be the latest tactic to scare people, similar to other scare-ware pop-ups. The whole point is to get us scared, and then motivated to taking action. Usually to the detriment of our bank account (ie. they hope we pay them money).
When they reveal your password, they have likely gotten it from a hacked company that you do business with. Almost every few months we hear about the latest security breach. Last month, for instance, Facebook announced they’ve been hit again. They originally said 50 million users were affected, but last week admitted to “only” 30 million users. They said last week that we don’t need to change our passwords. Phew.
What companies have been hacked that you do business with?
So there’s a website that keeps track of hacked accounts. You can search by your e-mail address and see if you are one of those affected.
In my case, Bitly, a company that provides our shortened web address (type mcs.bz in your browser address bar to see what happens.) was hacked. They stole email addresses, passwords and more.
Some clarification: Like many of you, I use the same password for multiple accounts. The password they revealed to me wasn’t exactly the password used to check the e-mail address they claimed. It was a lowercase “J.” But, in any sense, the password DID MATCH EXACTLY what I had used for Bitly. Now it made sense. So it was Bitly’s password that needed to actually be changed and not my e-mail.
This security breach happened back in 2014. But only now are we seeing what the bad guys are doing with the information.
Check to see what companies have been hacked here: https://haveibeenpwned.com