Someone Sent Me an Email with My Password in it: How did they get it and what do I do?

You may receive an email and the subject line (or message body) shows lists a password you have used. The sender says that they have hacked your computer and/or account and now have control of your computer and/or account and are trying to extort you for money. The message may be along the lines “…I have seen your browsing history and am going to send this information to everyone in your contact list if you don’t pay me…”

Have they really compromised my computer or account? The short answer is that they probably have not gotten into your account and it is highly unlikely they have managed to get into your computer. If they had been able to compromise your account and/or computer, there is likely more value in continuing to access, monitor and use your account than to alerting you that they had gotten in.

Where did they get my password? Again, to cut to the short answer, most of these originate from large organizational data breaches from years ago. Sometimes this information can originate from Phishing or Spear Phishing scams, but, most of them come from the vast amount of information gained from large data breaches of retailers and other data handlers in years past (Equifax, Target, TJMaxx, etc etc).

What should I do? Check your email address on this site: https://haveibeenpwned.com/ to see where it may have been compromised. If you haven’t already, change passwords related to any and all breaches. Don’t use the same password more than once, use complicated passwords and change them regularly. Whenever possible use two-factor authentication. In order to manage complicated individual passwords, consider using a password manager like Bitwarden (https://bitwarden.com/). Do not reply or otherwise interact with the scammers. There is nothing to be gained from replying. At best you are telling them that you have seen their threat and are therefore a better candidate for further attempts.

Your computer security is our primary concern. If you think your computer has been compromised, give us a call or drop by the office so that we can ensure that it is not compromised.

– Fox