019: Help! Someone knows my password

Help! Someone’s stolen my password.

Over the last few weeks, I’ve had several people come to me with a slightly unusual problem. They’ve received an email where someone has sent them their password, and not surprisingly, they’re fairly confused by that.

Here’s a sample of one of the emails.

In it, you can clearly see your password. It’s from some random person. It’s to your email address (or you wouldn’t have received it) but the To: line also
includes your password as does the body of the email.

In the body of the email is some insinuation that you have been
watching porn and that they’ve recorded you doing it. They also claim to have collected all of your contacts from Messenger, Facebook and email and what they’re doing is basically asking you to pay them $5000 so that they won’t release that information to your contacts.

There’s lots of interesting language in this and there’s also a few things where they’ve covered their tracks well. They’ve asked you to pay in Bitcoin which can’t be traced, they also state that they have a special pixel in this email so that they know that you’ve read it, which can be done.

But all in all it’s a complete scam with one caveat. Your password is actually
publicly known. So, how does something like this happen? From time to time websites get hacked the bad guys are out there poking around at websites and sometimes they find a way in and as part of that they occasionally manage to steal a list of usernames and passwords. In this case, this has happened. These lists are often then put up on websites
or sold.

The long and the short of it is they do actually have your email address
and password (or at least “that” password). Hopefully, it’s not your only password. If you’ve watched Episode #012 where I talk about passwords and
LastPass and having different passwords for different websites.

Basically, it’s blackmail. It’s a scam but it’s a great identifier that that password is publicly known and needs to be changed. But there’s a way
you can check. If you go to haveIbeenpwned.com and there you can put in
your email address and it will tell you if that email address is linked to any
known password breaches.

Some enterprising villain has decided to pair the usernames and passwords found and attempt to blackmail you with them. There’s nothing to worry about from them specifically but it is important to change your password on any site that you’ve used that password on.

Basically you can delete and ignore that email but what you can’t ignore is the message that it’s sending, that you need to change your password. Be alert but not alarmed.

Thank you so much for watching The Tech Doctor. We’re here to help you get to know your computer, be comfortable using it and look after it yourself. We release new episodes every weekend, so please come back and subscribe.

Also if you have any questions for, us please leave them in the comments below.

Thank you so much for watching and have a great day

[Outtake] The word pwned comes from a computer game where somebody
accidentally mistyped the word “owned” it became a bit of an internet meme for being owned by someone else.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.