Spooked by Your Password in Phishing Emails?

Have you received blackmail emails recently that quote your current or previous password? These emails claim to have installed a virus on your computer and threaten to either delete your files or to release personal information about you on the Internet unless you pay a ransom. Rest assured that their threats are empty, they are just trying to scare you into paying up. However, if you still use that password somewhere, change it right away.

“But how did they know my password?”, you may wonder. We don’t know for sure, but maybe it was through a phishing campaign, a keylogger virus, or a website data breach. If you ever clicked a link in a phishing email and then entered your password in a fake web form, you need to change that password right away. You’ve been phished.

If you were ever infected with a keylogger virus or a banking trojan, the virus may have skimmed your password as you typed it. Often, viruses are spread in attachments to phishing emails, so be wary of unexpected attachments and delete don’t open. Forward the message to the IT&S Help Desk at helpdesk@msvu.ca if you want a second opinion.

Sometimes, the cyber-fiends steal usernames and passwords in website breaches. If you are ever affected by one of these breaches, change the password for that account and don’t use the password again. This illustrates why it’s important to use unique passwords for different services and sites. If you use one password for everything and someone gets it, then they have your password for everything.

There’s a new site called Firefox Monitor that will tell you if your credentials were compromised in one of the big data breaches. However, just because your email address comes up clean on this site, you should still use unique passwords for each site, like washing your hands often during flu season.

People re-use passwords for convenience, and it can be hard to remember unique passwords for umpteen sites. That’s why we recommend using a password manager app to store your passwords. These apps remember the passwords for you, and can even generate strong, unique passwords for each site you use.

Most of these password scam emails are flagged with “{Spam?}” in the subject line by our email server, but, because these cyber-ghouls are constantly changing the content of their emails, some sneak by our spam scanners. Just because it doesn’t say “{Spam}?”, doesn’t mean it’s not a scam.

For more password hygiene tips, please see the Password Tips page on the Mount website.