Computer/Email Help Needed

[JoeWilly]

Please help.
I recently started using an old email address we hadn't used in years. Today I received basically an extortion email asking me to buy bitcoin and to do so before bad things happen. I've also received a few other suspicious emails--your amazon account expired (I don't have an account). They stated and showed my password (it could be just part of a password we used to use). That password is not associated with the email address where I received the extortion email. I changed my password on the email account just in case. Do I need to do anything else? Is there a reason to shut down this email address? I'm not worried about the extortion piece. I just don't want to get hacked, spoofed, etc., or maybe that's too late.
Thanks for your help.

 

[DaveNV]

Chances are it was just a coincidence. If you've changed the password on the account to something pretty secure, that's about all you can do. (Minimum of eight characters, in some mixed up combination of uppercase and lowercase letters, numbers, and special characters.) The spam emails are just that - spam emails. If this was a Hotmail or Yahoo account or similar, there is a lot of spam that gets through. If you need a new free email address, try using Gmail. I use them very successfully for years. I get very little spam, and things tend to be pretty secure.

Dave

 

[artringwald]

Chances are it was just a coincidence. If you've changed the password on the account to something pretty secure, that's about all you can do. (Minimum of eight characters, in some mixed up combination of uppercase and lowercase letters, numbers, and special characters.) The spam emails are just that - spam emails. If this was a Hotmail or Yahoo account or similar, there is a lot of spam that gets through. If you need a new free email address, try using Gmail. I use them very successfully for years. I get very little spam, and things tend to be pretty secure.

Dave

I agree with everything Dave said, especially about Gmail being better at filtering out Spam. Now if Verizon and Comcast could just get as good at filtering out telemarketer spammers.

 

[R1964]

As long as you didn't click on any links in the email you should be okay.

 

[emeryjre]

There have been databases hacked over the years where your email address and password were stolen. The passwords were not encrypted. The email addresses and passwords are for sale on the dark web to a**holes that have nothing else to do but try to find a way to use this information to steal, coerce, or intimidate the owner of the email.
One scheme involves sending an email that starts with “I know your password”. Restates the password and then goes into a story about how they have video of you watching porn. They go over several other scenarios about spying on you. They ask you to buy bitcoin and deposit it into an encrypted account or they will send the incriminating video to people in your life. Apparently it works as this type of intimidation has grown over the last 12 months.

They have nothing. If the person sending the email had the type hacking skills necessary to do what they profess to be doing, they are working on much larger projects with much higher payoffs

 

[Miss Marty]

Clean out your cookies and internet history on your computer &
Check to see if your email and password are on the dark web!

 

[JoeWilly]

Thank you everyone for your help. Tuggers are the best!

Emeryjre - That is the exact email I got.
One scheme involves sending an email that starts with “I know your password”. Restates the password and then goes into a story about how they have video of you watching porn. They go over several other scenarios about spying on you. They ask you to buy bitcoin and deposit it into an encrypted account or they will send the incriminating video to people in your life.

I wasn't intimidated, didn't click on any links, and certainly didn't buy any bitcoin. The part that bothered me the most was they had a password we've used in the past.

As suggested, I will clean out the cookies and history. I suspect this was caused by a FaceBook hack. I haven't used FaceBook in years, but hadn't used this email in several years either.

How do I check the dark web for my email and password?

Thanks again everyone for your help.

 

[dioxide45]

If your email was a Yahoo email or one that went through Yahoo (most ATT email accounts over the years were actually administered by Yahoo), chances are the account was compromised at some point. Yahoo email has been hacked several times and passwords compromised. Change your passwords, BUT it is also IMPORTANT that you log in to the online account for Yahoo Mail and make sure email forwarding is not turned on. If it is, remove the email address that it is forwarding email to.

 

[JoeWilly]

If your email was a Yahoo email or one that went through Yahoo (most ATT email accounts over the years were actually administered by Yahoo), chances are the account was compromised at some point. Yahoo email has been hacked several times and passwords compromised. Change your passwords, BUT it is also IMPORTANT that you log in to the online account for Yahoo Mail and make sure email forwarding is not turned on. If it is, remove the email address that it is forwarding email to.

Thanks Dioxide -- this is a comcast email account.

 

[Big Matt]

got the same email yesterday on my account that has been open for 15 years. Funny thing about them having videos of me..........I don't have a camera on my computer......a complete scam

 

[JoeWilly]

got the same email yesterday on my account that has been open for 15 years. Funny thing about them having videos of me..........I don't have a camera on my computer......a complete scam

Thanks Big Mat - Did the email have your password in it like mine did?

How do I search the dark web to see if my email and password is out there?

 

[dioxide45]

Thanks Big Mat - Did the email have your password in it like mine did?

How do I search the dark web to see if my email and password is out there?

How to Check if Your Password Has Been Stolen

Many websites have leaked passwords. Attackers can download databases of usernames and passwords and use them to “hack” your accounts. This is why you shouldn’t reuse passwords for important websites, because a leak by one site can give attackers everything they need to sign into other accounts.

www.howtogeek.com

 

[klpca]

Thanks Big Mat - Did the email have your password in it like mine did?

How do I search the dark web to see if my email and password is out there?

Just assume that it is. Change your password, set up two factor authentication and be generally careful. You should just reset your other passwords as well.

 

[JeffC]

Joe, I got the same email yesterday. Mark it as spam and delete it. Check thru your online accounts and see which ones are using the password contained in the email. Then go onto each site and change the password. I found 4 sites that were using the password; one I use regularly, the other three I hadn't been on in years. When I first got the email it was on an iphone, later in the day I went on to my desktop and Google chrome gave me a notice that one of my passwords had been compromised. I was able to change the passwords from the list google created.

 

[bnoble]

It is worth considering a password manager. I happen to use (and like) 1password, but there are others.

Password Manager for Families, Enterprise & Business | 1Password

A password manager, digital vault, form filler, and secure digital wallet. Manage everything in one secure place – 1Password remembers all your passwords and sensitive information, so you don’t have to.

1password.com

 

[bbodb1]

It is worth considering a password manager. I happen to use (and like) 1password, but there are others.

Password Manager for Families, Enterprise & Business | 1Password

A password manager, digital vault, form filler, and secure digital wallet. Manage everything in one secure place – 1Password remembers all your passwords and sensitive information, so you don’t have to.

1password.com

But this assumes the password manager is also secure.......

 

[bbodb1]

In addition to this thread being another reminder about how we should be very careful with our passwords, I would suggest considering the following approach when it comes to your email accounts. I have three email accounts active concurrently.

Email 1: my most secure email address. The only place I use this account is with financial related accounts. I do NOT give this account to ANYONE for ANY REASON.
Email 2: my middle security account. I will give this account to others who I feel legitimately need to contact me. For example, when I referee various sports, I use this account for communication. I still try to be cautious with giving this address out.
Email 3: my least secure account. This is the account I will use when I post on forums and for other uses where I have every reason to suspect this address will be harvested and spammed.

Then, about once per year (or so depending on what I see in these respective accounts), I will roll the accounts - Email 3 is trashed (abandoned), Email 2 becomes Email 3, and Email 1 becomes Email 2. I then create a new Email 1. This has worked pretty well for me in that I have not had too much trouble with span and/or junk on Email 1, just a little on Email 2 and I really don't care about Email 3.

It helps that I have an internet provider who allows the user to create their own accounts.

Just a suggestion...

 

[dioxide45]

Even if you don't use a separate password manager, make sure to use strong passwords. If you use Chrome, you can use it to suggest strong and unique passwords and it will save them for you. It will then let you login across other devices as long as you use Chrome. A standalone password manager is good if you want to use it across multiple devices and browsers.

 

[Talent312]

Some time ago, my bank notified me that someone tried to use "lost password" to hack my account.
It seems it's almost as easy to get a merchant to send you one as it is to steal one.

The bank told me to come in to change my ID name. I did that, and changed the password.

 

[dioxide45]

Some time ago, my bank notified me that someone tried to use "lost password" to hack my account.
It seems it's almost as easy to get a merchant to send you one as it is to steal one.

The bank told me to come in to change my ID name. I did that, and changed the password.

This is why it is important to make sure your email is not setup for forwarding if an email account has been compromised. I had an email compromised and they had access to login to the web mail. They also accessed a MyPoints account (stupidly used the same PW) and they drained the points on Amazon gift cards. Since they had access to the email account, they cashed those cards in. However, they also setup email forwarding (which in Yahoo Mail is kind of hidden). So even if I changed the password, they still saw every email. They could also then use a lot of Forgot Password tools on different sites at odd times of the day or night to reset passwords for just about any account that uses email to reset passwords. Even with a password manager, if they get your email password they can do a lot of damage.

 

[emeryjre]

A word on email, security, info on the dark web. I have an Information Technology background with an emphasis on networks. Very old school and am not up to date since 2005 in terms of certification and the like. If I was in my mid 20's again and choosing a path in IT, it would be cybersecurity. I have engaged in it as a "hobby" for years.

First rule, believe with all your heart that every bit of private information about yourself has been stolen by hackers years ago. The only thing that keeps our money and investments safe at all, is that institutions like banks and credit card companies know this as well. These institutions do everything they can to stay ahead of the a**hole bad guys. Some days the bad guys win, but they mostly lose at the banks and credit card companies, but it is an ongoing war that is fought every day, 24 hours a day.

The latest trend for midlevel hackers is to go after smaller businesses in a variety of ways. The latest and most profitable trend is ransomware attacks on municipalities, hospitals and other governmental agencies. These entities do not spend the time and effort necessary to keep their systems secure.

The latest hacker scam which has not hit the headlines yet, but will soon, is the redirection of the stimulus payments from IRS.GOV. If you have received a payment via direct deposit to your bank account, count your blessings. Many people have had their stimulus payments redirected because of the insanely insecure system established to provide Direct Deposit info to the IRS. But of course, it is not their money.

All I can say in closing, think that somebody is trying to steal your money all the time. Because "they" are.

 

[JoeWilly]

Thanks everyone. I really appreciate the help.

 

[Talent312]

... All I can say in closing, is think that somebody is trying to steal your money all the time. Because "they" are.

This is why I keep email+merchant accounts isolated from places where $$ is kept.
I use very different passwords for $$ accounts, and merchants do not get access.
Except that my CC's, local utility & medigap insurers who can draft from checking.
So there is a risk of disclosure, but think small, as these are trusted companies.
.

 

[stmartinfan]

I was to say “thanks!” to the experts who posted answers to this question. Both my husband and I got emails similar to this today and instead of panicking, I recalled this discussion and could assure him what the likely origin was. It was interesting to see that they made a typo in the password they listed for him - omitted the first letter, but we could still recognize it.

 

[SmithOp]

Scammers buy email / password info on the dark web and send these out to scare people into sending money, etc.

How the dark web makes identity theft easier

The dark web is a fertile ground for identity theft. Here’s how data breaches made a big business out of buying (and selling) personal information online.

www.aarp.org

Sent from my iPad using Tapatalk Pro