Adding insult to injury: Hackers referencing your old passwords to get you to bite…
Passwords and login credentials compromised in past breaches are being used by cybercriminals in their spear-phishing attempts — threatening to expose people unless they pay the criminals in cryptocurrency. Those targeted by this phishing campaign have received emails similar to this one:
Though poorly written, lacking attachments, or links, this email contained the user’s password (first line of email, redacted in black), which luckily was an outdated password from an inactive account. If your account is involved in a breach (or if you expose your passwords via use of insecure WiFi or devices), you are more susceptible to be targeted by social engineering attacks, that rely on human emotions such as guilt, fear, and shame.
This author of this scam was not particularly sophisticated, but many of these scare-tactics still work by manipulating human emotion. While, the hacker may not actually be in possession of any incriminating evidence as the phishing email suggests, Rubica recommends the following:
- Regularly check to see if your accounts have been compromised by using sites such as https://haveibeenpwned.com/ or https://hacked-emails.com/
- If any of your accounts have been compromised, immediately change the password.
- Use multi-factor authentication whenever possible.
- Never open emails, click on links, or open attachments from people you do not know.
Check out our blog on other email-based scams and scare-tactics, to learn how Rubica automatically blocked our customers’ devices from falling victim to these tricks.
