Email scams are nothing new. We’ve all heard of someone’s grandmother sending money overseas to a grandchild in trouble, while the grandchild is in the next town over and clearly not in trouble. Or the Foreign Prince who has a confidential and top-secret request of wanting your money. Most of these scams have red flags such as misspellings, improper English, bad grammar, and usually end up (thankfully) in junk and spam inboxes, but scammers are becoming more sophisticated.
The latest scam attempts to blackmail the recipient. The sender claims to have hacked into the recipient’s computer and used their webcam to capture compromising images of them. So, what makes this phishing attempt seem credible compared to the many other scams out there? A password the recipient has used is right in the subject line.
How do Scammers get this information?
In 2017 The Identity Theft Resource Center® (ITRC) and CyberScout® tracked 1,579 breaches in just the United States! The black market is no doubt swimming with credential information from years of database breaches of major sites and services. There have been so many of these breaches over the years that we’ve become partially desensitized to our information getting into the wrong hands and now scammers have figured out how to use it to their benefit. Thankfully, many of those who have been on the receiving end of this blackmailing scam have noticed the password is an old one or no longer being used. With that being said, there are plenty of people out there who do not change their passwords often or use the same one across multiple applications. These bad password habits convey the credibility the scammer needs to get what they want.
Good Password Habits
Creating good password habits is a must in the age of technology. Here are a few tips for good password habits from PortalGuard, a leader in password management and cybersecurity:
- Update your passwords frequently and across platforms. This seems simple enough, yet with the vast amount of applications that require unique credentials we tend to take the path of least resistance. Following easy-to-remember patterns or using the same username and password on multiple applications can put your information at a higher risk of being compromised.
- Use a random Password Generator, such as Password Safe, which allows you to create a secure and encrypted username and password list.
- Consider using a passphrase, a sequence of words or text, as your passcode. A longer password can help you meet different password policies.
- Strengthen your password policies. Finding the right ‘best practices’ for your organization is important for the end-user experience. Enforce a high level of complexity into how a password is created to ensure better cybersecurity.
- Use Multi-Factor Authentication methods to add a layer of security to your account. Single-Factor Authentication comes with many vulnerabilities, so implementing a second layer can add a lot more protection and security to your organization. This can include SMS Texts, Multiple Questions, a YubiKey, Google Authenticator, or voice call, just to name a few.
There are many steps that you can take to make sure you are fully prepared to thwart an attack; the best being to keep them from getting into your account in the first place.
So our only question for you is: When was the last time you changed your passwords?
Have more questions or want to see how we can help your organization stay secure and reduce Help Desk calls? Click the button below.