If you have ever received and email similar to this, sent to me, then don’t panic and certainly don’t pay any ransom.
Even if the password looks valid this is a scam.
“Hi there I’m a hacker who cracked your email address and device a several months ago.
You entered your passcode on one of the web sites you visited, and I intercepted it.
This is the security password from firstname.lastname@example.org upon time of hack: yyyyyyyyyy
Obviously you can can change it, or perhaps already changed it.
Then again this won’t matter much, my personal malware modified it every time.
Do not necessarily try to make contact with me or even find me.
By means of your own email, I uploaded harmful program code to your Operation System.”
It then goes on to claim it has pictures of me taken via my webcam as well as a list of adult sites I am meant to have visited.
He also wants a ransom of $898 or he will post the details onto my social media accounts.
Now, I know I havent been on such sites and I dont even have a webcam.
So, how has he got my email (and possibly a valid password)?
The simple answer is that, over the years, many websites have been compromised. Email addresses and passwords have been stolen and these details have filtered down to low level cyber criminals. As people rarely change their passwords, or worse use the same ones over and over, the scammers are often giving a current password.
What can you do?
A simple way to check is to visit a website haveibeenpwned which will tell you if your details have been compromised in one of these hacks.
If your email address shows as one that has been compromised simply change your password and make sure its not being used on any other sites.
We would always recommend using different passwords for different sites and would suggest using a password manager.