On Sunday morning I received an e-mail from my Dark Web monitoring service stating that one of my passwords had been found on the Dark Web. After logging on to my monitoring service, I noticed the password was a rather old one that I had not used in the past. I made note of it, acknowledged the alert, and went on with my Sunday.
Later that day, I received an e-mail purported to be from a hacker. In the e-mail, the hacker says that they have software installed on my computer monitoring my every move, including web cam photos. They threaten to release all sorts of incriminating information about me unless I pay a ransom. To prove it, they display a password... but, the password matches what I saw earlier from the Dark Web alert.
Because I had the Dark Web alert telling me specifically which password was compromised I could, with great confidence, assume that this e-mail was a hoax and call their bluff. Yes, they had my password, but it wasn't a current one and they did not obtain it in the matter they allude to.
So... what's the problem?
The problem here is that they faced a sophisticated mark who is well prepared and savvy about their tactics. The average person is NOT well prepared and is NOT savvy about their tactics so they would likely react with alarm and shock, leading to panic.
Our goal is to raise awareness of tactics being employed by attackers and equip with tools to aid in making informed decisions. That said...
What can I do to protect myself and my business?
I get this question ALL THE TIME! And I'm glad I am getting it because it means folks are paying attention. This type of attack is easy to spot and easy to protect against when you:
- Train all your employees REGULARLY: awareness is the key. A small dose of paranoia is your friend!
- Never re-use passwords: I've previously written a great article on how to select a great password!
- User a password manager: Because of #2, you're going to want some help managing the multitude of passwords that you will need to keep all your online accounts safe.
- Invest in Dark Web monitoring: Knowledge is power. If you know that a piece of information has been stolen and what that piece of information is, you can keep it from being used to attack you.
I'm sure you've got questions, but most importantly, you want to know if your passwords are out there. Fill out the form on this page and we'll run a Dark Web Scan and send it right over!
