Spoofed or Hacked?
I got an email today from someone who tried to tell me I’d visited their virus infested site. This was a more recent type of email intended to frighten you into sending money because they have some sort of evidence of you doing things you woudn’t want publicized.
When this happens to one of my clients, they often wonder where the email sender gets personal information. This is an important question, because if they actually do have personal information, you, or a site you use, may have been hacked.
For example, they might have a user name that you have used. In that case, the question is how easy is it to guess your user name? For most of us, it’s not that hard. Thus having your user name may not indicate they actually have access to permanent records.
If they have a password you actually use, you are much more likely looking at either having been hacked yourself, or a data breach at a company/web site you use. There have been many of these already, so there is a huge amount of that sort of information available.
It’s a good idea unless you’re sure, to check your security at various web sites. I recommend using different passwords for each site. You can use various means of storing passwords. Just make sure you use something secure. That is a subject for another day. Make sure your password cannot be guessed easily. If it can be, that email that contains personal information may be the result of good guessing. Good guessing or not, you’ve still been hacked!
In addition, I suggest two-factor authentication (2FA). It’s a little bit of trouble now and each time you sign in, but it is nothing to the trouble you’ll have if your accounts are hacked.
Remember: Even a site where you don’t share financial or private information can be hacked, and the hacker can get information that helps them figure out how to access another account.
Your e-mail, combined with some personal knowledge, may allow someone to create a convincing fraudulent email that gets you to click on a dangerous like.