How to Handle Ransom Emails and Being "Pwnd"

Email Security and Being Pwnd

Technology can be frustrating and sometimes downright scary, even for those who have been using it for decades. That is why knowing and implementing the proper security protocols is essential.

Unfortunately, when faced with techie issues that many users do not understand, they either believe the farce and overreact or choose to trivialize the critical problems. I see it every day. So, let’s get you all the info you need.

Have you been pwnd?

Being “pwned” means having your account or personal information compromised or hacked. It originated as a typo for “owned” in online gaming and is now widely used to describe any form of unauthorized access or control over someone’s data, devices, or accounts. If you’re “pwned,” it often means your username, password, or other sensitive information has been leaked or exposed.

How to Prevent Getting Pwned

Use Strong, Unique Passwords: Avoid simple passwords or reusing them across sites. Use a mix of letters, numbers, and symbols.
Enable Two-Factor Authentication (2FA)): This adds an extra layer of security by requiring a second form of verification (such as a code sent to your phone). (If you have a website, too!)
Update Software Regularly: Install updates for your operating system, apps, and security software to stay protected from vulnerabilities.
Use a Password Manager: These help generate and store complex passwords securely, reducing the need to remember each one.
Be Wary of Phishing Scams: Phishing is one of the main ways attackers gain access. Avoid clicking on suspicious links or downloading files from unknown sources.
Check if You’ve Been Pwned: Websites like Have I Been Pwned allow you to check if your email or phone number has been part of a known data breach.

Implementing these measures will significantly reduce the risk of being pwned.

Keep on Top of Your Data

Based on my credit reporting service, I know that my primary email address has been in 23 data breaches. 23! I’m not as concerned as most would be, as I am only online for business and do not cross-pollinate logins between business and personal stuff.

The latest scam involves receiving an email in your inbox from someone who claims to have your email account password. They note your email address and a password you may have used in the past.

If it is a current password, immediately change it to the most complex, crazy password possible. Changing the password ends that right then and there—access denied.

Some of these emails will state they’ve also hacked your webcam and that they have recorded that you’ve been to adult websites along with some other scurrilous activities. Don’t take the bait. (This is where installing security software on your devices is a must.)

Most Are Just Hoaxsters

These emails are usually not from hackers who have actually hacked your account. Due to the numerous data breaches, they could have just acquired your information from the dark web.

These frauds have no idea where your email is hosted, nor do they care. They are just trying to make you believe that they have access.

This is why if you use your domain name for email, ensure it is shielded with a privacy service.

Fake Extortion

In most cases, they want to extort money from you.

Extort:
to wrest or wring (money, information, etc.) from a person by violence, intimidation, or abuse of authority; obtain by force, torture, threat, or the like.

These emails can also claim they’ve tapped into your webcam and taken screenshots of what you were doing and viewing, threatening to expose you. Or they may note that they accessed your computer and installed a trojan horse virus that is waiting to be activated unless you pay up. You only have to send them some money or Bitcoin, and they’ll go away.

These hoaxers are good at sounding legit but don’t fall for it. I’ve received many of these, proclaiming they have evidence of what I do online. Good for them. I am one of the most boring online users; all my activities are benign and business-related. (They are hoping to find someone with something to hide.)

The email addresses noted in their threat are not accounts they can login to (they are forward addresses), and in my case, the passwords are those I used years ago.

It is also recommended that you cover or turn off your webcam unless it is in use. Regardless, change your email account password to something almost impossible to hack regularly, and do not use that password for anything else.

However, always remember that nothing is infallible. That’s why you want to be aware and vigilant about your email security.

The More Difficult Your Password (for you, too), the Better

When it comes to your email security, your most essential and guarded information relies on your password being unique to you and not known to others. Even in a business environment, outside of the IT gal or guy, no one but the user should have access to others’ passwords.

Creating complex and hard-to-guess (and remember) passwords is one of the most critical security issues you can control. That’s why I use an app called LastPass. The app allows me to have complicated passwords without having to remember them. You can add the app to your browser and cellphone so you have your passwords with you at all times.

Do not create passwords that one can guess if they look at the items on your desk, photos of your family or pets, or if they know about your hobbies. That is why you want passwords that are even difficult for you. That means others will not easily guess them as well.

Tips to Create Strong Passwords

Length: Make your passwords long with twelve or more characters.
Complexity: Include letters, punctuation, symbols, and numbers. Combine upper and lower case. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing “and” to “&” or “to” to “2.”
Variation: To keep strong passwords effective, change them often. Set an automatic reminder to change your passwords on your email, banking, and credit card websites about every three months.
Variety. Don’t use the same password for everything. Cybercriminals steal passwords on websites with little security and use the same password and username in more secure environments, such as banking websites.

Check out the LastPass Password Generator.

Your Email Security is in Your Hands

Internal and external threats abound. If you haven’t had to deal with any yet, that in no way negates their existence. You are probably on borrowed time.

So stop right now and change your email password to mitigate any risk from previous data breaches. Good job!