The nasty people are sending lots of joy to email boxes far and wide these days making all sorts of claims of having compromising pictures of nice people purportedly viewing bad BAD things on the Internet, then demand payment, often in bitcoin. What makes these emails seem legitimate is that they start out with a username/email and password that DOES belong to you and that you have used in the past. YOU HAVE BEEN PWNED, which is slang for defeated, dominated, utterly destroyed…yeah, it’s not that serious. But, it does indicate that you have vulnerable credentials (username/password combinations) and you should change passwords on sites that you have used those credentials on.
How did they get your info? Through Data Breaches of major internet sites, including but not limited to: Adobe, Ancestry, Bell, Avast, Babynames…oh the list goes on. For us business folk who have been at it a while, LinkedIn was hacked in 2012 and leaked 4 years later, so the password they give you might have been changed in the interim.
What to do – FIRST and foremost, DO NOT BELIEVE ANYTHING THE SCAMMERS SAY! Do not interact with them and do NOT PAY THEM. Change your passwords regularly, and immediately on any sites that you have used the pwned password on. Go to: https://haveibeenpwned.com/, put in your email address and see if you appear on the list. I did – and mine shows 2 breaches, including LinkedIn, so likely the 2nd was a reposting of the LinkedIn credentials. Fortunately, my LinkedIn password is unique and never reused anywhere else. Stay calm, and if you need help or advice, contact us!