Have I been compromised?
QI received an email that concerns me. The subject line appears to list a password that contains some of the characters in the correct order that I’ve used, and then the email body is basically trying to extort money from me, claiming that I’ve visited an adult website and that my webcam recorded me ‘having fun’. I’m being asked to pay $2,000 to avoid embarrassment. Given I’ve never visited this (or any adult site), I’m pretty sure it’s a scam, but those password characters worry me. Should I be concerned? David Hargeaves Mayank’s solution The email is a complete scam, but there’s some truth behind it. First, you’ve been targeted because your email and some old passwords exist on a database containing old leaked passwords and emails. The threat itself is empty, but it’s a timely reminder to make sure you regularly update your passwords and avoid reusing the same ones. Use a free tool like LastPass (www. lastpass.com) to generate strong, random and unique passwords for your online accounts, and make the effort to update them every six months or so. Also consider employing two-factor authentication (2FA) for particularly sensitive accounts – use Authy (www.authy.com) to enable you to supply 2FA codes from more than one device.
Extra security Add two-factor authentication to all your key accounts.