A new scam is doing the rounds: you get an email saying someone has been watching you on your webcam surfing adult websites and ‘doing inappropriate things’ and threatening to send a video to your family and friends. All you have to do to prevent it is pay a sum of money, usually via bitcoin. What lends this email a whiff of truth is that it contains one of your passwords. Should you panic?
In short, no. Over the past few years, many big-name sites, such as LinkedIn, Facebook, Evernote and even our own Ster-Kinekor, have experienced privacy breaches. Some of these have resulted in lists of usernames, emails and passwords being sold on the ‘dark web’ to fraudsters who can use them in scam emails such as those currently being sent out. So while these fraudsters may have one of your passwords, the chances of them actually having hacked your webcam and been spying on you is very low.
You can check if your security has been compromised on this website.
1. Change your password(s)
The first thing you should do (after reporting the email as spam, blocking the sender and deleting it), is change all your passwords, starting with the one that’s been compromised. We’re betting that that one password probably unlocks your access to more than one website - a bad habit you should break.
Here’s how to change your password on:
How to create a strong password
‘Password’ won’t cut it. Neither will ‘Passw0rd’. It’s time to branch out a little to trick the tricksters.
Your password should:
- Have at least 12 characters. The longer the better.
- Includes numbers, symbols, upper and lower-case letters. Use a mix to make it harder to guess.
- Preferably isn’t a common word, or combination of words.
- Doesn’t use obvious substitutions - such as Passw0rd.
- Be something you can remember. Perhaps if your name is John, you could make up a sentence using the first letters of your name like ‘Jeff Offers Her Nutella’ and mix it up with some letters, numbers and characters to ‘jOhn&oFfers8hEr&nUtella8’. We’ve capitalised the second letter of each word, and alternated symbols in the spaces between each word with either & or 8. We won’t pretend that’s not challenging to remember, but it’s not impossible.
- If you really think you can’t remember your password, write it down somewhere safe. It’s better written on a piece of paper than saved somewhere on your computer, as hackers are unlikely to have access to your desk drawer.
Also consider activating 2-factor authentication on sites that offer it, such as Google. That means you’ll not only need your password, but also a second method of sign-in, such as a One-Time Pin (OTP) that you’ll receive on your phone. So even if the hackers get hold of your password, they won’t be able to sign in to your account.
2. Consider using a password manager
There are many password managers out there designed to tackle this exact problem. By using a password manager, you’ll only have to remember one password for all your websites, not 20+. Some password managers that are commonly recommended are LastPass, 1Password and Dashlane - there are free and premium, paid versions, depending on what you need.
A password manager will remember all your passwords for you, and a good one should work across devices, and autofill forms and logins to make life easier. Most also generate random passwords for you, so they’re super secure. LastPass, for example, not only stores passwords but also payment cards, bank account details, and important notes.
3. Learn more about phishing, hacking and scams
- How to keep your data safe on public Wi-Fi networks
- How to avoid phishing here and here.
- How to keep your smartphone data secure on Android
- How to avoid being the victim of a Sim swap.
- If you’re a Samsung user, read more about Knox, Samsung’s bespoke security software.