您是否收到过主题行中包含密码的威胁性电子邮件?您的密码已泄露,但通常是自动骗局,没有直接威胁。以下是如何保持安全。
通常,这种自动电子邮件骗局会要求以美元或比特币支付大笔赎金。如果您不回复,可能会要求您将露骨的照片和视频发布到网上。
首先(First),如果您收到这封电子邮件,请不要担心。没有人有任何关于你的明确媒体。最重要的是,您不应该感到有汇款的压力。相反,让我们首先看看电子邮件是如何发送的,以及您的密码在电子邮件标题中的位置。之后,我将解释如何在线保护自己。
什么是“我知道您的密码”电子邮件威胁诈骗?
您使用了过去存在安全漏洞的在线服务。结果,您的电子邮件和密码已在网上出售给犯罪分子,企图向您勒索钱财。有时这些信息可能已经过时。
例如,它可能会在主题行中显示您的旧密码之一,但实际上它与您的电子邮件地址完全无关。如果它与您使用的电子邮件帐户的密码匹配,则应立即更改您的电子邮件密码。( immediately. )
现在就去做。将此页面添加为书签(Bookmark),然后在更改后返回该页面,我将分享确定您的任何其他帐户是否已被破坏的步骤。
既然我已经解释了这个骗局,那么我们将采取以下措施来保护您的在线帐户。
- 采取措施确定哪些账户遭到破坏。
- 更改被破坏帐户的密码。
- 考虑使用密码管理器来确保您的帐户在未来不会受到威胁。
我为下面的每个步骤创建了单独的部分。请(Please)仔细按照每个步骤来保护您的在线帐户。
如何确定哪些帐户已被(Been)黑客入侵
我们可以使用一个名为haveibeenpwned的强大的免费在线工具来确定我们的哪些在线帐户已被黑客入侵。
该服务会跟踪过去哪些在线服务和网站的数据遭到泄露。您需要做的就是输入您在线使用的所有电子邮件地址。
Haveibeenpwned 将根据连接到这些电子邮件地址的任何服务是否被黑客入侵来返回结果。您必须记住您在线使用的所有电子邮件,以确保您的密码没有被泄露。
要使用该服务,只需在网站的输入字段中输入您的电子邮件地址,然后单击pwned?
如果你得到结果Oh no – Pwned!,这意味着您的电子邮件被发现订阅了数据泄露的网站或服务。您可以向下滚动查看您被破坏的位置。
列出被破坏的服务。对您在线使用的所有电子邮件重复此过程。这可能是一个漫长的过程,但值得花时间在网上保护自己。
如何更改被盗在线(Breached Online)帐户的密码(Passwords)
获得服务列表后,您应该访问这些服务中的每一个并在那里更改您的密码。如果您曾经在其他地方使用过该密码,您也应该在那里更改它。
例如,如果您在last.fm上拥有一个帐户并使用密码 – secretpassword123,那么任何共享该密码的帐户也可能存在风险。无论您在何处在线使用该密码,您都应该更改该密码。
如果您的任何电子邮件帐户共享任何泄露的密码,您也应该更改您的电子邮件密码,并确保您设置了足够的安全功能,例如两因素身份验证。大多数电子邮件服务(例如Gmail和Outlook)还允许您查看最近的登录信息并注销所有设备。
如何使用密码管理器(Password Manager)确保自己的在线安全
在线帐户的主要问题之一是大多数人在多个服务中使用相同的密码。这可能意味着有动机的犯罪分子可以找到您的所有在线帐户并访问它们。
通常,犯罪分子更容易批量购买被泄露的详细信息和批量垃圾邮件,就像这篇文章中提到的那样。但是没有什么能阻止犯罪分子挖掘他们拥有的被盗数据并试图用它来登录您的社交媒体、银行账户或其他可能包含敏感数据的平台。
您可以做的最好的事情是确保您的所有在线密码都是不同的。有两种安全的方法可以做到这一点。首先是将所有密码写在纸上,放在安全的地方。或者,您可以使用密码管理器(use a password manager)。
密码管理器可以为您的帐户生成极其困难的密码并加密该数据。通常,您有一个主密码,可将您登录到密码管理器,然后您的所有在线密码都可以从那里复制过来。
您可以在此处详细了解密码管理器的工作原理以及最佳选择。(how password managers work and which are the best choices here.)
概括
我希望这篇文章有助于缓解一些压力。每当您收到不请自来的要钱的电子邮件时,通常威胁很小。
就像我在这里谈到的这个骗局一样,通常有一个不那么令人担忧的解释。但是,自我教育并采取措施保护您的在线帐户仍然至关重要。
How To Protect Yourself From Threatening “We Have Your Password” Emails
Have you received a threаtening еmail with your password in the subject line? Your password has leaked but usually it’s an automated scam with no immediate threat. Here’s how to keep safe.
Usually this automated email scam asks for a large ransom in dollars or bitcoin. It may demand that if you don’t respond, your explicit photos and videos will be posted online.
First of all, if you get this email, don’t worry. Nobody has any explicit media of you. On top of this, you shouldn’t feel pressured to send any money. Instead, let’s look at how the email was sent and how your password is in the email title in the first place. After, I’ll explain how to protect yourself online.
What Is The “I Know Your Password” Email Threat Scam?
You used a service online that had a security breach in the past. As a result, your email and password has been sold online to criminals in an attempt to extort money from you. Sometimes this information may be outdated.
For example, it may show one of your old passwords in the subject line, but in fact it isn’t related to your email address at all. If it does match the password of the email account you are using, you should change your email password immediately.
Do it right now. Bookmark this page and then come back to it once it’s changed and I’ll share what steps to take to determine if any of your other accounts have been breached.
Now that I have explained the scam, here’s what we are going to do to protect your online accounts.
- Take steps to identify what accounts have been breached.
- Change passwords to breached accounts.
- Consider using a password manager to insure your accounts don’t get compromised in the future.
I have created separate sections for each step below. Please follow each step carefully to protect your accounts online.
How to Identify What Accounts Have Been Breached by Hacks
We can use a powerful free, online tool called haveibeenpwned to determine which of our online accounts have been hacked.
This service keeps track of which online services and websites have had their data breached in the past. All you need to do is enter all the email addresses you use online.
Haveibeenpwned will then return results based on whether any services connected to those email addresses have been hacked. You must remember all emails you’ve used online to ensure your passwords haven’t been compromised.
To use the service, simply enter your email address in the entry field on the website and click pwned?
If you get the result Oh no – Pwned!, it means your email was found subscribed to a data-breached website or service. You can scroll down to see where you were breached.
Make a list of breached services. Repeat this process with all emails you use online. It may be a long process, but it’s well worth taking the time to protect yourself online.
How To Change Passwords To Breached Online Accounts
Once you have your list of services, you should go to each of these services and change your password there. If you have ever used that password elsewhere, you should change it there too.
For example, if you had an account at last.fm and used the password – secretpassword123, any accounts that share that password may be at risk too. You should change that password wherever you may be using it online.
If any of your email accounts share any breached passwords, you should change your email passwords too, and ensure you have adequate security features set up, such as two factor authentication. Most email services, like Gmail and Outlook for example, also allow you to see recent logins and log out of all devices.
How to Use a Password Manager to Keep Yourself Safe Online
One of the major problems with online accounts is that most people use the same password across multiple services. This could mean that a motivated criminal could find all of your online accounts and gain access to them.
Typically, it would be easier for criminals to bulk purchase breached details and bulk spam emails like the one that brought you to this article. But there’s nothing stopping criminals from digging through the stolen data they have and trying to use it to log into your social media, your bank accounts, or other platforms that may have sensitive data.
The best thing you can do is to make sure all of your passwords online are different. There are two safe ways to do this. The first is to write all of your passwords down on paper, somewhere safe. Alternatively, you could use a password manager.
Password managers can generate impossibly difficult passwords for your account and encrypt that data. Typically you have one master password that logs you into your password manager, and then all of your online passwords can be copied over from there.
You can learn more about how password managers work and which are the best choices here.
Summary
I hope that this article has helped to relieve some stress. Whenever you receive unsolicited emails asking for money, usually the threat is quite minimal.
Like this scam I talked about here, there’s often a less worrying explanation. However, educating yourself and taking steps to protect your online accounts is still crucial.