Twist Development Logo
- FIVE YEARS -

// TwistDev Blog

What to do if you've received
an email saying you've been hacked

24 October 2018
loading text

We've heard lots of reports recently of people receiving emails from 'hackers' saying that their computer has been compromised and demanding a ransom, usually in the form of BitCoin, to prevent any further damage or embarrassment.

These emails are seemingly becoming more sophisticated, and in some cases even include your password to 'prove' the threat is genuine. Here's a helpful guide to show what you should do.

The Email

Here's an example of the email in question:

My nickname in darknet is *redacted*.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from christopher@*redacted*.co.uk is *redacted*

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $820 is quite a fair price to destroy the dirt I created.

First of all - Don't Panic!

The chances are that the threat you've received is simply a hoax, designed to instil enough fear to lure even the strongest-willed user into paying a ransom; and there's some logic to this conclusion.

Think about it - if a hacker truly had access to your computer or email account, they could do plenty of damage without even telling you. They could use a key logger to record your bank card details when you type them in, or even your bank login credentials. This would allow them to syphon off money which could potentially go unnoticed for some time. What reason would they have to tell you they've been hacked and make you buy the Bitcoinfor them?

Another dead giveaway for me was the fact that they'd allegedly been spying on me... I don't even have a webcam!

But they have my password!

This very common email doing the rounds includes your account password in the body of the message to prove the attack is genuine. Now this is very simple and very clever, and it's undoubtedly fooled many; but again the likelihood is that it's still a hoax, though the reason is equally troubling as it is reassuring.

Every year there's a story in the news about a big company that's been hacked. Ticketmaster, Dixons Carphone and British Airways, some of the biggest companies in the UK, have failed to keep hackers out. And when they get in, there's one thing they go straight for - your personal data. Very rarely do they care about stealing anything relating to the company itself, it's your password and credit card details that they want.

Now for the clever bit. This user data ends up becoming readily available on the dark web somewhere and obtained by the composer of the email, and these hackers know that people generally use the same (or very similar) password for everything. That's not a dig at the general population, I mean - who has the capacity to remember dozens of different login details? But in this instance, it gives the attacker terrible ammunition to use against you.

When a user sees an email containing their password (or at least a password they've used somewhere before), it's guaranteed to srike terror into their heart, and sadly the outcome is often devastating. The user then buys the Bitcoinor other digital currency in the hope that the threat goes away. But there never was a threat and what's worse is that digital currency is it's virtually untraceable. Once your made the payment, that's it.

What should I do?

Now I'm not saying that you should ignore the email entirely - that would be foolish. If someone has a password that you've used at some point in the past then there's clearly some room for improvement with your password variations and online security (and some work needed by businesses to protect your data of course). So why not take the opportunity to do a bit of housekeeping and make sure you're not leaving yourself open to any genuine threats.

1. Run a virus scan on your computer

Before you go about changing all your passwords, it's best to double check and make sure that nothing's slipped through your antivirus' net. Run a full system scan, check for threats and follow all recommendations from your antivirus and firewall to minimise future problems.

If you don't have any antivirus software installed and running on your computer, then do something about this immediately! Don't make excuses like, "I don't visit dodgy websites therefore I won't get a virus" or "Surely that's only for people who make online payments". It's rubbish. The threat of attack is very real, it doesn't matter what sites you visit or what emails you open, it only takes one wrong step and you're compromised without ever knowing it.

Machines running modern operating systems will have an antivirus and firewall built in automatically, or you may have some free software like AVG; these will work just fine - just make sure they're enabled.

2. Reset your passwords

This part should hopefully seem the most obvious. Now you've confirmed that there are indeed no viruses on your computer, you can safely update your credentials in the knowledge that you are the only one with that information.

3. Delete old accounts

Think about how many dozens of websites you're signed up to and ask yourself, 'do I really need these?'. Sure enough there'll be accounts that you haven't logged in to for years or even forgotten existed, so take the time to close them down and minimise your exposure. Even just one less potentially hackable business to worry should come as a bit of reassurance.

Below, we'll show you a great tool which checks your email address against a list of known hacked company data to see where the password used in the email originally came from. These should definitely be acted on by changing the password at the very least.

4. Be Careful

Crisis (hopefully) averted - you can now continue using the internet as normal, but let it serve as a warning that whilst the internet is becoming easier, quicker and more useful, you shouldn't be complacent. Keep your guard up at all times and don't give your information or BitCoins to everyone!

Check if you're data has been compromised

There's a useful website which checks your email address against a database of breached data when one of those big companies gets hacked. It's definitely worth checking out to see if you were part of their data slip at any point. www.haveibeenpwned.com

Companies have a duty under the General Data Protection Regulation (GDPR) to notify you if your data has been compromised, however in the past they've not been very good at this - either because their processes are poor or they (embarrassingly) don't even know what data has been stolen.

If your email address pops up on any of those lists, then you should definitely change your password with that business too. When I searched my email there were accounts which I hadn't used for years displaying on there - so I just shut those accounts down all together.

Password Manager Apps and Two Factor Authentication

There are some really useful websites which exist for the primary purpose of password management. They help you to store all your login details in one convenient location whilst helping you with strong, unique passwords for each website you visit. Best of all, these are often encrypted which means that if you ever do get hacked, the scrambled passwords stored in the config file will be unusable by the modem-borne miscreant.

A good one that I've been using for some time is Dashlane. It's free and easy to set up, with premium features available including the ability to sync between your devices. www.dashlane.com

Another great tool is Two Factor Authentication, which most popular sites have the option to enable. When you sign it it'll ask for an authentication code either sent by text to your phone or using a separate (free) app on your mobile device. More on these options in a later blog.

Conclusion

In summary of all the things we've thought about in this post, if you receive an email claiming that someone has hacked you - they probably haven't. So don't panic, DO NOT pay any random, and use it as a good opportunity to review your security measures.

Christopher Neal
@realchrisneal

Sources & Links

Techworld's summary of infamous data breaches at www.techworld.com
Check if you've been hacked at www.haveibeenpwned.com
Securely store all your passwords with www.dashlane.com