Suspicious & Threatening Emails: How to Stop It?

  • Thread starter sandy stone
  • Start date
In summary, your email account may have been hacked, and your password may have been leaked. You should change your password and/or use multi-factor authentication.
  • #1
sandy stone
232
159
Within the past 24 hours, my wife has received 2 emails, one suspicious and one threatening, seemingly from her own email account. The threatening email explicitly quoted her email password, which is also the password for accessing our account at our ISP. This is under Windows 10, using the email app bundled with Win10. The emails also show up when accessing our ISP account directly. Malwarebytes and Windows Security both assure me our system is clean.
What is going on here, and more importantly, how can I stop it from happening again?
 
Computer science news on Phys.org
  • #2
There has been a data breach, either at your email provider (edit: although this is unlikely) or at some other service linked to your email account using the same password. Edit: this breach may have happened some time ago: for instance data breached from LinkedIn in 2016 is still 'doing the rounds'.

You can get some more clues by entering your email address at https://haveibeenpwned.com/.

You should obviously change that password wherever you are using it immediately. I use a password manager to set and manage secure passwords for all my accounts.
 
Last edited:
  • Like
  • Informative
Likes Janosh89, sysprog, jedishrfu and 1 other person
  • #3
Thanks! I was not previously aware of that website.
 
  • #4
sandy stone said:
What is going on here, and more importantly, how can I stop it from happening again?
Change your password?
 
  • Like
Likes sysprog
  • #5
Borg said:
Change your password?
You shouldn't have "a" password. That would be like having your car key the same as your house key. Someone gets one, they get both.

You want a password manager. That has a local password, like "correcthorsebatterystaple" (well, maybe not that one) and that is used to generate individual passwords for every site. Passwords like 8o$E0YbfM*xzthFOt*lj, 7Dq*4hs2U@LHaoCUmx96 or bG48@C*C*Qn5*98JIgIM. I won't say this is bullet-proof, but it is bullet-resistant.
 
  • Like
Likes sysprog
  • #6
Yes, passwords.
 
  • Like
Likes sysprog
  • #7
Thank you all, food for thought.
 
  • #8
I've had this before, the password was a generic one I use for multiple sites non important sites (i.e sites like forums which do not have any personal identification / financial details present.) I just assumed at some point one of the web sites had been hacked and they just used this password to try and scare me.

This is likely what has happened to you, the scammers try and scare you into making quick and rash decisions where in reality there is nothing major which has been compromised.

In terms of the e-mail appearing to come from yourself, this is a very simple to do with a few basic commands if you have access to an e-mail server configured as a relay. That "from" e-mail address is just plain text, it's just your e-mail server adding it in manually when you send an e-mail but you can configure it to say literally anything.

In this case setting it your your own e-mail address just serves to re-enforce the fear / belief that your account / computer has been hacked when that is not necessarily the case.
 
  • Informative
  • Like
Likes sysprog and PeroK
  • #9
MikeeMiracle said:
I've had this before, the password was a generic one I use for multiple sites non important sites (i.e sites like forums which do not have any personal identification / financial details present.)
As others said, this is very bad practice on your part. Stop doing that immediately for your own good.

Others also told you to get a password manager. I use one. It costs me $29/year. I let it choose very long and difficult passwords for my accounts. It synchronizes across all my devices. It even automates password changing on popular sites as often as once every 30 days.

When a data breach occurs, and the login credentials for many clients are stolen. As many as 300 million at a time. The stolen data becomes available for sale on the "dark web" It is easy to buy millions of user credentials on the dark web. But it may take many months for your stolen data to be sold or exploited. That is why frequent password changes give better protection than hard-to-guess passwords. If you change them every 30 days, the stolen version is not likely to be exploited by bad guys before the 30 day limit.

Several sites are also pushing us to use multi-factor authentication. For example, to get access you need the correct user name and password and use of a computer that you used before. So a criminal could not get access with your stolen password using the criminal's computer.

IMO multi-factor is difficult to use and very inconvenient. I prefer the password manager.
 
  • Like
Likes sysprog, PeroK and Vanadium 50
  • #10
anorlunda said:
As others said, this is very bad practice on your part. Stop doing that immediately for your own good.

I'm not the OP ;)

In either case, I do not repeat passwords on anything "important." If my PF account get hacked I have lost nothing, even if it did offer multi factor authentication (MFA) I would not use it as it's mildly annoying. I use separate randomly generated passwords on any sites which have any personal identifying information or financial details on it. MFA is a very useful tool against hacking and should be used for important sites, I just think it's unnecessary for generic sites with no personal loss if they are compromised.

Gone are the days when people hacked others for "fun" like they used to do in the good old days, these days they are organised criminal gangs looking to exploit you / your information for financial gain. If there is no gain then they won't bother with it so there is no need to go over the top with your protections for those sites in my opinion.

As annoying as MFA is, it's preferable to constantly changing login details. This I would find a pain, especially if you have logins for many different places you need to change them. Frequent password changes are also not required if your using unique passwords in every site as any stolen login details cannot be used elsewhere.

I do not trust any of the online password managers, they are all susceptible to being hacked, I believe Lastpass was hacked last year. Sure they are "convenient" but convenience and security do not go hand in hand from my experience.

The only online password / cloud backup services I would use are designed with a so called "Zero Knowledge" policy. This means that data is encrypted using your login details on YOUR computer and only encrypted data is copied to and from their online servers. To decrypt it it requires your login details and that decryption takes place on YOUR computer.

If your account got hacked all the hackers would see is encrypted data and without the login details they have no way of decrypting it. There is no "master key" which can unlock data in a "Zero Knowledge" system by design. This also means that if the company is approached by law enforcement to gain access to your data, they also are unable to decrypt your data. The only possible drawback to this design is that by definition only your login details can decrypt your data so if you lose your login details there is no way to recover the data and it's lost permanently.
 
  • Skeptical
Likes pbuk
  • #11
MikeeMiracle said:
I do not trust any of the online password managers, they are all susceptible to being hacked
References?
MikeeMiracle said:
I believe Lastpass was hacked last year.
I don't: reference?
MikeeMiracle said:
The only online password / cloud backup services I would use are designed with a so called "Zero Knowledge" policy. This means that data is encrypted using your login details on YOUR computer and only encrypted data is copied to and from their online servers. To decrypt it it requires your login details and that decryption takes place on YOUR computer.
Oh, https://www.lastpass.com/how-lastpass-works you mean?
 
Last edited:
  • Like
Likes anorlunda and Vanadium 50
  • #12
MikeeMiracle said:
The only online password / cloud backup services I would use are designed with a so called "Zero Knowledge" policy. This means that data is encrypted using your login details on YOUR computer and only encrypted data is copied to and from their online servers. To decrypt it it requires your login details and that decryption takes place on YOUR computer.
Does that mean, when you visit any log-into sites, you must let the browser KEEP the cookies after closing the browser? So clearing the cookies after each browser session, or using 'private' or 'incognito' mode will ensure you cannot log-in to your online accounts later?
 
  • #13
MikeeMiracle said:
In either case, I do not repeat passwords on anything "important." If my PF account get hacked I have lost nothing,
It's not about what you've lost; it's about what they've gained.

A common practice in identity theft is to use hacked low security data to help hack higher security data.

They work their way up the ladder. Like starting with a worthless Costco card and ending up with a valuable forged passport.
 
  • Like
Likes Pyter
  • #14
symbolipoint said:
Does that mean, when you visit any log-into sites, you must let the browser KEEP the cookies after closing the browser? So clearing the cookies after each browser session, or using 'private' or 'incognito' mode will ensure you cannot log-in to your online accounts later?

Why would I not be able to login to these site afterwards? What happens the first time you visit a site? It copies a cookie onto your computer just like any time one is required and not found. Sure it means you have to login to a website each time you visit it but so what, it's a minor inconvenience and prevents tracking cookies from getting anything meaningful.

I either:

1) Open a browser in a sandbox which auto deletes everything when the browser closes including cookies and data obtained during that session.
2) Browse using Firefox which has a bunch of extensions which refuse cookies by default, you can choose to allow them per session but they get deleted afterwards. With this setup the plug ins also block all javascript / cross site scripting connections etc, again you can allow it on a per sessions basis but nothing is kept after the browser closes.
3) Browse using a virtual machine with a non-persistent disk, as soon as you power off the VM any changes / downloads that have occurred since you powered it on are wiped out.

Option 3 is the safest method and I know form previous threads on this forum that I am not alone in doing so.
 
  • #15
DaveC426913 said:
It's not about what you've lost; it's about what they've gained.

A common practice in identity theft is to use hacked low security data to help hack higher security data.

They work their way up the ladder. Like starting with a worthless Costco card and ending up with a valuable forged passport.

And what have they gained? An e-mail and a password for web sites where I have no personally identifiable info not even my name.

I have 2 separate e-mail address. My main personal e-mail address using my own domain on a e-mail server I run myself. Any sites with any personally identifiable info I have unique login details for, use my main e-mail address, long passwords and if possible multi factor authentication. The second e-mail address is with a cloud provider and is used whenever I login to sites with no personally identifiable info.

By definition sites with personal identifying info are generally quite hot on security, more so than sites without any personal data.

As you can see I'm not just using 1 browser install with 1 e-mail address and have everything linked to it. Doing so means you need to take all the extra security considerations at all times. This is what the majority of the public does and the extra precautions are required. If you can split things up and separate out the "important" and "non-important" stuff you do online then you know when to be cautious and when you can be more relaxed.

I have always been focused on security since long before it was even a thing the public were aware of. I have put a lot of thought into it and how to keep things secure via separation. I even have a dedicated VM just for entering financial information into which gets "wiped / reset" after each use.
 

FAQ: Suspicious & Threatening Emails: How to Stop It?

What are suspicious and threatening emails?

Suspicious and threatening emails are messages that are designed to trick or manipulate people into giving away personal information, such as passwords or credit card numbers, or to download malicious software onto their devices. These emails often use scare tactics or urgent language to convince the recipient to take action.

How can I identify a suspicious or threatening email?

There are several red flags to look out for when identifying a suspicious or threatening email. These include: unfamiliar sender email addresses, urgent or threatening language, requests for personal information, and attachments or links from unknown sources. It's important to trust your instincts and use caution when opening any email that seems suspicious.

What are some tips for dealing with suspicious and threatening emails?

First, do not respond to the email or click on any links or attachments. Next, mark the email as spam or junk. If the email appears to be from a legitimate company or organization, you can also contact them directly to verify the email's authenticity. Additionally, make sure to regularly update your security software and never give out personal information unless you are sure of the recipient's identity.

How can I prevent suspicious and threatening emails?

To prevent suspicious and threatening emails, it's important to be cautious and aware of potential scams. Never click on links or open attachments from unknown sources, and regularly update your computer's security software. You can also set up filters to automatically block spam or suspicious emails from reaching your inbox.

What should I do if I accidentally open a suspicious or threatening email?

If you accidentally open a suspicious or threatening email, do not click on any links or attachments. Close the email immediately and run a full virus scan on your computer. If you have already clicked on a link or downloaded an attachment, disconnect your device from the internet and run a virus scan. It's also a good idea to change your passwords for any accounts that may have been compromised.

Similar threads

Replies
28
Views
3K
Replies
6
Views
2K
Replies
0
Views
96K
Replies
13
Views
3K
Replies
5
Views
3K
Replies
287
Views
22K
Replies
1
Views
2K
Back
Top