Why so much SPAM? – Plus: Stop using bad passwords!

It seems that every day more and more garbage keeps showing up in my inbox!! Why? How did I get on this list? Why am I getting three copies of the same garbage email from three different addresses?

Maybe you have received an email saying they are going to expose videos of your “bad” behavior to all of your contacts because they infected you with a virus and have been watching you! Maybe they even included a password that you once used!! That makes it seem scary!!

Here is the hard truth, If you have ever signed up for a website, ever, and used your email address, eventually that data will get out and used.

2019 has not been a good year for keeping your data safe!!! Three of the largest releases of user data in history have all happened in the first two months of this year. So far this year data from over 2 billion accounts have been put up for sale or dumped onto the dark markets and hacking forums.

The three largest can be read about in the links below:
https://haveibeenpwned.com/PwnedWebsites#Collection1
https://haveibeenpwned.com/PwnedWebsites#VerificationsIO
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/

Want to know if you have been part of one of these MANY data breaches?

Head over to the Have I been Pwned website: https://haveibeenpwned.com/

Yes, the name sounds funny. It’s old hacker speak for getting Owned or having your account hacked.

This is a group of security researchers and volunteers that keep track of all the large data breach releases. They have a very extensive database. Simply type in whatever email you want to check and it will let you know of any breaches you have been part of. HEADS UP: If you have been using the email for any length of time, you will 99.9% be in one of the breaches. It happens to all of us.

Should I be worried??? Yes and no. If you are like a majority of the computer users in the world you have a set of common passwords you like to use, maybe you just have one that you like to change up from time to time. As much as this may be convenient for you, it is also extremely beneficial to a hacker. Pretty easy to hack a person whose passwords are all the same!!!

BUT I HAVE AN AMAZING PASSWORD!! Maybe you do, maybe you don’t!

As more and more breaches occur, hackers acquire more and more information. Passwords are stored via different types of mathematical hashes for security reasons. Well as these databases get stolen. the also get de-hashed. Allowing the passwords to be seen. Hackers are smart though. Dehashing requires a ton of time, after a list is done, both the hash and the clear text passwords are added to the publicly available list. This makes searching for a password much faster!

Want to check your favorite password to see if it’s been de-hashed? Head back over to the Have I been Pwned site: https://haveibeenpwned.com/Passwords

They have a collection of over 550 million passwords that have been acquired through breaches. Don’t worry, it will not display the password you type in and it doesn’t store what you check in any database. If you happen to have a password that isn’t on the list, congratulations, but how many places are you using that password? If it’s more than one, technically that’s too many. We can talk about password managers some other time, but we should all consider using one. Which one depends on the equipment you use and how much you feel like spending each year.

Should I be worried about the emails with or without an old password saying they infected my computer and are going to share videos of me being “naughty” to all my friends? NO!

These are generated by bored people who happen to have gotten a hold of a particular data breach list. They load the list into an auto-mailer and away it goes.

What about other emails that look legit, but are just trying to steal my passwords?

Well, head over to one of my other articles about using the mouse pointer as your first line of defense: https://stanberry.info/2019/03/the-mouse-pointer-is-your-friend-avoiding-email-scams/

Want to test out your ability to sniff out a scam?? Google has a pretty fun and not exactly easy Phishing Quiz you can take. Let me know how you do!

https://phishingquiz.withgoogle.com/

It a scary world out there, stay safe!

Leave a Reply