“I am well aware prague one of your pass word” the email might begin, causing an instant sensation of fear. You may not use it now, but you once did use prague as your password. How do they know your password? What else do they know, and what do they have access to? Scam artists rely on provoking emotions such as fear to cause their victims to take action. A criminal knowing your password is almost certain to evoke that fear.
Stolen data sometimes finds its way on to the Internet following a data breach. The data often includes email addresses and passwords stolen anywhere from small gaming websites to companies as big as LinkedIn. It’s this data that the scammers are using to find and scare their victims.
The good news is that the scammers probably didn’t hack your computer and can’t do what they’re threatening to. The bad news, is that the scammers may actually know one of your passwords.
If you receive an extortion or blackmail email that states a password you do (or did) use, don’t panic! Do not make a payment or try to contact the scammers. You should change the password if you still use it, and change it everywhere you use it. We recommend using a password manager to generate complex and unique passwords for every account you have. Where possible we also recommend using two-factor authentication (2FA) to make it harder for criminals to compromise your accounts.
Consider reporting the incident to Action Fraud, unless you paid the fine in which case you should report the incident to the police.
You can find data breaches where your email address and password may have been stolen using the website “Have I Been Pwned”. Be sure to change your password on any sites your data was stolen from if you haven’t changed it since the date of the breach.