“Hacked Account” Blackmail Spam on the Rise
What has caused concern for lots of people is that the blackmail spam “proves” that it’s legitimate by showing you a password that you’ve used in the past. (This is often the case, but not universally so. Most copies of this spam that I’ve received include passwords I never used.) Hopefully, the revealed password is not one that you’re still using, since it was extracted from one of the many large password breaches that have occurred over the last decade. To see which breaches might include one of your passwords, check your address at Have I Been Pwned.
[…]
To make this painfully clear, everything in the message other than your email address and breached password is fabricated. Your computer has not been hacked, there is no malware spying on your browsing, no pictures of you have been uploaded to a remote server, and so on. You have nothing to worry about, and you should feel free to mark the message as spam and get on with your life.
Previously: Yahoo Says Hackers Stole Data on 500 Million Users in 2014, eBay Security Breach, LinkedIn Password Breach.