I’ve received an email blackmailing me about online porn I’ve never watched. What should I do?

The simple answer to this is absolutely nothing – although there are preventative measures you should take. But to understand why you shouldn’t be worried about emails saying you’ve looked at porn online, it’s helpful to understand the background.

The first question is, have you received an email like this?

“I am well aware home1345 [this will be your password] one of your password. Lets get right to the point. You may not know me and you are probably wondering why you’re getting this e-mail? Nobody has compensated me to investigate you.

“Let me tell you, I actually installed a software on the 18+ videos (adult porn) website and you know what, you visited this web site to experience fun (you know what I mean). While you were watching video clips, your web browser started operating as a Remote Desktop with a key logger which provided me accessibility to your display and also webcam. Immediately after that, my software program collected all of your contacts from your Messenger, Facebook, as well as e-mailaccount. Next I made a double video. 1st part displays the video you were watching (you have a nice taste rofl), and second part displays the view of your cam, & it is you.

And it goes on, but I’ll spare you the rest.

Hallmarks of a scam

For those who’ve been rattling around for a while, this has all the hallmarks of a scam. Here’s what to look for:

• Awful English
• They don’t know your name – they usually start with your username, email address or, as above, skip it altogether
• Demanding payment of some kind, often Bitcoin
• Disguised email address – in this case, the email came from the user “timd” – so my name – although the actual reply email address was a convoluted Japanese Yahoo email address

How did they get your password?

What’s “clever” about this particular attack is that they build everything from the fact they know your password and can tie it to your email address.

If you look at everything else in that email, you can see they don’t actually know anything about me other than this. They don’t know my real name, for instance.

Where did they get my password? From one of the countless data breaches that happen every single month. Google+ famously announced that it had put 500,000 people’s details at risk recently, but it’s hardly alone.

Indeed, the chances are that your details have been grabbed by one of these attacks.

Have your details been stolen?

It’s easy to find out if your details have been stolen: head to the dramatic-sounding site, “Have I Been Pwned“.

In this sense, pwned means “owned”. So, someone owns you because they have your details.

You can see that my email address – for my “other” job as editor of British tech magazine PC Pro –  has indeed been pwned, which is hardly surprising as it’s been active for almost 25 years.

So what should you do?

What steps do you need to take? The first is, never use the exposed password again! The second is to make sure you aren’t using it on any existing website or service.

But the main thing is to make sure you use a different password for every site you log in to. That doesn’t mean you need feats of memory that would amaze Derren Brown. It means you need to use a password manager.

These create unique and unguessable passwords, then remember them for you. They’re usually of the form b8!ssFQ#@12 or similar, but the great thing is you don’t need to know that. You just need to remember your master password to log into the service, so make sure it’s a good one.

Which password manager should you choose? We’ve written an article on how to choose the right password manager for you, which should help. 

They’re all free (but charge for certain extras) so you can try them out and see what works best for you. 

Read this next: Where are passwords stored in Firefox?