I had an e-mail a couple of weeks ago that came with a PDF file. In that file was a letter to me from someone I didn’t know, claiming that they knew things about me and that my “secrets” would be made public if I didn’t send some money to them. Given that the street address, phone number and e-mail address was correct, it was a little frightening. Or it would have been but for some fundamental errors in the letter.

The first error was that they thought the phone number they were quoting was a cell phone, which it wasn’t. Threatening to put all manner of malware on my phone wasn’t going to work on an old fashioned landline. Then there was the issue of the person claiming to “see” inside my home, presumably through a camera on a computer or my cell phone, but that can’t happen with my computer and phone set up at home. Having access to my computer was another claim, and while I can’t claim to have the most secure set up, I do take precautions and I’m confident that no one has access to my computer, at least not that I’m not aware of. But, armed with some genuine information, data that is actually publicly available or maybe had been gleaned from a data breach somewhere, someone has attempted to extort money from me.

I toyed with reporting the matter to the Police, but the e-mail address was not traceable, and while they may have investigated, it would have taken a long time and probably revealed nothing. So, I deleted the e-mail, and the PDF file and awaited further contact.

The issue here is that if you’re not particularly tech-savvy, you might take this kind of threat seriously and be goaded into parting with money. Push out a ton of these letters and you’ll get some return from your efforts, I’d guess. The world can be a dark place sometimes.

What the incident did do, though, was prompt me into reviewing my online security arrangements. I subscribe to three different security packages covering phones and PCs. They were all up to date and reporting nothing untoward, which was good. I made sure all my Operating Systems were updated, too, as they are the front line of security. I also use a Virtual Private Network (VPN), at least some of the time, although I’ve found that online functionality can suffer with the VPN running, at least when working with certain software, or on certain websites. Where I lacked security, and it’s not directly associated with the attempted extortion, was with passwords. I had used the same passwords across a broad range of online accounts, and while not having had an issue so far, I thought it was time to tidy that up. With the use of a paid third-party password manager, I revisited all my online accounts, changed the passwords where I needed to, and took advantage of the additional protection the password manager software gave me. I looked back through the password records of my web browsers and was amazed to find data going back years. While the browser providers will always assure you that this data is safe, it is information that could be compromised, so I’ve stripped that data right down and now the browsers carry no significant password data. Changing passwords regularly is a must, anyway, and made easier with the use of the password manager. As an added layer of protection, I’ve gone to using just a single browser, rather than the chopping and changing browsers as I’ve been doing. There are issues with that, “all the eggs in one basket” so to speak, but at least I don’t have more than one Browser password file to manage now

No word back yet from my extortioner, and the original contact was a month ago. There have been no notified attacks on my computers, either, so it’s looking like it was a fishing trip. Obviously you never engage with people like that, but if I did I’d than them for boosting my online security, it’s been a very productive exercise