Link to home
Create AccountLog in
Avatar of Adam Bell
Adam BellFlag for Hong Kong

asked on

Steps to efficiently mitigate exortion/malware demand risk

In receipt of what on the look of it is a typical extortion scam, your systems are infected, pay money etc., verification confirms it is what it looks like, but this latest demand contains the password of a Gmail account which is usually encrypted lending credence to the fact one or more PC may be malware infected.

Before I go and starting scanning PC, any wisdom from EE community, shared experience etc. on effective ways to go about this, particularly when there may be a time element and trying to identify an assumed infected PC may or may not be the first step.. Thanks in advance
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

People are predictable and tend to reuse email address / password combinations.

There are several password dumps available on the internet/darkweb 

i.e. the LastPass loss of customer blobs.

https://haveibeenpwned.com is a site to check

Avatar of btan
btan

Another to check on GMail account. If you notice any of these signs, someone else may be using your Google Account.


Important: If you think someone else is signed in to your Google Account, change your password immediately for:

  • Your Google Account, if you didn’t change it already
  • Apps and sites:
    • That you use the same password you used for your Google Account
    • That contact you through your Google Account email address
    • Where you sign in with your Google Account email address
    • Where you saved passwords in your Google Account


You can then check for and remove any unfamiliar devices signed in to your account.


Suspicious activity in Google mail you use. Correct the setting immediately if you see unfamiliar changes to:

  • Mail delegation: People with access to your Gmail
  • Automatic mail forwarding
  • Scheduled emails
  • Your name in Gmail
  • Automatic reply: Vacation responder
  • Address on outgoing mail
  • Blocked email addresses
  • Remote access to your Gmail: IMAP or POP
  • Filters that manage your incoming mail
  • Labels that organize your incoming mail
  • Gmail activity


Your Gmail activity might be suspicious if:

  • You no longer receive emails.
  • Your friends say they got spam or unusual emails from you.
  • Your username has been changed.
  • Your emails were deleted from your inbox and aren’t found in "Trash". You can report missing emails and possibly recover them.
  • You find "Sent Emails" that you didn’t write.


Avatar of Adam Bell

ASKER

Thanks both, I tightened up on Gmail and the breach records, found accounts which had been involved in mass breach, and identified one weak password compromised too though not clear exactly how the preventive is to tighten up on password enforcement.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer