I received this threat today in email, and you might get one too. They really had an old password I had used in the past! I’m not worried, but it’s a nice lesson. So how should you respond?
1. Realize that sadly, many web sites have been hacked and your passwords stolen. In this case, I suspect the attacker is using data from the 2012 LinkedIn hack. Check your email address on https://haveibeenpwned.com/ to see whether your email address has appeared in published lists of stolen accounts.
2. Use different passwords on every web site. Store passwords in the iCloud keychain or use 1Password.
3. Contact the company enabling the attack. In this case, the email was sent from an outlook.com email address, so I forwarded the email as an attachment to abuse@outlook.com. I found those instructions by googling for “email abuse outlook.com”
4. Use a webcam cover to block your camera when you’re not using it. There are vulnerabilities where it *IS* possible for hackers to look through your webcam.
5. Improve your odds by always installing your updates. Improve your odds of safety by using a Mac, iPad, or iPhone, and keeping your computer up to date by installing all the updates from Apple.
6. In this case, the threat about the single-pixel tracking is bogus (though this is the way marketers track you). The attacker would need to use an HTML email, and the attacker would have to run a server to receive the notifications. That would allow authorities to trace him more easily. This email has no such tracking.
7. Use the Internet so you know an email threat like this is bogus. But since nobody wants an invasion of privacy of any form, follow the other rules.
Mark Lindsey > 