I was on holiday in the mountains of Ethiopia when I opened one of those nasty phishing emails. You may have had them before, but it was my first and it did worry me. However, I couldn’t do anything about it, so I tried to ignore the threats and the demand for money to be paid into a bitcoin account, until I got home.
Then I picked it apart. What did it actually say?
“He” had got hold of my password and sent me an email from my own address.
Yes, it was one of my addresses and it was a password I still use on some websites, but not for email. I rang my service provider and they weren’t too worried, as I had changed my password months ago.
“He” (I’m afraid I do assume it was a he) had planted a rootkit on my device, could see all my files and browsing history, and take pictures with my camera.
The camera bit was unlikely, but I did believe he might have infected my computer. Here I have to give a plug to Apple, who were simply brilliant. They looked at my computer remotely, checked that it didn’t appear to be infected and helped me set up a scan. I used www.malwarebytes.com, also recommended by my service provider. All my devices were clean.
“He” said he would send compromising pictures of me to all my contacts, unless I paid up within two days.
This, I’m glad to say, left me quite relaxed.
I see that Jo Whalley of BBC Trending has had a similar experience. She put together a helpful video about these emails, particularly how people get hold of your passwords. Useful advice if you get one too.