“I know your password”, “I know one of your passwords”, “Here is your password” and similar lines appear in scam emails and messages whose creators are trying to scare people into paying ransom money. If you get an “I know your password” message that includes a real password of yours, then change your passwords and proceed to ignore the emails. While password-stealing malware does exist, the “I know your password” emails likely rely on data leaked ad stolen from website databases and not from people’s computers.
I Know Your Password Scam quicklinks
- How “I know your password” works
- Is the scam dangerous?
- How to deal with the “I know your password” scam
- Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
About the “I know your password” scam:
Type of threat | Scam. |
---|---|
How the scam works | Scammers find leaked passwords and emails and use them in deceptive emails to trick people into thinking that their computer has been infected. |
Avoiding scams like “I know your password” | Don’t share your email if you don’t have to,
avoid adware applications, follow breaches and change your password if you suspect that it was leaked. |
How to deal with “I know your password” | Change your password,
report the email as spam, use spam filters, do not pay the ransom, find malware and delete it (Combo Cleaner for Mac, Spyhunter for PC, others). |
How “I know your password” works
“I know your password” refers to various emails in which a scammer claims to know your password and threatens that, if you don’t pay them money, something bad will happen. Usually, the scammers claim to have stolen data from your computer and threaten to release it to your family, friends, and colleagues.
A scam very similar to “I know your password”, one dubbed Save Yourself, talks about releasing an intimate recording of the victim. Meanwhile, the “I know your password” emails threaten that malware has been installed on your computer:
[Date] – on this day I hacked your OS and got full access to your account.
You typed in your pwd on one of the sites you visited, and I intercepted that.
Also I set up a Virus on your system.
Your computer was infected with my malware.
There are dozens of variants of “I know your password”. But the general message is the same:
- The scammer says they have your password.
- They claim that they have malware on your computer that can steal data and read your passwords.
- They threaten to release your data if you don’t pay a ransom of hundreds of dollars.
Is the scam dangerous?
The “I know your password” message comes in email. It shows a password and maybe some other data. Whatever personal information the scammers included in the email, which could include your password, phone number, some other info – they do have it.
However, it is important to remain calm and to not send the scammers any money. These people are bluffing.
Contrary to what the “I know your password” emails say, the scammers do not have malware on your computer, do not have access to your files, camera or microphone, and cannot access your online accounts. They also can’t see when you read the email and cannot track any timer.
Here’s what actually happened:
- You had an account on a website, where your current email address was associated with a particular username and password. This might have been years ago or weeks ago.
- The security of this website was lax and the passwords on their database were at least sometimes stored as text (they should be stored hashed, but that does not always happen).
- This website then had its database breached, stolen, leaked. Your password and email address was exposed, alongside thousands of others. Have I Been Pwned documents many of these cases and alerts people when this happens to them.
- The leaked data is sold or just shared around for free, available for anyone to download.
- Scammers write an alarming, scary email and then send it out to all the email addresses in the leak with only the password changed for each one.
- To scare their victims, the scammers fake the email address. The email looks like it came from yourself or from another trusted sender.
Unlike “I know your password” says, no trojans, malware, or spyware are needed. Your computer might be completely clean. The people behind “I know your password” do not have access to any of your data. Make sure that the leaked password is worthless by setting a new one and that’s it.
Sometimes, scammers know email addresses but not passwords. Then they guess from lists of most used passwords, like “123456” and “password”.
How to deal with the “I know your password” scam
First of all, do not pay the ransom. Not just because the people behind “I know your password” are criminals and their efforts should not be rewarded, but also because they can’t hurt you as they’re only bluffing. “I know your password” is there to scare people into paying money, that’s all.
If you are getting “I know one of your passwords” and other deceptive emails (stuff like “You have (1) reward ready to claim”, “It’s your lucky day”, “Claim your exclusive reward”, and similar scam messages), then they should be going into your spam folder. If they aren’t, then you should mark each one of them as spam. This helps email providers sort emails in the future. You can also look into using spam filters to help sort your emails. Some anti-malware programs have them.
Do not share your email address when you don’t have to. You could also create a new email account.
If you want to check your computer for malware, then just scan it with an anti-malware application, such as Combo Cleaner for macOS, Spyhunter for Windows, and others. However, if any malware or adware is found, it is most likely incidental to the “I know your password” scam. While there are malicious programs and browser extensions that can steal user passwords, “I know your password” most likely relies on website database leaks that are unrelated to the security of your own computer.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,