Beware new email scam that could contain an old password.

If the password displayed is one you still use you will need to change it on any relevant accounts immediately.   If the password is one you don’t use anywhere you can simply delete the message. 

It is very likely that old passwords of yours have indeed been exposed to the internet due to breaches at sites like MySpace or LinkedIn.  It’s possible you used your Williams email address for the online service as well, so it’s trivial for bad actors to generate phishing emails to you with this information.

The messages come in with obfuscated subject lines, but they are usually similar to this:

“Tiскеt#51695688: <eph93​@williams​.edu> 10.07.2018 09:02:42 This can definitely ruin your status”

What can you do to prevent compromises at other services from affecting your Williams and other important accounts?

1.   Set up 2-step authentication wherever possible.  At Williams this is done from  https://www.google.com/landing/2step/ .   Apple, PayPal and most likely your banking sites also encourage you to set up 2-step authentication.  Use it!

2.  Use a different password for every site.  Don’t let a breach at Facebook or LinkedIn compromise your Williams account!  You can easily have different passwords by using a password manager like LastPass:  http://oit.williams.edu/help-docs/lastpass-password-manager/ or Valt: https://valt.io/