They said they'd hacked her - now she's being blackmailed
On May 20, Carol checked her email and saw something that frightened her.
It was an email from someone claiming to have hacked into her computer, that malware had been installed after she recently visited a website.
The email started off by revealing the password she uses for some online accounts.
"What scared me is he got my password right. I just panicked. I felt very vulnerable," said Carol, who didn't want her last name used.
The culprit claimed to have accessed all her "contacts, private pictures, videos, everything," even claiming to have accessed the camera and microphone.
"I made a video showing you through your webcam," the email reads.
Then she was threatened. The email demanded $1,200 in Bitcoin be paid or everything would be exposed making her life hell.
"When something like this happens, the best thing to do is keep calm and be aware," said Doug Santos, a Fortiguard Security Strategist.
Many times the so-called hackers have obtained personal information from previous data breaches.
"They leverage the information. They sell it on the dark web as well, because that kind of information can be used to break into other potential sites," Santos said.
Or it can be used to trick you into thinking you've been hacked to extort money.
The first thing Carol needed to do was check to see how the information was obtained.
There are a couple of websites that can help.
One is called Have I Been Pwned, another is Identity Leak Checker. Both have been built by researchers who, like the hackers of the world, were able to obtain email address and passwords that had been amalgamated from data breaches and uploaded to the dark web.
Carol's daughter, Alyssa, stepped in to help. She typed Carol's email address into the Have I Been Pwnd website which revealed her email had been comprised in two different data breaches. The website also revealed her password had been seen 62 times before in a data breach.
"That's probably how he found your password," explained Alyssa.
But just to be sure she ran a scan on her mom's computer with a program called Malwarebytes. It didn't reveal any spyware.
Extortion emails may also use personal information gathered from other places as well, like social media sites.
Ask yourself, what kind of information the so-called hacker claims to have and try to figure out where they might have gotten it.
"Just be aware of where your data is and what kind of information is lying where," said Santos.
If they have more secure login information, that hasn't been compromised in a recent data breach, Santos says there could be malware on your computer. That's why you should always have an anti-virus program running in the background and be careful about the websites you visit, the information and documents you download, or email attachments that you open.
Carol has now changed her password to something that is stronger and harder to crack and is feeling a bit better now but she's also more guarded and wanted to share her story.
"Because I don't want people to get scammed, especially older people because I know they have a fear of using the web," she said.