A new spam/scaremail is spreading. The twist is they know an old password. Don’t become a victim to digital fear.

Details -

A client of mine received the email below.

The client was really upset because the password in the email was an old valid password.
The password was an old password the client used and not a current password. I knew this isn’t a password that was too weak to have been used on our systems, so I asked the client when they used this password.
After some time the client remembered that this password was their old YAHOO password. Then it was one of the stolen password from the 2017 YAHOO hack - Stolen passwords are an entire industry -

I told this client in this case there is no cause for concern but that we would be enabling dual factor authentication to provide another layer of protection.
Dual factor authentication provides the highest level of security possible. Dual factor authentication requires entering an SMS code over a cell phone or Google Authenticator code during the login process. Without the code an attacker can’t login, even with a stolen ID and password.

Scaremail received by Client