Usually, if you get an e-mail saying they know your password, they DON'T. If they know your password, they're more likely to hack your account and use it to further their activities. Occasionally you'll get an e-mail which contains a password you do use/have used. Most of the time they have acquired those passwords by hacking into big companies databases. If it is a password you still use then change it wherever you use it.
I work in IT and one of my clients only this week clicked on a link, put in his login details in that link (*sigh*), and DID get hacked. The hacker(s) in this case used his e-mail to send out to everyone in his address book (and, worse, the company's Global Address List) but before they did that they created a rule that deleted all incoming e-mails - that way they put off discovery for longer as he didn't get any e-mails to warn him something was wrong). This was a pure phishing scam - they were probably gathering passwords since a great many people will use the same password for all their logins. If someone uses the same password for their Amazon account then someone could possibly log in and order stuff for themselves through it... you get the picture.
Thangs you could/should do...
1. Before deleting it you should actually mark it as spam (if it hasn't already gone into your spam folder). This will add it to your blacklist so any further e-mails from there will go to spam instead. Then delete it.
2. If you are worried your password has or may have been compromised, change it. Different people with give you different ideals for passwords but usually the longer the better, and the more complicated (as in mixing in numbers and symbols with mixed-case letters) but this can depend also on the demands and limitations of your login (some may have a maximum number of characters and some may force you to use certain types).
3. Staying with passwords, this one is a pain in the backside and even I don't follow it solidly, but Ideally you should use a different password for different accounts. There are password manager programs that can help with this.
4. Another pain (at least setting up) is 2-step authentication. This is where you link your account to your phone and means that, even were a hacker to get your password they would either physically need your phone or go to great lengths to spoof it somehow. There are varying methods of 2-step and you may get a choice depending on the account (some use codes sent to your phone, others use authenticator apps on your phone to generate a code which you then type in when your login demands it).
I'll throw in a little safety advice with e-mails in general...
If you receive an e-mail your not sure of (or not sure it's actually from who they claim they're from there are a couple of things you do. Hovering over the senders e-mail address can often reveal the true sender. It may look like it's from "info@company.com" but when you hover over it you may see "hacker229873@gmail.com" - a clear giveaway the e-mail isn't from that person. This is called "spoofing" when someone pretends to be sending from an e-mail account and it's actually easy to do.
That said, I have seen some really good spoofs that managed to bypass this check so it still looks like it came from the correct address.
Links are something you should also watch out for as these are what actually get you into trouble. Getting an e-mail doesn't get you hacked or give you a virus, it's clicking on the links that does the trick!
So always be wary with links. As with the e-mail address check you can also hover over a link (this is safe as long as you don't click on it) which will reveal the URL behind it (in Outlook it will appear at the bottom). If the domain name (the
company.com part) isn't the same as the company the e-mail is from (eg. I have an e-mail from GoDaddy and a link that shows as "
https://click-email.
godaddy.com/********" - the *** are just the rest of the URL - and in this case, the domain is godaddy.com so that hints at it being kosher in this case).
Basically, though. If you're not expecting it or you're not sure on it, don't click on it. If someone you know has sent you a link and you weren't expecting it, if possible contact them some other way and ask them if they've sent it.
Another thing to look out for is the quality of English in the e-mail. If it's poor (at least if it purports to come from a proper company) then it's more likely to be a scam.
