Received a blackmail email from a hacker (1 Viewer)

[Guigsy]

I've just received the following email:

I know Am8ql0akIQG8 is one of your password on day of hack..


Lets get directly to the point.


Not one person has paid me to check about you.

You do not know me and you're probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.

immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.


Best solution would be to pay me $2656.


We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.



My BTC address: 1CL52zpqGqfjyfnLVVsbHuoh8fb18M37Hq

[case SeNSiTiVe, copy & paste it]


You could go on your life like this never happened and you will not ever hear back again from me.

You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).

if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.


I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.
if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.

Nevertheless, if i do get paid, i will destroy the recording immediately.
If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.

it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message.

That is genuinely one of my passwords. And I'm going to ignore it because I know how these scams work.

I've used a password manager for a long time. Every site I use has its own unique password. Therefore I know that this was my password for americanfooduk.co.uk... which I can see from my emails that I bought some Betty Crocker cake icing and some peanut M&Ms from them in 2010.

As that website is dead, I'm assuming that the company went under and its website went dormant. Someone hacked in and stole their user database. Maybe that was why they went under. Regardless, as it was over a decade ago, the database probably wasn't following good security practices, so it was easy for a hacker to extract my password. The hacker then sells or just uploads the details, and they've made their way to this scammer.

Now imagine that I use this password for a lot of things. Suddenly this email is a lot more scary and believable. And they could potentially do a lot more damage. If they carpet bomb enough people, they'll get a nice pay-out.

I'm reporting the bitcoin address to as many places as I can find... Because they are scum.

Please use a password manager!

 

[Spriddler]

I've used a password manager for a long time. .........

Please use a password manager!

But as I read your post it didn't seem to have protected you.

 

[Just smiffy]

Give us your details and we’ll club together some cash for you…. He’s already sent me a sampler and I’m sure you don’t want everyone seeing it….

^{_{Subscribers  do not see these advertisements}}

 

[Guigsy]

But as I read your post it didn't seem to have protected you.

Yes it did. The website that I used the password on was compromised. But the password manager means I'm not using the password anywhere else. So worse case, they can see I bought some US candies...

 

[drpeej]

I've had this too and like you, I always use unique passwords and a password manager.

I can see how it could spook some people. I wonder how many people fall for this. Its clever psychology

 

[Guigsy]

I've had this too and like you, I always use unique passwords and a password manager.

I can see how it could spook some people. I wonder how many people fall for this. Its clever psychology

Do you know which site they got the password from?

^{_{Subscribers  do not see these advertisements}}

 

[Mr Drizz]

Can't recommend a password manager enough. Unique passwords for every single site.

I go further and have 2FA enabled with my manager and use a Yubikey.

If a website supports it please use 2FA.

 

[drpeej]

Do you know which site they got the password from?

I cant remember the exact details as it was a year or two back. I definitely had my details compromised when Adobe was hacked.

 

[drpeej]

Can't recommend a password manager enough. Unique passwords for every single site.

I go further and have 2FA enabled with my manager and use a Yubikey.

If a website supports it please use 2FA.

Me too

Peter

^{_{Subscribers  do not see these advertisements}}

 

[Hettie's Crew]

What’s a good trusted password manager?, I‘ve looked before and couldn’t decide which one.

 

[drpeej]

What’s a good trusted password manager?, I‘ve looked before and couldn’t decide which one.

I use LastPass

 

[Figaro]

I don't use a password manager, but then again, I don't go on porn sites and any covert webcam video of me would show me in my boxers, on the sofa, headphones on listening to music, squinting at the screen chuckling at oldmo jokes reading Fun.

^{_{Subscribers  do not see these advertisements}}

 

[Guigsy]

I've been using LastPass with a YubiKey for a long time. I think they got taken over a while ago and people are less certain about them now. There are other good alternatives.

I still do a lot of browsing from my desktop with Chrome, but an increasing amount is on my phone. Whichever password manager you chose, make sure it integrates with the stuff you use. For me LastPass works well with most browsers as well as my Android devices.

If it's not convenient, you won't use it.

 

[Mr Drizz]

I use LastPass

Second that, used them for over 5 years now.

It's worth doing the security test once you've been using it for a while. They have mobile apps too.

Just remember to make your master password very difficult.

 

[Guigsy]

I don't use a password manager, but then again, I don't go on porn sites and any covert webcam video of me would show me in my boxers, on the sofa, headphones on listening to music, squinting at the screen chuckling at oldmo jokes reading Fun.

Doesn't matter. This scam just proves how easy it is to compromise a password. So if you are using the same password for multiple sites, only one (that you've not visited since 2010) needs to be cracked.

Whatever you do, make the passwords for your email accounts unique (and use 2FA if you can). If they break that one, they just request password resets on everything else and you're toast.

^{_{Subscribers  do not see these advertisements}}

 

[I2C]

What’s a good trusted password manager?, I‘ve looked before and couldn’t decide which one.

Depends what operating system you use, we use keepassdroid and KeePassium, and lastpass, I don’t use the cloud to store the password database, it makes life difficult sometimes as I have to enter the password in different managers but prefer that over someone getting hold of the database.

 

[Figaro]

What's 2FA ?

 

[Guigsy]

Depends what operating system you use, we use keepassdroid and KeePassium, and lastpass, I don’t use the cloud to store the password database, it makes life difficult sometimes as I have to enter the password in different managers but prefer that over someone getting hold of the database.

I used KeePass for a while. But I didn't have the discipline to keep the various copies of the database in sync between my USB stick, the copy on my phone and my desktop. I decided LastPass was the lesser of risks.

^{_{Subscribers  do not see these advertisements}}

 

[James-Alex]

Come on we all want to see what vids you were watching

 

[CazPaul]

Does it matter if someone has a password for a site where you have bought some candles
As long as the password is not used for banking and important stuff?

 

[Guigsy]

What's 2FA ?

2 Factor Authentication

So as well as your password, you provide a secondary confirmation that it's you. This could be:
-Providing the code from a text message that goes to your phone
-Giving the code from an app like Google Authenticator
-Inserting a USB security key
-or sometimes just the pop-up on your phone that you are trying to log in

^{_{Subscribers  do not see these advertisements}}

 

[Spriddler]

Yes it did. The website that I used the password on was compromised. But the password manager means I'm not using the password anywhere else. So worse case, they can see I bought some US candies...

Yebbut, don't you have to use your chosen password to get into the password manager site?
(I guess instead of being lazy I should look into it on a password manager website).
I use a different password for each website that I use (very complex ones for banking) and must have dozens of them which would fill both sides of an A4 page.

EDIT - Ah my question crossed with your post #21 above which explains it. Ta.

 

[Guigsy]

Does it matter if someone has a password for a site where you have bought some candles
As long as the password is not used for banking and important stuff?

You could separate websites into high and low security categories.

A few years ago, thousands of people had their credit cards ripped off. Turns out that if you logged in to Amazon, you could see most of your credit card number. But other sites were blanking different parts of the credit card number. People had used the same password on various sites, so the hackers could get their full credit card numbers.

It's safer just to go unique on everything.

 

[marchie]

Give us your details and we’ll club together some cash for you…. He’s already sent me a sampler and I’m sure you don’t want everyone seeing it….

I think the picture you sent me is upside down; or at least one of the people is ...

Steve

^{_{Subscribers  do not see these advertisements}}

 

[Guigsy]

Yebbut, don't you have to use your chosen password to get into the password manager site?
(I guess instead of being lazy I should look into it on a password manager website).
I use a different password for each website that I use (very complex ones for banking) and must have dozens of them which would fill both sides of an A4 page.

Yes. The safest strategy is to manually make everything unique. But in the past +10 years, I've accumulated hundreds of sites of login details.

Using a password manager is putting your eggs in one (well armoured, convenient) basket.

 

[Mrsambulancekidd]

I had an e-mail like this a few years ago.
I think they needed their eye's testing because they thought I was a chap who they had captured on webcam pleasuring himself whilst watching porn.
The last time I looked I didn't have balls.

 

[Insider]

I'm not a fan of online password managers as you're dependant on the platform they are using being totally secure and there has been too many published SQL, SSH, OS etc vulnerabilities identified over the last few years. Rightly or wrongly I use KeePass but do not store my email passwords in it as email is the weakest link for most services in that most services will use email to reset the password or be the 2nd step in 2FA. It has been said several times in earlier posts and I'll repeat it. 2FA is very very important and should be turned on for any service that is in any way important.

^{_{Subscribers  do not see these advertisements}}

 

[Mr Drizz]

I will add, getting your 2FA code via text is not the most secure. Text messages can be spoofed.

Problem with online security, If you research it too much you'll never use an online service. Not knowing enough leaves you in dangerous ignorant bliss.

 

[Boris7]

Actually LastPass with a YubiKey isn’t as secure as you think, that’s how I managed access your hard drive passwords etc.

And it doesn’t make it right just because you kiss the goat and pat the monkey on the head afterwards btw

 

[Kannon Fodda]

What happens when the password manager site gets hacked?

I do have unique often impossible to remember passwords for stuff ever since my login was compromised mid 2000s and a work website was replaced with a nasty insult to me ( hacker specifically targeted me).

So I save passwords to a usb pen drive that’s encrypted. But when that pen drive failed…..

^{_{Subscribers  do not see these advertisements}}