Received a blackmail email from a hacker

Guigsy

Guigsy

Joined
Sep 17, 2017
Posts
6,643
Likes collected
12,847
Location
Birmingham, UK
Funster No
50,575
MH
A-Class
Exp
2017
I've just received the following email:

I know Am8ql0akIQG8 is one of your password on day of hack..


Lets get directly to the point.


Not one person has paid me to check about you.

You do not know me and you're probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.

immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.


Best solution would be to pay me $2656.


We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.



My BTC address: 1CL52zpqGqfjyfnLVVsbHuoh8fb18M37Hq

[case SeNSiTiVe, copy & paste it]


You could go on your life like this never happened and you will not ever hear back again from me.

You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).

if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.


I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.
if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.

Nevertheless, if i do get paid, i will destroy the recording immediately.
If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.

it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message.
Click to expand...

That is genuinely one of my passwords. And I'm going to ignore it because I know how these scams work.

I've used a password manager for a long time. Every site I use has its own unique password. Therefore I know that this was my password for americanfooduk.co.uk... which I can see from my emails that I bought some Betty Crocker cake icing and some peanut M&Ms from them in 2010.

As that website is dead, I'm assuming that the company went under and its website went dormant. Someone hacked in and stole their user database. Maybe that was why they went under. Regardless, as it was over a decade ago, the database probably wasn't following good security practices, so it was easy for a hacker to extract my password. The hacker then sells or just uploads the details, and they've made their way to this scammer.

Now imagine that I use this password for a lot of things. Suddenly this email is a lot more scary and believable. And they could potentially do a lot more damage. If they carpet bomb enough people, they'll get a nice pay-out.

I'm reporting the bitcoin address to as many places as I can find... Because they are scum.

Please use a password manager!
 
I've had this too and like you, I always use unique passwords and a password manager.

I can see how it could spook some people. I wonder how many people fall for this. Its clever psychology

Subscribers  do not see these advertisements

 
drpeej said:
I've had this too and like you, I always use unique passwords and a password manager.

I can see how it could spook some people. I wonder how many people fall for this. Its clever psychology
Click to expand...
Do you know which site they got the password from?
 
Can't recommend a password manager enough. Unique passwords for every single site.

I go further and have 2FA enabled with my manager and use a Yubikey.

If a website supports it please use 2FA.
 
Guigsy said:
Do you know which site they got the password from?
Click to expand...
I cant remember the exact details as it was a year or two back. I definitely had my details compromised when Adobe was hacked.
 
Mr Drizz said:
Can't recommend a password manager enough. Unique passwords for every single site.

I go further and have 2FA enabled with my manager and use a Yubikey.

If a website supports it please use 2FA.
Click to expand...
Me too

Peter
 
I don't use a password manager, but then again, I don't go on porn sites and any covert webcam video of me would show me in my boxers, on the sofa, headphones on listening to music, squinting at the screen chuckling at oldmo jokes reading Fun.
 
I've been using LastPass with a YubiKey for a long time. I think they got taken over a while ago and people are less certain about them now. There are other good alternatives.

I still do a lot of browsing from my desktop with Chrome, but an increasing amount is on my phone. Whichever password manager you chose, make sure it integrates with the stuff you use. For me LastPass works well with most browsers as well as my Android devices.

If it's not convenient, you won't use it.
 
drpeej said:
I use LastPass
Click to expand...
Second that, used them for over 5 years now.

It's worth doing the security test once you've been using it for a while. They have mobile apps too.

Just remember to make your master password very difficult.
 
Figaro said:
I don't use a password manager, but then again, I don't go on porn sites and any covert webcam video of me would show me in my boxers, on the sofa, headphones on listening to music, squinting at the screen chuckling at oldmo jokes reading Fun.
Click to expand...
Doesn't matter. This scam just proves how easy it is to compromise a password. So if you are using the same password for multiple sites, only one (that you've not visited since 2010) needs to be cracked.

Whatever you do, make the passwords for your email accounts unique (and use 2FA if you can). If they break that one, they just request password resets on everything else and you're toast.

Subscribers  do not see these advertisements

 
Hettie's Crew said:
What’s a good trusted password manager?, I‘ve looked before and couldn’t decide which one.
Click to expand...
Depends what operating system you use, we use keepassdroid and KeePassium, and lastpass, I don’t use the cloud to store the password database, it makes life difficult sometimes as I have to enter the password in different managers but prefer that over someone getting hold of the database.
 
I2C said:
Depends what operating system you use, we use keepassdroid and KeePassium, and lastpass, I don’t use the cloud to store the password database, it makes life difficult sometimes as I have to enter the password in different managers but prefer that over someone getting hold of the database.
Click to expand...
I used KeePass for a while. But I didn't have the discipline to keep the various copies of the database in sync between my USB stick, the copy on my phone and my desktop. I decided LastPass was the lesser of risks.
 
  • Like
Reactions: I2C
Does it matter if someone has a password for a site where you have bought some candles
As long as the password is not used for banking and important stuff?

Subscribers  do not see these advertisements

 
Figaro said:
What's 2FA ?
Click to expand...
2 Factor Authentication

So as well as your password, you provide a secondary confirmation that it's you. This could be:
-Providing the code from a text message that goes to your phone
-Giving the code from an app like Google Authenticator
-Inserting a USB security key
-or sometimes just the pop-up on your phone that you are trying to log in
 
Guigsy said:
Yes it did. The website that I used the password on was compromised. But the password manager means I'm not using the password anywhere else. So worse case, they can see I bought some US candies...
Click to expand...
Yebbut, don't you have to use your chosen password to get into the password manager site?
(I guess instead of being lazy I should look into it on a password manager website).
I use a different password for each website that I use (very complex ones for banking) and must have dozens of them which would fill both sides of an A4 page.

EDIT - Ah my question crossed with your post #21 above which explains it. Ta.
 
CazPaul said:
Does it matter if someone has a password for a site where you have bought some candles
As long as the password is not used for banking and important stuff?
Click to expand...
You could separate websites into high and low security categories.

A few years ago, thousands of people had their credit cards ripped off. Turns out that if you logged in to Amazon, you could see most of your credit card number. But other sites were blanking different parts of the credit card number. People had used the same password on various sites, so the hackers could get their full credit card numbers.

It's safer just to go unique on everything.
 
Spriddler said:
Yebbut, don't you have to use your chosen password to get into the password manager site?
(I guess instead of being lazy I should look into it on a password manager website).
I use a different password for each website that I use (very complex ones for banking) and must have dozens of them which would fill both sides of an A4 page.
Click to expand...
Yes. The safest strategy is to manually make everything unique. But in the past +10 years, I've accumulated hundreds of sites of login details.

Using a password manager is putting your eggs in one (well armoured, convenient) basket.

Subscribers  do not see these advertisements

 
I'm not a fan of online password managers as you're dependant on the platform they are using being totally secure and there has been too many published SQL, SSH, OS etc vulnerabilities identified over the last few years. Rightly or wrongly I use KeePass but do not store my email passwords in it as email is the weakest link for most services in that most services will use email to reset the password or be the 2nd step in 2FA. It has been said several times in earlier posts and I'll repeat it. 2FA is very very important and should be turned on for any service that is in any way important.
 
I will add, getting your 2FA code via text is not the most secure. Text messages can be spoofed.

Problem with online security, If you research it too much you'll never use an online service. Not knowing enough leaves you in dangerous ignorant bliss.
 
Actually LastPass with a YubiKey isn’t as secure as you think, that’s how I managed access your hard drive passwords etc.

And it doesn’t make it right just because you kiss the goat and pat the monkey on the head afterwards btw 😉
 
What happens when the password manager site gets hacked?

I do have unique often impossible to remember passwords for stuff ever since my login was compromised mid 2000s and a work website was replaced with a nasty insult to me ( hacker specifically targeted me).

So I save passwords to a usb pen drive that’s encrypted. But when that pen drive failed…..

Subscribers  do not see these advertisements

 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Join us

Log in

Already a member? Log in here.

Latest journal entries

Back
Top