Blackmail by Email

Page may contain affiliate links. Please see terms for details.
Racing roadkill

Racing roadkill

Guru
Andy in Germany said:
I'm probably he last person to come across this, but still...

Over the last month a couple of people with very implausible names have sent emails to me saying they have been monitoring my activities on a p*rn site I've never heard of and have a copy of a video they claim I watched, which they'll send to my contacts if I don't pay X thousand dollars by Bitcoin.

If I'd actually watched any P*rn or visited any website I may have been worried.

What does concern me though is that they seem to have found a password for an email account somewhere.
Click to expand...
I got one of these. I replied with an email with the worst scat I could find attatched and asked them if it was what they had as well.
 
Drago

Drago

Legendary Member
Location
Suburban Poshshire
Shut Up Legs said:
Or just do all the required PC cleaning manually (search for instructions on the web). Too many of these so-called PC cleaning apps install the very problems they claim to remove.
Click to expand...

Although C Cleaner pro is the one police Tefalheads fear the most, as it seems it's the most efficient at removing nasties...or in their case evidence, and it's the one they all use themselves as a result.

So that's the one they tend to use themselves. I'm not aware of a better recommendation.
 
Last edited:
mjr

mjr

Comfy armchair to one person & a plank to the next
Location
mostly Norfolk, sometimes Somerset
Andy in Germany said:
What does concern me though is that they seem to have found a password for an email account somewhere.
Click to expand...
There are loads of cracked/stolen password lists out there. Never use the same password for multiple sites, else you're trusting all of them not to be doing something stupid. Use a decent password generator, even for one-off sites, and a password manager (preferably one private to yourself, not a cloud one, but keep it backed up!) to keep track of them.
 
E

Edwardoka

Guest
MikeG said:
Because they told me what it was. "I know your password is **blah**blah**". It wasn't one from an email provider, but one of the weaker ones I use for occasional one-off type create-an-account moments.
Click to expand...

That suggests that:
- either your PC is compromised i.e they've installed a keylogger (most alarming)
- the site you used this password on stores passwords in plaintext/has really poor security standards (passwords should never be stored, not even encrypted)
- the site you used this password was compromised so much that they were able to capture your password when you logged in
- the password you were using was very common/trivially easy to reverse

Do you know which site it was the password for? Is it one of the main ones?

Best practice is a different, complex, random password for every site you use and a password manager to store them.
Or alternatively, if it's a one-off use, don't store it and instead use the password reset facility whenever you need to log in again.
Make sure the machine you're using is free of malware and then change all of your passwords. And then ignore the scamsters.
 
  • Like
Reactions: mjr
mjr

mjr

Comfy armchair to one person & a plank to the next
Location
mostly Norfolk, sometimes Somerset
Edwardoka said:
- the password you were using was very common/trivially easy to reverse
Click to expand...
Just to highlight this: the security definition of "very common" includes all dictionary words in most languages including placenames and common letter-number substitutions like L1v3rp00l

But the current round of scam-spam seems to be using well-known lists from sites with poor security that have had saved passwords (yes, that's not a great idea) stolen from them.
 
E

Edwardoka

Guest
mjr said:
Just to highlight this: the security definition of "very common" includes all dictionary words in most languages including placenames and common letter-number substitutions like L1v3rp00l

But the current round of scam-spam seems to be using well-known lists from sites with poor security that have had saved passwords (yes, that's not a great idea) stolen from them.
Click to expand...
Yeah, and with the advent of GPGPUs for brute forcing and the ability to store vast rainbow tables very cheaply, it's becoming a matter of when rather than if a hashed password gets reversed when a site's database gets compromised.
As end users we have no way of knowing which sites store passwords in the clear or use defeated hashing algorithms until it's too late :sad:
 
E

Edwardoka

Guest
mjr said:
There are loads of cracked/stolen password lists out there. Never use the same password for multiple sites, else you're trusting all of them not to be doing something stupid. Use a decent password generator, even for one-off sites, and a password manager (preferably one private to yourself, not a cloud one, but keep it backed up!) to keep track of them.
Click to expand...
Also, apologies for repeating what you'd already said, I hadn't scrolled to the second page before I replied :rolleyes:
 
LonesomeWanderer

LonesomeWanderer

Über Member
Location
Sherborne, Dorset
You must log in or register to reply here.

Similar threads

SuffolkBlue
Advice please - shared email/mail box options
Replies
7
Dave7
Blue badge thefts.....up by 400%
Replies
42
johnnyb47
Feeling railroaded by giving a colleague a lift into work
Replies
77
Dec66
Maxims to live your life by
Replies
219
Top Bottom