Nasty blackmail scam

[Yellow Fang]

Has anyone else been sent an email saying you clicked on a porn site and they filmed you via your webcam having a Barclays Bank, give us $2500 in Bitcoin or we email it to your friends and family and post it on Facebook? I've received two. The alarming thing was that they had my computer password in the title. It was not the password to my email account or Facebook account, but since I've set most my web accounts to remember my various passwords, I wondered whether it was possible to remote desk into my PC and open them. I don't think my router's firewall will allow it, but I don't really know enough about it. I suppose they could not really do that while I was at my PC because I'd notice my mouse moving around on its own and clicking on things. I don't know how they got the password. It was an old one, which I have changed now. I read somewhere that lots of personal information was lost via security breaches.

 

[annedonnelly]

Yeah, I had something similar. Again it was an old password so I ignored the email.

There's a site you can sign up with here which alerts you if your e-mail address turns up in a data set that has been hacked.

 

[Salar]

Yes,

Had a few of these, strange in that I don't have a webcam.

Apparently they got passwords when Linkedin was hacked a while ago. They had my old Linkedin password.

 

[welsh dragon]

Yeah, I had something similar. Again it was an old password so I ignored the email.

There's a site you can sign up with here which alerts you if your e-mail address turns up in a data set that has been hacked.

Excellent site. Thanks for the link. Much appreciated. An old email account had 2.

 

[Cycleops]

That's very alarming. Have you scanned your PC for any spyware that might have been installed because that's probably the cause?

 

[T4tomo]

It's always worthwhile donning a balaclava before watching porn for this very reason.

More seriously, it won't be spy ware, it will be a website data breach resulting in passwords linked to emails to be sold on...

 

[rich p]

Yeah, I had something similar. Again it was an old password so I ignored the email.

There's a site you can sign up with here which alerts you if your e-mail address turns up in a data set that has been hacked.

It says that an old email of mine was pwned 3 times. What does that mean?
Credential stuffing and spambot.

 

[welsh dragon]

That's very alarming. Have you scanned your PC for any spyware that might have been installed because that's probably the cause?

This goes back to 2013. Adobe was one of the sites, and 8tracks, a music site was another. Not good is it. I can't remember the last time i used my laptop. I always just use my tablet now.


Never had an email like the one above, but i did have a message flash across the screen that said they would lock my tablet and make it unuseable until i send them money. I didn't and my tablet never worked again. I had to buy a new one and change passwords, emails etc.

 

[annedonnelly]

It says that an old email of mine was pwned 3 times. What does that mean?
Credential stuffing and spambot.

It means that the e-mail address, password and possibly other details that you used on that site have been harvested by hackers. They can then use or pass on the details. So if you use the same e-mail/password combination on another site they could log in to your account.

Some really quite reputable sites have been hacked. What annoys me most is when they get hacked and don't tell the users. Ebay and LinkedIn waited months before telling people which obviously means that people are vulnerable for longer before changing passwords, etc.

 

[classic33]

This goes back to 2013. Adobe was one of the sites, and 8tracks, a music site was another. Not good is it. I can't remember the last time i used my laptop. I always just use my tablet now.


Never had an email like the one above, but i did have a message flash across the screen that said they would lock my tablet and make it unuseable until i send them money. I didn't and my tablet never worked again. I had to buy a new one and change passwords, emails etc.

It's possible to get rid of the ransomware.

 

[classic33]

Has anyone else been sent an email saying you clicked on a porn site and they filmed you via your webcam having a Barclays Bank, give us $2500 in Bitcoin or we email it to your friends and family and post it on Facebook? I've received two. The alarming thing was that they had my computer password in the title. It was not the password to my email account or Facebook account, but since I've set most my web accounts to remember my various passwords, I wondered whether it was possible to remote desk into my PC and open them. I don't think my router's firewall will allow it, but I don't really know enough about it. I suppose they could not really do that while I was at my PC because I'd notice my mouse moving around on its own and clicking on things. I don't know how they got the password. It was an old one, which I have changed now. I read somewhere that lots of personal information was lost via security breaches.

Had that, but given that I don't use the site they mentioned(facebook), their threat was pointless.

 

[smutchin]

Yeah, I had something similar. Again it was an old password so I ignored the email.

There's a site you can sign up with here which alerts you if your e-mail address turns up in a data set that has been hacked.

That's handy, thanks for the link. Apparently one of my email addresses has been pwned by something called Onliner Spambot, which sounds a bit sinister.

Also my Myspace account has been hacked. Well, I didn't even know I still had a Myspace account. No idea what the password would be but I might have to change some passwords on other sites in case I re-used the same ones...

I've had this porn threat email before as well, but I'm not concerned because I have put electrical tape over the built-in webcam on my iMac (handy tip from none other than Mark Zuckerberg). And of course I have never looked at online porn anyway...

 

[smutchin]

It's possible to get rid of the ransomware.

For entirely unrelated reasons, I wiped my Mac and reinstalled everything recently. That should do a fairly decent job of getting rid of any nasties.

However, unless you also change your passwords at the same time, they might still have a means of getting to you...

 

[Salar]

That's handy, thanks for the link. Apparently one of my email addresses has been pwned by something called Onliner Spambot, which sounds a bit sinister.

Same here onliner spambot, plus Linkedin as I expected

 

[MossCommuter]

The https://haveibeenpwned.com/ site pushes 1password as software to generate and store strong passwords. I have not used that software but I do notice that you have to pay for it.

An alternative that I use is KeePass (https://keepass.info/index.html) which is free. There are clients for Windows, Linux and Android.

It will generate strong passwords and you can choose to store the database in Google Drive so the same database is available across devices (so long as you have Google Drive installed on those devices). Google Drive is password protected and the database is further protected by encryption and a master password. You only have to remember that one master password which should be long and complex and memorable, e.g. I.Really.Like.Techno.Music!

Using this software means that my passwords are unique to each account that I have and they are also randomly generated; here's an example I generated for this post: :E0v"rZNu?K!zaZfE^'e

You do not need to know what they are (I never look). The application allows you to look up an entry by account name (e.g. "Cyclechat" or "Amazon"), have the password copied to your clipboard and then pasted into a website or app.