Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Chalco

(1,357 posts)
Sun Nov 18, 2018, 11:03 AM Nov 2018

Hacking question

This morning I received and email from myself. I knew right off it was suspicious. I opened it up and it was from someone who claimed that he got my email and passwords from hacking me and that he knew everything I did, every website I'd been to, etc. Then, he threatened that he would publish pictures of me looking at porn sites (I don't look at porn sites) unless I sent him bitcoin.

Ok, so I did some research and found out that more than likely he was able to get my info from breaches of perhaps Linkedin and one other site, but that the password(s) he might have gotten were from that and from nothing current.

Any thoughts on this? I check my bank account daily for any problems and my credit card every couple of days plus both are very quick to send me possible fraud notices. Do I need to change all my passwords even though I have had no problems?

Thanks

10 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Hacking question (Original Post) Chalco Nov 2018 OP
You should change your passwords, but it is a scam. 5X Nov 2018 #1
Every single one? Chalco Nov 2018 #2
The important ones for sure and the others if you use 5X Nov 2018 #3
Thanks Chalco Nov 2018 #4
I've been getting one a week SixString Nov 2018 #5
Looks very similar to the one I got! Thanks Chalco Nov 2018 #7
I got the same email a couple weeks ago. LakeSuperiorView Nov 2018 #6
Thanks, very helpful. nt Chalco Nov 2018 #8
I got those for a while - it's a scam csziggy Nov 2018 #9
It was almost certainly from a previous compromise... SKKY Jan 2019 #10

Chalco

(1,357 posts)
2. Every single one?
Reply to 5X (Reply #1)
Sun Nov 18, 2018, 11:17 AM
Nov 2018

or just important ones like financial?

Just asking because I have passwords in libraries, amazon, washington post, etc

SixString

(1,057 posts)
5. I've been getting one a week
Sun Nov 18, 2018, 11:49 AM
Nov 2018

for the last several months.
I think they got my password from a Yahoo hack. It is not my email password and it is easy to spoof your email address to make it look like it was sent from your account.
I wouldn't worry about it. Just change your passwords regularly.


I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account ****************** (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $838 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!
 

LakeSuperiorView

(1,533 posts)
6. I got the same email a couple weeks ago.
Sun Nov 18, 2018, 11:52 AM
Nov 2018

It is easy to make an email look like it is coming from any given address. The real origin is buried in the headers that are not displayed on most email readers, but it was almost certainly a disposable email account that is already dead and untraceable.

The password they obtained was from a breach of security at a site where you used it.

That password only gives them access to your account at sites where you used the password with the same email address. Given that there are many sites where people can have accounts, finding other sites is a wild goose chase.

That password gives them no inherent access to your computer.

That said, change your password at sites where you used that password or similar variants, with that same email address.

It's best to have multiple email addresses with different purposes. One to be used on sites that really matter, like banking. One for shopping online ( I don't, so I don't have an email for this). One for low security stuff where the site makes you create an account, but no money is involved.

The scammer is hoping that you will be afraid and unknowledgeable enough to deposit the money to their bitcoin account. It is a phishing attempt, they have no power to actually do anything they say.

csziggy

(34,189 posts)
9. I got those for a while - it's a scam
Sun Nov 18, 2018, 10:56 PM
Nov 2018

They are spoofing your address and in my case even my web host info down to the server where my site (and some email addresses) are hosted.

When I got the first one I called my web host and the tech I talked to was very reassuring about it. He did recommend changing passwords on all my accounts, but frankly I never bothered. (I had to leave town to go to a wedding, then take care of business.)

Since then I have gotten several more but none of their threat ever came to anything. One dated Nov. 3 said they had hacked my account on Nov. 8!

I just wish they'd tried to call me - I keep a whistle near the phone to use on the Windows Technical Support and IRS scammers. I would love to use it on these clowns.

SKKY

(12,237 posts)
10. It was almost certainly from a previous compromise...
Thu Jan 3, 2019, 05:27 PM
Jan 2019

...and unfortunately there isn't much you can do about it in terms of not receiving these kinds of emails. There have been so many breaches, across so many platforms and services, it is almost impossible to imagine a scenario where at least some of your information isn't out there in the wild somewhere. But, all is not lost and it sounds like you're making good decisions as far as monitoring things. Change your passwords, all of them, and enforce two-factor authentication for all your accounts that offer it. Get credit monitoring through your bank. If your bank doesn't offer it, get a different bank.

Latest Discussions»Help & Search»Computer Help and Support»Hacking question