Hacked Passwords Being Used In Blackmail Attempt -- Expect More Of This
from the isn't-the-internet-greate dept
Last week I received the following email with my name and a very, very, very old password that I haven't used in probably at least a decade in the subject line (even though I'm not longer using it, I'm editing it out of this because... it's still weird):
I am aware, ********, is your pass word. You don't know me and you're probably wondering why you're getting this mail, right?
In fact, I actually installed a malware on the adult videos (adult porn) site and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated working as a RDP (Remote Desktop) having a key logger which provided me with access to your screen and cam. Immediately after that, my software collected all of your contacts from your Messenger, FB, and email.
What exactly did I do?
I created a double-screen video. First part displays the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, I believe, $2900 is a reasonable price for our little secret. You'll make the payment via Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address: [REDACTED] (It is cAsE sensitive, so copy and paste it)
Note:
You have one day to make the payment. (I've a specific pixel in this e mail, and right now I know that you have read through this email). If I don't receive the BitCoins, I will send your video recording to all of your contacts including members of your family, colleagues, and so forth. However, if I receive the payment, I will erase the video immidiately. If you really want evidence, reply with "Yes!" and I will send your video recording to your 9 friends. This is a non-negotiable offer, and thus do not waste my personal time and yours by responding to this message.
This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites), there are a whole bunch of other reasons why it was obvious that the email was fake and it would be literally impossible for the person to have whatever it was they claimed to have on me. I found it funny enough that I reached out to some other folks to see if this was getting around, and a few people told me they'd seen similar ones, noting that the final note about sending it to "9 friends" appeared to be an increase from the usual of "5" that they had seen before.
Indeed, Brian Krebs, who is always on top of these things, wrote a story about how a bunch of people got these emails last week. That one only asked for $1400, and also promised to send it to 5 friends. It has a few other slight differences to the one I received, but is pretty clearly sent by the same person/team of people with just a few modifications. Like the ones that Krebs reported on, mine appeared to come from an outlook.com email address. As Krebs notes, he expects that this particular scam is about to get a lot more popular, and will probably use a lot more recent set of passwords:
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.
And, at the very least, this scam appears to be working. It's unclear just how many people are receiving these emails -- and how many people are pointed to the same Bitcoin wallet address to pay -- but the one that Krebs included in his post shows a single payment of approximately $2000. When I first got the email the Bitcoin wallet address in the email I received showed no transactions, but I just looked again and there are two transactions, both within a day of when I received the email (one for .23 Bitcoins or ~$1600 and another for 0.3 Bitcoins or ~$2,000).
Of course, this should be a warning for everyone on a variety of levels:
- Use a password manager already, and stop saying they're too difficult to use. They are not.
- Use 2 factor authentication wherever possible
- Cover your webcam with a sticker or tape or something when not in use
- Don't believe every stupid threat email you receive
- Don't randomly pay money to every stupid emailer who pretends to threaten you
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: blackmail, hacked passwords, shakedown
Reader Comments
Subscribe: RSS
View by: Time | Thread
Our company's users rec'd 45 of these emails
[ link to this | view in chronology ]
Site worth noting:
I have no affiliation with that site, it did point out one of my accounts that warranted a password change, and I don't see that it should be able to do bad things (apart from address harvesting/verification) if you don't create an account. But if you think or know differently, correct me.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Oh??? Let me be the judge of that, I'm a professional.
[ link to this | view in chronology ]
So you use "important" site passwords for adult video sites? Interesting...
[ link to this | view in chronology ]
Re:
You might, and I mean might might be a bit strong, be able to read, but your comprehension sucks. The email claimed to have gotten the password from an adult site. Mike says he used that password for unimportant sites. That means that Mike considers his porn sites to be unimportant, but even that is pure conjecture, and I think that he visited an adult site is unlikely, and it is even more unlikely that he supplied that site with a password, one that he used on other sites. Get real.
Or, much more likely, the spammer got the password from some compromised site that Mike considered unimportant and stopped visiting long ago (or has a new password for), which was in fact not porn. Then the fraudster made a claim that it was taken from an adult site to put fear into the recipient. It does not appear that Mike has fear, which is also supportive of his not visiting adult sites.
If I had gotten this email, I would just look up that password in my password manager (pwsafe is my choice and works for me in Windows, Linux, and Android and I also see they have IOS versions) and then go to that site and change the password. They would have no video of me, as the tape over my webcam is fairly permanent and that webcam is rarely used. Any video they have would be of the back of the tape, and it would be clear to me that they had not even reviewed what they were threatening me with.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Real people register smurf email accounts that they only ever log into to check for those activation emails to activate accounts on pornography sites.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I guess I'm a 1%er... I get my extortion letters (lovingly printed on pulped trees and sealed in a stamped 1st class envelope) hand delivered to my door by a Uniformed Government Courier. Two letters in the last few weeks.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I'd assume Victorian era role play.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Also, if I produced any disturbing image in your head, you are welcome.
*shoes self out*
[ link to this | view in chronology ]
Re: Re:
We all know if you had a split screen of Mike and his browser, it would just be him with about 900 tabs open for tech and political news.
While potentially a sad statement on my life... this is incredibly accurate.
[ link to this | view in chronology ]
Clearly not a threat to take seriously...
[ link to this | view in chronology ]
No, you don't cause my email client doesn't load anything from the Internet unless I tell it to. Also, f*ck you ;)
[ link to this | view in chronology ]
ha ha ha ha ha
I will double-secret-dog-dare them to send this supposed "video" to all of my friends!!!
That should shut them up quite quickly.
what a bunch of looses!
[ link to this | view in chronology ]
.
"Do Your Worst"!....and wait to see what happens!...LoL! There's nothing like being "in the know" and watching these maggots flail about with their idle threats!. Anyone who doesn't cover their web-cam in this day & age?...is just ASKING for trouble. Its no wonder laptop makers are now including ways to "shutter" your webcam. but don't stop there, either cover your microphones too, or else NEVER speak a password aloud! If they can activate your web-cam, who's to say they can't activate your speakers as well? LoL!
Listen people its not hard, when you buy ANY device whether its a laptop or a desktop or a smartphone? the FIRST thing you should do is protect yourself by any means necessary. Install a firewall / malware / antivirus and be sure to RUN IT,...CONSTANTLY! Even if it might take up some time when you run it? the alternative is to login and find out your bank account has been emptied because someone was able to glean information from your machine. I for one? run Linux on my laptops and have more safeguards in place than an average PC user, so I'm not truly worried, not to mention I don't save passwords in ANY text document but have them stored in the ONE place that can NEVER be hacked! MY HEAD! When you throw in RKhunter, chRootkit, ClamAV, ufw, and the "ultimate" SELinux? (along with the fact that I'm running Kali Linux which is a hacker's "toolkit" of programs!) I don't fear this kind of thing. I guess these people are just desperate?...and hoping to find some elderly person who's easily frightened?
[ link to this | view in chronology ]
Re: .
Talk about a non sequitur... sounds like "I'm married and don't even OWN cookbooks".
You lose. As an I.T. Support Tech you should know that answering to such mails will, if at all, serve only to verify that your address is reachable and responsive for purposes of spamming and scamming.
[ link to this | view in chronology ]
Good work if you can get it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Same Scam from "Black Mirror"
Season 3, episode 3 contains essentially this exact scam, plus a bunch of other dystopian tech stuff (of course).
[ link to this | view in chronology ]
6- Don't open e-mail attachments unless you are positively sure the person actually sent you.
7- Use adblockers and, if possible, script blockers since some malware has been served via advertisement networks.
8- Avoid unknown websites if possible, avoid the ones that are not the usual .com (or the country variant with the country initials), .org, .net. Avoid new ones like .xxx like the plague.
There must be more points but those came to mind right now.
[ link to this | view in chronology ]
Another tip
The lid is either completely closed or cracked slightly open so I can press the power key- in other words, angled down. So if a hacker did manage to turn on my laptop's camera, they'd get a nice video of my floor... and maybe my feet as I walk by.
[ link to this | view in chronology ]
Re: Another tip
Angled down is fine.
[ link to this | view in chronology ]
haha
and i dont use a webcam , and as a actual hacker i got all my pron the good ol way via playboys website directly LOLOLOL...
ALLLL OF IT....
oh and this fucker is in the usa and california....not saying anymore....
oh and who am i ? i'm the guy in that online game that beat the 2012 strategy game champion from new zealand MUAHHA
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]