• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Malware blackmail is real

C

Craig234

Lifer
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
 
Craig234 said:
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
Click to expand...
Yeah, you're screwed. I got one of those and ignored it, now nobody in my family allows me near bald female midgets. Seriously though, wasn't this the plot to a Black Mirror episode?
 
Whenever you hear about some company who got hacked like Applebees or Kmart or whoever and the thief stole all the users emails and passwords, this is where they got your user name and password. Now, you have millions of usernames and passwords, what do you do with them. You send a form letter to each person threatening blackmail. Yes, 98% of the people will just delete the email or just change thier password but a few will take it serious and send in money. Heck, if I sent $2000 of bitcoin to every blackmailer that sent me an email, I'ld be millions in debt. The hackers pass around these lists of names and passwords and each do their best to try and suck money from people like you who get excited about it. Just change your password.
 
In the last couple months twice I had to Google a suspicious e-mail request that turned out to be Phishing scams. They are quite sophisticated, especially when they coincide with certain regular Bill Payments with services one uses.
 
Duplicate thread?

Think I got hacked

Got this email, the subject was one of the passwords I use online. I don't really use it for a lot of stuff anymore if anything and actually changed it everywhere a while back but the fact that they got it is concerning enough as is. Going to go around and change all my existing passwords just...
forums.anandtech.com
 
Raizinman said:
Whenever you hear about some company who got hacked like Applebees or Kmart or whoever and the thief stole all the users emails and passwords, this is where they got your user name and password. Now, you have millions of usernames and passwords, what do you do with them. You send a form letter to each person threatening blackmail. Yes, 98% of the people will just delete the email or just change thier password but a few will take it serious and send in money. Heck, if I sent $2000 of bitcoin to every blackmailer that sent me an email, I'ld be millions in debt. The hackers pass around these lists of names and passwords and each do their best to try and suck money from people like you who get excited about it. Just change your password.
Click to expand...
Some years ago I used to use the same password for a lot of sites. But for sites where I was concerned, I'd stiffen up my system. I mean, for some sites I figure "what does it matter if they have my password?" WTF can they do with it? Impersonate me? Post in their forum pretending to be me? So what? Why would they want to do that?

Nowadays I have passwords specific to each site. One won't work for another. If someone showed me proof they had my password, I could reverse engineer it and figure out what site they had hacked and go there and change my password.

I figure one of these days I'll adopt one of the many password manager systems. I just haven't identified the one I want to use and AFAIK haven't had a good reason to move forward on that project. If you ask me what my password is for a specific site, I probably can't tell you. But I have data that tells me. If you saw the data you wouldn't know what to make of it! It's coded and only I know what the code is. It's kinda weird, but it works. I figure it's conceivable that someone would get me data, but teasing my passwords out of it would drive them nuts. Maybe the CIA could do it, but the CIA isn't gonna bother.
 
Last edited:
Couple nights ago I saw a story on TV that UCSF (University of California, San Francisco) was hacked and they paid a million dollars to have some critical data released to them. What boneheads! I can't believe they would leave themselves vulnerable to ransomware. I don't think there's a hacker in the world that could separate me from my critical data. I have it backed up to multiple offsite locations. UCSF is contracting some security folks to fix 'em up.

Like I said, even if they had my data there's probably nothing they could do with it. I don't keep that kind of info in my data, even credit card numbers.
 
Craig234 said:
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
Click to expand...

Well I'm sure the FBI will get right on that, LOL.

ew6GE4TxByQzWGTBIw2dGprsxr4XgmoUX2vLY4A12aalqGMJG71dmSC9IgbP_PVyG5fB0YMRRYhH249p3IlEVcD3ELOWLKt51g6vFiiXYx4-WdMoVbzHBP60DHUPp5jM6UDjAZG2eaowHwiN7HmH-G3kOtUSD_bPz1VzAQ
 
Craig234 said:
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
Click to expand...


I have a special highly skilled technique for dealing with this type of email ... mark as spam and delete.
 
I was getting harassed badly by those for a while. Seems to have stopped now. The part that does worry me is no knowing whether or not I really am hacked. Some of them even stated my email server was hacked, but I can't find anything weird on the server indicating that so not sure if it's just BS or what.
 
Red Squirrel said:
I was getting harassed badly by those for a while. Seems to have stopped now. The part that does worry me is no knowing whether or not I really am hacked. Some of them even stated my email server was hacked, but I can't find anything weird on the server indicating that so not sure if it's just BS or what.
Click to expand...


Most likely sequence of events:

(1) Password/email for single website/account stolen (or guessed successfully)

(2) Password/email placed on dark-web for sale

(3) Bad-actor buys said password/email ID (likely for very cheap)

(4) Same buyer spends a few minutes typing up email and sends to Red Squirrel

(5) Profit ... ? * (lets try to avoid this step!)


Solution:

(1) 2FA for everything, especially email and financial.

(2) Keepass, Lastpass or other trusted PW manager. (NOT a browser based one)

(3) Don't even look at emails like this in future.
 
Last edited:
Muse said:
Like I said, even if they had my data there's probably nothing they could do with it. I don't keep that kind of info in my data, even credit card numbers.
Click to expand...

The problem generally isn't what they can do with the data, but what you can't do losing it. But if, say, they threatened to release private patient data, that could be a huge threat.
 
Mai72 said:
Can some dude take control of my smartphone camera?
Click to expand...

Taking control of cameras is definitely a thing. Watch Jim Browning's videos to see him take control of scammers' cameras and watch them as they try to scam him, while they're confused why their camera light is on. I'm not sure how vulnerable phones are.
 
Every time you use a website that wants you to create a login, of course, they have your password for that site and if they're not trustworthy, they can do something like this. Ideally, if you use different passwords, you can identify which site did it by the password and report them to the FBI.

I use a throwaway password for low-priority sites I don't care about for my convenience, so I couldn't isolate that.
 
Captante said:
Most likely sequence of events:

(1) Password/email for single website/account stolen (or guessed successfully)

(2) Password/email placed on dark-web for sale

(3) Bad-actor buys said password/email ID (likely for very cheap)

(4) Same buyer spends a few minutes typing up email and sends to Red Squirrel

(5) Profit ... ? * (lets try to avoid this step!)


Solution:

(1) 2FA for everything, especially email and financial.

(2) Keepass, Lastpass or other trusted PW manager. (NOT a browser based one)

(3) Don't even look at emails like this in future.
Click to expand...

pretty much. I know I've been compromised in the past because I've gotten former employer/Newegg/Equifax/Target, etc security breach notices.

the recent phishing email I got revealed a very real password, for an undisclosed account, that I used to use long ago (and yeah, repeatedly, lol). But that was so long ago. Also, if they really had video of me fapping to porn, they they have like, spent the time to send proof of material, right?

The hope with these is that the demand is pretty low (like, $1k in BTC), that they hope someone will just send it over without spending much time thinking about it.


I actually did consider if this was real, for like 2 days. It did surprise me a bit. But even before I realized that there was no way it could be real, I didn't even care what they did if they actually had such video. I was look, why the eff do I care if they start sending videos of me watching porn to people? lol
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top