Malware blackmail is real

Craig234

Lifer
May 1, 2006
38,242
280
126
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
 

Cyco

Diamond Member
Jan 15, 2002
4,081
122
106
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
Yeah, you're screwed. I got one of those and ignored it, now nobody in my family allows me near bald female midgets. Seriously though, wasn't this the plot to a Black Mirror episode?
 
  • Haha
Reactions: pcgeek11

Raizinman

Platinum Member
Sep 7, 2007
2,299
25
91
Whenever you hear about some company who got hacked like Applebees or Kmart or whoever and the thief stole all the users emails and passwords, this is where they got your user name and password. Now, you have millions of usernames and passwords, what do you do with them. You send a form letter to each person threatening blackmail. Yes, 98% of the people will just delete the email or just change thier password but a few will take it serious and send in money. Heck, if I sent $2000 of bitcoin to every blackmailer that sent me an email, I'ld be millions in debt. The hackers pass around these lists of names and passwords and each do their best to try and suck money from people like you who get excited about it. Just change your password.
 
  • Like
Reactions: stargazr

sandorski

No Lifer
Oct 10, 1999
67,423
2,599
126
In the last couple months twice I had to Google a suspicious e-mail request that turned out to be Phishing scams. They are quite sophisticated, especially when they coincide with certain regular Bill Payments with services one uses.
 
  • Like
Reactions: zinfamous

Ken g6

Programming Moderator, Elite Member
Moderator
Dec 11, 1999
14,968
1,935
55
Duplicate thread?

 

Muse

Lifer
Jul 11, 2001
25,713
1,502
126
Whenever you hear about some company who got hacked like Applebees or Kmart or whoever and the thief stole all the users emails and passwords, this is where they got your user name and password. Now, you have millions of usernames and passwords, what do you do with them. You send a form letter to each person threatening blackmail. Yes, 98% of the people will just delete the email or just change thier password but a few will take it serious and send in money. Heck, if I sent $2000 of bitcoin to every blackmailer that sent me an email, I'ld be millions in debt. The hackers pass around these lists of names and passwords and each do their best to try and suck money from people like you who get excited about it. Just change your password.
Some years ago I used to use the same password for a lot of sites. But for sites where I was concerned, I'd stiffen up my system. I mean, for some sites I figure "what does it matter if they have my password?" WTF can they do with it? Impersonate me? Post in their forum pretending to be me? So what? Why would they want to do that?

Nowadays I have passwords specific to each site. One won't work for another. If someone showed me proof they had my password, I could reverse engineer it and figure out what site they had hacked and go there and change my password.

I figure one of these days I'll adopt one of the many password manager systems. I just haven't identified the one I want to use and AFAIK haven't had a good reason to move forward on that project. If you ask me what my password is for a specific site, I probably can't tell you. But I have data that tells me. If you saw the data you wouldn't know what to make of it! It's coded and only I know what the code is. It's kinda weird, but it works. I figure it's conceivable that someone would get me data, but teasing my passwords out of it would drive them nuts. Maybe the CIA could do it, but the CIA isn't gonna bother.
 
Last edited:

Muse

Lifer
Jul 11, 2001
25,713
1,502
126
Couple nights ago I saw a story on TV that UCSF (University of California, San Francisco) was hacked and they paid a million dollars to have some critical data released to them. What boneheads! I can't believe they would leave themselves vulnerable to ransomware. I don't think there's a hacker in the world that could separate me from my critical data. I have it backed up to multiple offsite locations. UCSF is contracting some security folks to fix 'em up.

Like I said, even if they had my data there's probably nothing they could do with it. I don't keep that kind of info in my data, even credit card numbers.
 

BudAshes

Lifer
Jul 20, 2003
12,213
1,150
126
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.
Well I'm sure the FBI will get right on that, LOL.

 
  • Like
Reactions: Captante

Captante

Lifer
Oct 20, 2003
15,056
741
126
I almost never check my Comcast e-mail, but I did today, and earlier this month I got an e-mail, with the subject being a password I do use sometimes, and it basically was a blackmail e-mail. If I didn't send $1900 within a day to some scan code thing it listed, he would send a video of I don't know what to all my contacts. It said it got my password through Malware on an unspecified site I'd vitied.

So, the crap is real. I submitted to the FBI. It was sophisticated enough that I couldn't cut and paste the content, it was in some graphics setup where each line of text was a graphic object.

I have a special highly skilled technique for dealing with this type of email ... mark as spam and delete.
 

Red Squirrel

No Lifer
May 24, 2003
55,940
7,489
126
www.uovalor.com
I was getting harassed badly by those for a while. Seems to have stopped now. The part that does worry me is no knowing whether or not I really am hacked. Some of them even stated my email server was hacked, but I can't find anything weird on the server indicating that so not sure if it's just BS or what.
 

Captante

Lifer
Oct 20, 2003
15,056
741
126
I was getting harassed badly by those for a while. Seems to have stopped now. The part that does worry me is no knowing whether or not I really am hacked. Some of them even stated my email server was hacked, but I can't find anything weird on the server indicating that so not sure if it's just BS or what.

Most likely sequence of events:

(1) Password/email for single website/account stolen (or guessed successfully)

(2) Password/email placed on dark-web for sale

(3) Bad-actor buys said password/email ID (likely for very cheap)

(4) Same buyer spends a few minutes typing up email and sends to Red Squirrel

(5) Profit ... ? * (lets try to avoid this step!)


Solution:

(1) 2FA for everything, especially email and financial.

(2) Keepass, Lastpass or other trusted PW manager. (NOT a browser based one)

(3) Don't even look at emails like this in future.
 
Last edited:

Craig234

Lifer
May 1, 2006
38,242
280
126
Like I said, even if they had my data there's probably nothing they could do with it. I don't keep that kind of info in my data, even credit card numbers.
The problem generally isn't what they can do with the data, but what you can't do losing it. But if, say, they threatened to release private patient data, that could be a huge threat.
 

Craig234

Lifer
May 1, 2006
38,242
280
126
Can some dude take control of my smartphone camera?
Taking control of cameras is definitely a thing. Watch Jim Browning's videos to see him take control of scammers' cameras and watch them as they try to scam him, while they're confused why their camera light is on. I'm not sure how vulnerable phones are.
 
  • Like
Reactions: Captante

Craig234

Lifer
May 1, 2006
38,242
280
126
Every time you use a website that wants you to create a login, of course, they have your password for that site and if they're not trustworthy, they can do something like this. Ideally, if you use different passwords, you can identify which site did it by the password and report them to the FBI.

I use a throwaway password for low-priority sites I don't care about for my convenience, so I couldn't isolate that.
 
  • Like
Reactions: Captante

zinfamous

No Lifer
Jul 12, 2006
101,026
15,154
136
Most likely sequence of events:

(1) Password/email for single website/account stolen (or guessed successfully)

(2) Password/email placed on dark-web for sale

(3) Bad-actor buys said password/email ID (likely for very cheap)

(4) Same buyer spends a few minutes typing up email and sends to Red Squirrel

(5) Profit ... ? * (lets try to avoid this step!)


Solution:

(1) 2FA for everything, especially email and financial.

(2) Keepass, Lastpass or other trusted PW manager. (NOT a browser based one)

(3) Don't even look at emails like this in future.
pretty much. I know I've been compromised in the past because I've gotten former employer/Newegg/Equifax/Target, etc security breach notices.

the recent phishing email I got revealed a very real password, for an undisclosed account, that I used to use long ago (and yeah, repeatedly, lol). But that was so long ago. Also, if they really had video of me fapping to porn, they they have like, spent the time to send proof of material, right?

The hope with these is that the demand is pretty low (like, $1k in BTC), that they hope someone will just send it over without spending much time thinking about it.


I actually did consider if this was real, for like 2 days. It did surprise me a bit. But even before I realized that there was no way it could be real, I didn't even care what they did if they actually had such video. I was look, why the eff do I care if they start sending videos of me watching porn to people? lol
 
  • Like
Reactions: Captante

ASK THE COMMUNITY