PDA

View Full Version : Yet Another Scam


Naughty Nigel
19th March 2019, 11:29 AM
I received an email yesterday evening from some chancer who claimed to have hacked into my computer whilst I was visiting an 'adult website' and that he (or she) had all of my passwords and contacts.

He then said that he thought "$650 was a reasonable price for keeping our dirty little secret safe" and that if payment was not received in Bitcoin within 24 hours he would let all of my contacts know. :rolleyes:

I actually thought it was quite funny but I daresay one or two will fall for it.

Otto
19th March 2019, 11:36 AM
I've had several of those these last few months. One of them did actually state my real (then) password, owing to the data leak at Adobe becoming public.

Zuiko
19th March 2019, 11:37 AM
Nigel, you really must stop visiting the "Huge Organs" website! :D

pdk42
19th March 2019, 12:23 PM
That one's been doing the rounds for a month or so now. What I find amusing is that the sort of people who might be fooled by it are likely to be even less clued up on how to do a bitcoin transaction.

TimP
19th March 2019, 12:26 PM
That one's been doing the rounds for a month or so now. What I find amusing is that the sort of people who might be fooled by it are likely to be even less clued up on how to do a bitcoin transaction.

Good point!

Grumpy Hec
20th March 2019, 09:55 AM
I've had that one with the added variation of the claim that they activated my video camera on my monitor. A neat trick as my monitor doesn't have one!

I'm intrigued where these people get the email addresses from as some time ago we had a series of very unpleasant emails of a graphic nature on our shared kitchen machine. They stopped but we could never understand what had happened to trigger them.

Hec

Naughty Nigel
20th March 2019, 12:04 PM
Email addresses come from a variety of sources. Some come from hacked email accounts, but others come from web pages where the email address is displayed as a link. These can be skimmed by the many 'bots' that trawl the internet.

Sending circulars and mail shots with dozens of email addresses in the 'to' box is another weakness, especially if one of the recipients' email accounts is hacked. (The GDPR makes it illegal for organisations to send emails this way.)

Many organisations now display an image of their email addressees rather than text so it needs a human being to read them and enter the address into an email client. It is also best to avoid catch-all email addresses such as info@xxxx because they are so easy to target.

Jax
20th March 2019, 12:24 PM
Email addresses come from a variety of sources. Some come from hacked email accounts, but others come from web pages where the email address is displayed as a link. These can be skimmed by the many 'bots' that trawl the internet.

Sending circulars and mail shots with dozens of email addresses in the 'to' box is another weakness, especially if one of the recipients' email accounts is hacked. (The GDPR makes it illegal for organisations to send emails this way.)

Many organisations now display an image of their email addressees rather than text so it needs a human being to read them and enter the address into an email client. It is also best to avoid catch-all email addresses such as info@xxxx because they are so easy to target.

Many large companies have systems in place to prevent employees using USB memory sticks on their systems. Where this is not applied it's a simple matter to download e-mail addresses and sell them on. I've been told that Gmail addresses seem to be the favourite target with many harvesting bots available for free download via dodgy web sites. It does make the business ethics of companies such as Google, willing to purchase harvested addresses very questionable.

I maintain using a VPN for all sites stops 99% of all spam, even though I've no idea why it should.


Jax

shenstone
20th March 2019, 05:25 PM
Indeed this has been going around for a while. they way they hook people in is that they often do have that person's email and passwords, not because they have visited such a site, but because of data breaches

A couple of very useful things to read on this topic are https://www.theregister.co.uk/2019/01/17/770m_emails_passwords_breach_collection_1/

and https://haveibeenpwned.com/FAQs

then search for your email and any common passwords you use via https://haveibeenpwned.com/ and https://haveibeenpwned.com/Passwords

then if you came up on any Pwned sites change the password on those sites and change the password on any sites where you used that same password (if you do that)

Troy Hunter recommends 1pass as a password manager https://1password.com/haveibeenpwned/ I use Keepass https://keepass.info/index.html

I hope that's useful

regards
Andy

Jim Ford
20th March 2019, 07:35 PM
Email addresses come from a variety of sources. Some come from hacked email accounts, but others come from web pages where the email address is displayed as a link. These can be skimmed by the many 'bots' that trawl the internet.

You can 'poison' the spammer's database with:

http://www.spampoison.com/

I'd use it if I had a website!

Jim