HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Computer Help and Support (Group) » Hacking question

Sun Nov 18, 2018, 11:03 AM

Hacking question

This morning I received and email from myself. I knew right off it was suspicious. I opened it up and it was from someone who claimed that he got my email and passwords from hacking me and that he knew everything I did, every website I'd been to, etc. Then, he threatened that he would publish pictures of me looking at porn sites (I don't look at porn sites) unless I sent him bitcoin.

Ok, so I did some research and found out that more than likely he was able to get my info from breaches of perhaps Linkedin and one other site, but that the password(s) he might have gotten were from that and from nothing current.

Any thoughts on this? I check my bank account daily for any problems and my credit card every couple of days plus both are very quick to send me possible fraud notices. Do I need to change all my passwords even though I have had no problems?

Thanks

10 replies, 832 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 10 replies Author Time Post
Reply Hacking question (Original post)
Chalco Nov 2018 OP
5X Nov 2018 #1
Chalco Nov 2018 #2
5X Nov 2018 #3
Chalco Nov 2018 #4
SixString Nov 2018 #5
Chalco Nov 2018 #7
LakeSuperiorView Nov 2018 #6
Chalco Nov 2018 #8
csziggy Nov 2018 #9
SKKY Jan 2019 #10

Response to Chalco (Original post)

Sun Nov 18, 2018, 11:12 AM

1. You should change your passwords, but it is a scam.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 5X (Reply #1)

Sun Nov 18, 2018, 11:17 AM

2. Every single one?

or just important ones like financial?

Just asking because I have passwords in libraries, amazon, washington post, etc

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chalco (Reply #2)

Sun Nov 18, 2018, 11:21 AM

3. The important ones for sure and the others if you use

the same one in multiple places.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 5X (Reply #3)

Sun Nov 18, 2018, 11:42 AM

4. Thanks

This is a huge job!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chalco (Original post)

Sun Nov 18, 2018, 11:49 AM

5. I've been getting one a week

for the last several months.
I think they got my password from a Yahoo hack. It is not my email password and it is easy to spoof your email address to make it look like it was sent from your account.
I wouldn't worry about it. Just change your passwords regularly.


I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account ****************** (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $838 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SixString (Reply #5)

Sun Nov 18, 2018, 12:35 PM

7. Looks very similar to the one I got! Thanks

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chalco (Original post)

Sun Nov 18, 2018, 11:52 AM

6. I got the same email a couple weeks ago.

 

It is easy to make an email look like it is coming from any given address. The real origin is buried in the headers that are not displayed on most email readers, but it was almost certainly a disposable email account that is already dead and untraceable.

The password they obtained was from a breach of security at a site where you used it.

That password only gives them access to your account at sites where you used the password with the same email address. Given that there are many sites where people can have accounts, finding other sites is a wild goose chase.

That password gives them no inherent access to your computer.

That said, change your password at sites where you used that password or similar variants, with that same email address.

It's best to have multiple email addresses with different purposes. One to be used on sites that really matter, like banking. One for shopping online ( I don't, so I don't have an email for this). One for low security stuff where the site makes you create an account, but no money is involved.

The scammer is hoping that you will be afraid and unknowledgeable enough to deposit the money to their bitcoin account. It is a phishing attempt, they have no power to actually do anything they say.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LakeSuperiorView (Reply #6)

Sun Nov 18, 2018, 12:35 PM

8. Thanks, very helpful. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chalco (Original post)

Sun Nov 18, 2018, 10:56 PM

9. I got those for a while - it's a scam

They are spoofing your address and in my case even my web host info down to the server where my site (and some email addresses) are hosted.

When I got the first one I called my web host and the tech I talked to was very reassuring about it. He did recommend changing passwords on all my accounts, but frankly I never bothered. (I had to leave town to go to a wedding, then take care of business.)

Since then I have gotten several more but none of their threat ever came to anything. One dated Nov. 3 said they had hacked my account on Nov. 8!

I just wish they'd tried to call me - I keep a whistle near the phone to use on the Windows Technical Support and IRS scammers. I would love to use it on these clowns.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chalco (Original post)

Thu Jan 3, 2019, 05:27 PM

10. It was almost certainly from a previous compromise...

...and unfortunately there isn't much you can do about it in terms of not receiving these kinds of emails. There have been so many breaches, across so many platforms and services, it is almost impossible to imagine a scenario where at least some of your information isn't out there in the wild somewhere. But, all is not lost and it sounds like you're making good decisions as far as monitoring things. Change your passwords, all of them, and enforce two-factor authentication for all your accounts that offer it. Get credit monitoring through your bank. If your bank doesn't offer it, get a different bank.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread