Phishing/Blackmail Attempt

Tacitus · Dec 24, 2018, 08:51:11

Has anyone on here seen/received one these emails. Note that the *from* address is a valid iDNet address, which has probably been spoofed. My guess is that it's from some teenager that's got hold of the email address and is trying a sideline in blackmail. The Mac version of Sophos has found nothing, but for good measure the password to the account has been changed. Needless to say there is no porn or social media stuff since the victim neither visits porn sites or uses FaceBook or Twitter.

Quote
Subject: XX[AT]idnet.*** has been hacked

Hello!

My nickname in darknet is Z******.

I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox. (xx[AT]idnet.***)

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.

Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.

You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.

Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?

If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): (REFERENCE SUPPLIED) As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.

Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!

After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.

Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!

Good luck!

I've forwarded it to iDNet in case it is part of a wider hacking effort, but they're on their Hols and so far there's been no reply.

Ray · Dec 24, 2018, 09:53:30

Yes, Tacitus, I had a few of these about 3-4 weeks ago on one of my own domain email accounts, I've deleted the account and have had no more of them. I've since found out that this email account had been compromised in a data breach at Adobe in 2014 and had obviously been passed around to spammers and the like.

Gary · Dec 24, 2018, 10:17:53

Its a scam, they are preying on people that may use the same password for multiple accounts, and also anyone that has passed erm... personal pics. They have not infected your OS, thisi s a social engineering scam to try to get you to pay up. Also not everything from the Darknet is evil, the fact they use such names shows even more the fear factor they try to push. Your email address has been grabbed but I would not worry, this email is doing the rounds, just google it.

https://apple.stackexchange.com/questions/340295/received-an-email-saying-someone-has-hacked-my-email-account

https://www.bleepingcomputer.com/forums/t/685419/family-member-received-suspicious-email-from-themself/

Simon · Dec 24, 2018, 10:19:50

Pretty scary stuff! Not had any myself, but it would be interesting to hear if IDNet have anything to say about it.

Tacitus · Dec 24, 2018, 10:39:49

Quote from: Ray on Dec 24, 2018, 09:53:30
Yes, Tacitus, I had a few of these about 3-4 weeks ago on one of my own domain email accounts, I've deleted the account and have had no more of them. I've since found out that this email account had been compromised in a data breach at Adobe in 2014 and had obviously been passed around to spammers and the like.

I doubt the iDNet account iteself has been compromised, more likely somewhere else has been and they've harvested the email from that and passed it around. We've always used pretty strong passwords which are renewed every so-often, but of course you never know.

I think it's probably a one-off, but if there are any more then I'll have to decide what action we take.

Tacitus · Dec 24, 2018, 10:47:39

Quote from: Simon on Dec 24, 2018, 10:19:50
Pretty scary stuff! Not had any myself, but it would be interesting to hear if IDNet have anything to say about it.

Yes I would be interested to hear if iDNet have anything to say. I'm not sure how good their precaution are at blocking attempted hacks since I only use my iDNet address as a fallback.

Gary · Dec 24, 2018, 11:04:25

Quote from: Tacitus on Dec 24, 2018, 10:47:39
Yes I would be interested to hear if iDNet have anything to say. I'm not sure how good their precaution are at blocking attempted hacks since I only use my iDNet address as a fallback.

Nothing has been hacked, its just your email has been harvested and they are hoping to scare you into parting with money. To quote

"Sextortion scams are when an attacker sends emails to people stating that their computer is hacked and that the attackers have been recording the screen and webcam as the user visits adult sites. The scammers then blackmail the recipients by stating they will release the videos if they do not receive a payment in bitcoins.

In the past, the sextortion emails would just include a target's password that the attackers found from a data breach dump in order to scare the victim into thinking that the threats were real. Now the scammers are also pretending to have access to the target's email account by spoofing the sender of the scam email to be the same email as the victim" Just ignore it, make sure passwords are not all the same and update any you may have not for a while, as lots of people are getting variants of the same email, thankfully you did not fall for it though.

Edit* A useful website is https://haveibeenpwned.com/ which you can type an email address into and it will tell you if its been grabbed in a data breach and had lots of passwords that have been harvested in dumps from breaches too so you can tell if any of yours has.

Heres more info on the site, it is legitimate and really useful.

https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

Tacitus · Dec 24, 2018, 12:19:50

Quote from: Gary on Dec 24, 2018, 11:04:25
Nothing has been hacked, its just your email has been harvested and they are hoping to scare you into parting with money. To quote

Now the scammers are also pretending to have access to the target's email account by spoofing the sender of the scam email to be the same email as the victim"

Pretty much what I thought. tThe sending address being the same as the *to* address is meaningless although it should form a good indication that everything that follows is spam and the mail should be rejected.

QuoteJust ignore it, make sure passwords are not all the same and update any you may have not for a while, as lots of people are getting variants of the same email, thankfully you did not fall for it though.

No action was taken, the email being ignored other than my own curiosity since it differed from the usual phishing attempts. Passwords are different all the way through and rarely less than 16 mixed characters.

QuoteEdit* A useful website is https://haveibeenpwned.com/ which you can type an email address into and it will tell you if its been grabbed in a data breach and had lots of passwords that have been harvested in dumps from breaches too so you can tell if any of yours has.
Heres more info on the site, it is legitimate and really useful.
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

Thanks Gary those are a couple of useful sites. Using it shows that the email address was compromised via a couple of data breaches. Surprisingly one was via DropBox.

Broadback · Dec 24, 2018, 16:11:59

I have had a number of these. There has been a number that told me they were monitor my web usage and that they have pictures of me masturbating on my camera. Hardly likely, i have no camera connected to the internet, I just delete them and put them in my spam file. I hear no more. I am tempted to call them w*nk*rs, but that may offend someone here!

zappaDPJ · Dec 24, 2018, 18:18:25

I'm fairly sure I've had that one a number of times. To be honest unless I recognise the sender almost all my email goes in the bin unread these days.

Glenn · Dec 25, 2018, 12:03:53

I've had the type of emails I reported them to Action Fraud but got no reply.

dlorde · Dec 25, 2018, 15:56:06

I had that very email this morning - with my Google email address and a simple password that I only use on forums (I'll make them unique eventually). There's no personal information available through those that isn't publically available anyway.

For important sites, I use strong generated passwords and 2-factor authentication, if possible (Bitwarden is very handy for all that stuff).

nowster · Dec 25, 2018, 16:25:29

I've started using KeepassX recently.

zappaDPJ · Dec 25, 2018, 17:25:51

I use a notepad file on a USB memory stick to store my logins, all of which use a 32 or 64 digit, randomly generated password. When I need them I cut and paste. I don't know if it's a particularly good solution but I'm paranoid and don't like the idea of using a password manager or even typing my password into a field.

I also use a unique email address for every new login so I can usually tell fairly quickly who has been compromised or otherwise lax with my data.

Clive · Dec 25, 2018, 21:01:07

Mrs Clive has received several during the past few months and dutifully reports them to Action Fraud. The attack is facilitated by an enormous Yahoo attack in 2014 when millions of Yahoo passwords were hacked. If you had a Yahoo account back then that might be the reason they appear to be so clever.

nowster · Dec 25, 2018, 22:30:28

It wasn't just Yahoo. Other sites were affected. I tend to use unique passwords for each site, so could tell which one had been hacked.

Gary · Dec 26, 2018, 09:47:47

Quote from: zappaDPJ on Dec 25, 2018, 17:25:51
I use a notepad file on a USB memory stick to store my logins, all of which use a 32 or 64 digit, randomly generated password. When I need them I cut and paste. I don't know if it's a particularly good solution but I'm paranoid and don't like the idea of using a password manager or even typing my password into a field.

I also use a unique email address for every new login so I can usually tell fairly quickly who has been compromised or otherwise lax with my data.

I do a very similar thing, I use Protonmail for extra security and anonymity and my router has a OpenVPN client called a Hybrid VPN that allows me to decide what services and devices use my VPN, so my email and browsing could say for instance but my auto update does not and iTiunes does not if I wanted it that way,, same for any cleint in my home which is really handy. The thing is you can be traced not only via cookies etc these days but even your browsers screen size or your computers, its hard to keep safe these days.

Technical Ben · Dec 26, 2018, 10:48:14

Quote from: Clive on Dec 25, 2018, 21:01:07
Mrs Clive has received several during the past few months and dutifully reports them to Action Fraud. The attack is facilitated by an enormous Yahoo attack in 2014 when millions of Yahoo passwords were hacked. If you had a Yahoo account back then that might be the reason they appear to be so clever.

Yep. They got some details, but no real info.