cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

E-Mail Password Threat

jolooote
Explorer
Explorer
Hi all. I finally received that dreaded Email wanting $912 or they will shut me down. It shows one of my Passwords correctly. What can I do about it?
Joe & Charlotte

2020 Jayco Greyhawk Prestige 29MV Celestial Blue Full Body Paint E-450 305hp V10 6spd Class C 'COACH'


2012 Jeep Wrangler 285hp V6 'TOAD'


Gabby & Molly are Dogs
Leroy's a Conure, Loretta's a Squeaker

"Once it starts breakin'...GET RID OF IT!!!"
38 REPLIES 38

T18skyguy
Explorer
Explorer
austinjenna wrote:
Also setup 2 factor authentication

This is a good idea if it's offered on the site. I use a password manager(Lastpass) which is really convenient. Youtube was a big help in learning the details of how to use Lastpass. If your still inputting each password individually, make it as long as possible(12 digits) with a mix of upper case, lower case, numbers, and special characters. Another possible way to get your password is brute force. Top tier brute force computers can guess 350 billion guesses per second, but most don't have that power.
Retired Anesthetist. LTP. Pilot with mechanic/inspection ratings. Between rigs right now.. Wife and daughter. Four cats which we must obey.

mr__ed
Explorer
Explorer
I got a scary message along with voice on my computer screen recently. It completely froze my computer and I couldn't access task manager to disable it the bug. I had to perform a hard shutdown. Upon restart, everything was normal. I ran my Malwarebytes program but didn't locate any bugs. Neither did Windows defender. I suspect it may have been attempted ransomware.
Mr. Ed (fulltiming since 1987)
Life is fragile. Handle with prayer.

2007 Hitchhiker II LS Model 29.5 LKTG (sold)
2007 Dodge Ram 3500/6.7 CTD/QC/4X4/SB/SRW/6-speed man/Big Horn edition (sold)

austinjenna
Explorer
Explorer
Also setup 2 factor authentication

2010 F350 CC Lariat 4x4 Short Bed
2011 Crusader 298BDS 5th Wheel
Reese 16K

was_butnotnow
Explorer
Explorer
Here is the one I get a couple of times a day from
Aaron686Smith@yahoo.jp
Hello,

I am a spyware software developer. Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... ๐Ÿ™‚

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!

So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $968 to my Bitcoin cryptocurrency wallet: 1971pHPgLaTmuYtoH4BsGSfFMZaAjotium Just copy and paste the wallet number when transferring. If you do not know how to do this - ask Google.

My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!


I just send them to the junk folder I know it is spam as the email he sends it to is on a server I don't control and is just forwarded to me at a different email address. Notice the from email is from Japan
Now in a 05 Monaco Cayman DP 36 PDQ
Traveled many years in NuWa Hitchhiker 5th wheels.
Travel Journals and Adventures of people living this lifestyle

Hitchitch.com


Personal blog with our own travels. www.fulltime.hitchitch.com

Alan_Hepburn
Explorer
Explorer
MDKMDK wrote:

Keep your MS system software up to date, and the chances are greatly reduced.


I really have a good laugh when I get emails saying that my Microsoft software has been compromised - I'm running a linux OS, not Microsoft!
----------------------------------------------
Alan & Sandy Hepburn driving a 2007 Fleetwood Bounder 35E on a Workhorse chassis - Proud to be a Blue Star Family!
Good Sam Member #566004

Thunder_Mountai
Explorer
Explorer
bighatnohorse wrote:
You might want to encode an identifier in your password for each password that you use.
If someone displays your password, you will know where (which site) it came from.


This is one of the smartest suggestions I've heard concerning passwords. Since we use the same password on some sites that don't have financial or personal information, we could end the password with the site name e.g. ***********RVNET. Make a lot of since to me.
2016 Winnebago Journey 40R
2018 Rubicon
1982 FJ40 Toyota Land Cruiser
2020 Keystone Outback 327CG
2020 Dodge Ram 2500
Polaris RZR XP 1000
4 Cats
3 Dogs
1 Bottle of Jack Daniels
Two old hippies still trying to find ourselves!

p220sigman
Explorer
Explorer
I have one email/password that I use for all internet sites that don't have personal data (when I have to enter data such as address/birth date, etc, I just lie although I do use the same lie for all the sites). I never check that email and I empty the spam from that email occasionally. For sites such as my banking site, insurance, etc, I use an different email and use a unique password for each site. I get virtually no spam on this email. I have another email that use for correspondence with friends/family. I also get virtually no spam on this one either.

ItsyRV
Explorer
Explorer
jolooote wrote:
Exactly what worries me. How DID they know one of my Passwords???

Lets start with the basics, what type of site(s) are associated with that password? Are you talking about an investment bank which gives access to all your personal and account information? Or, are you talking some site where you signed up to get a discount coupon for tube socks? Now if it was a unique password only use at one site you know where the problem starts, but if you keep using the same password across multiple sites, you may not be able to know where to start.
1994 Itasca SunDancer 21RB - Chevy G-30 chassis.

fj12ryder
Explorer II
Explorer II
1492 wrote:
bighatnohorse wrote:
You might want to encode an identifier in your password for each password that you use.
If someone displays your password, you will know where (which site) it came from.

You should not use the same password for multiple sites. Each of mine is unique to a site. It would be fairly easy to discover on which site the breach occurred.
Yeah, it never occurred to me that one would need an identifier for a password. I don't have any sites that have the same password, and only a couple share the same user ID. Locating which site would be relatively easy. Of course with nearly 300 passwords, it could take some time. ๐Ÿ™‚ All different, and most are 8-12 characters, mix of letters(upper and lower case), numbers, and special characters where allowed. Roboform does all the heavy lifting so I only have to remember the master password.
Howard and Peggy

"Don't Panic"

1492
Moderator
Moderator
bighatnohorse wrote:
You might want to encode an identifier in your password for each password that you use.
If someone displays your password, you will know where (which site) it came from.

You should not use the same password for multiple sites. Each of mine is unique to a site. It would be fairly easy to discover on which site the breach occurred.

AllegroD
Nomad
Nomad
p.s. Agree that it looks like someone may have sold some of your info. I would change all of your online passwords, as well.

bighatnohorse
Explorer II
Explorer II
You might want to encode an identifier in your password for each password that you use.
If someone displays your password, you will know where (which site) it came from.
2021 Arctic Fox 1150
'15 F350 6.7 diesel dually long bed
Eagle Cap Owners
โ€œThe best lack all conviction, while the worst
Are full of passionate intensity."
-Yeats

Thunder_Mountai
Explorer
Explorer
Very timely topic. I've been receiving these emails for about three months. First of all, they say your email password was hacked. The password they are showing NEVER was used for my email. I was used several years ago for a specialty vehicle forum that I was a member of that got hacked. So, I knew where that breach came from.

My email provider has a server level spam catcher where you can block emails form specific countries or senders. It also has a setting that allows me to block emails from a specific domain such as @domain.com, net, org, etc. I also noticed that the subject line had repeated strings. My provider allows me to enter subject strings or partial strings. I now have effectively blocked 99% of those emails.

You've no doubt noticed that the sentence structure in the emails is crude and full of false information. Yes, you should change passwords for any site where the hacked password is used.

Here is a link to a site where you can enter a password to see if it has been hacked. It is very accurate and somewhat scary: https://haveibeenpwned.com/Passwords.

I talked with the retired IT manager where I worked. He suggested getting a password vault manager.
2016 Winnebago Journey 40R
2018 Rubicon
1982 FJ40 Toyota Land Cruiser
2020 Keystone Outback 327CG
2020 Dodge Ram 2500
Polaris RZR XP 1000
4 Cats
3 Dogs
1 Bottle of Jack Daniels
Two old hippies still trying to find ourselves!

D_E_Bishop
Explorer
Explorer
I try to keep things out of their view but if someone locks up my computer, I will just start over. There is nothing on there that they can use against me and any shopping I do is secured by the Credit Card up to a lot. I do not have any real information on any of my computers. I don't have my address or telephone number, Bank, other financial organizations, nothing, I hope. I can replace all my computers for less than a grand and screw with them on the old ones, could be fun to give phony crud to them like the AG of CA's email or the Govs or Police chief or a porta-potty rental firm. But I'd most likely call the big three credit cheat companies and freeze everything and have my computer hard drive demolished and change everything.

Come to think about it, I;m going to set everything up now including new passwords and user names. I'm going to use ficticious names for all my new accounts and tell any retailer that if they don't like it to provide insurance covering my butt.

What I'm not going to do is worry about it.
"I travel not to go anywhere, but to go. I travel for travel's sake. The great affair is to go". R. L. Stevenson

David Bishop
2002 Winnebago Adventurer 32V
2009 GMC Canyon
Roadmaster 5000
BrakeBuddy Classic II