Discussion in 'Article Discussion' started by bit-tech, 17 Jan 2019.
I got a suspicious email from someone earlier this week which actually did use one of my old passwords...
It said something along the lines of your password is )/$/&;!477 and we know that you’ve visited 18 adult sites. We have access to your webcam access and a video of you...
I won’t give all the details. But it was really weird that it actually had the very first password I used on that account listed.
It's not weird at all, it's the new big thing in phishing. You snag one of these massive password dumps, then you write a simple bot that emails every account on the list and says "I have hacked your account, your password is hunter2, send Bitcoin or else" - sometimes mixed in with the old "I hacked your webcam and have video of you pulling the pud, send Bitcoin or I share it with everyone," sometimes just on its own. (Sometimes they don't even bother doing that, and they just spam "I know your password" with a forged from header so it looks like they have access to your email, but they don't - you can write whatever you want in there.)
People see a valid password, bab themselves, pay the ransom. The "hacker" hasn't hacked anything: they've literally just downloaded a leak dump from Mega or PasteBin or wherever. They certainly don't have access to your webcam. Trash the email, remember to use unique passwords everywhere, and carry on choking the chicken as much as you like.
I enjoy reading them. I wonder if the comments on the 'porn' you watched are pulled from a database, or whether the different comments are traits of whoever is running that particular email scam.
That’s the exact style that I got, Gareth. XD
As if I would leave a resource-wasting component plugged in for happy time. You should have replied and asked if they were impressed.
@liratheal -Congrats on 10,000 posts. If Gareth keeps summoning us with his amusing off-color posts, we should hit 20,000 in no time.
... so this isn't like 'Shut Up And Dance' from Black Mirror?!
But yeah, I've had a few of those emails too from one of my original passwords back when I used to use the same password on every site. It's thankfully not a password I've used in years so I just laughed at the email and deleted it.
Isn't the hunter2 thing from a bash.org quote?
What? All I see is *******.
Good old times. Thanks for bringing back the memories, Big G.
I got one, and then pulled the IP address out of the mail header, did a whois, and reported the thing to his ISP in Vietnam.
I also kept the mail, because it was hilarious.
My wife had one of those a few weeks ago. That neither of us has either a webcam or a microphone on our PCs didn't help their chances of snagging any Bitcoin.
Further to the above, can anyone recommend an easy to use, reliable password manager?
I used to use, and quite liked, LastPass, then they had one too many security breaches for my liking and I switched to the Mooltipass Mini hardware password safe, which I've been using ever since.
If you're after a software-based one, though, Troy Hunt of Have I Been Pwned fame recommends 1Password - it's integrated with his service, so it can warn you if any of the passwords you're using have been the subject of a known breach (in a clever way that means that neither Troy nor 1Password ever know what those passwords are.)
I use KeePass and I know a few companies that use it as well.
I use LastPass and it is very convenient and synces to my phone.
Every site has a different random password.
Secure sites use 2FA
I've had a few of those, as have my friends. The best thing is how they almost always describe you as "sick" for the type of porn you watch, but then later say you have good taste
I can see how people get freaked out by those emails, they are a bit scary. However, I don't go to porn sites, I don't have a webcam and they always refer to email addresses and passwords I haven't used in about 20yrs...
Keepass with database file synced to one of the cloud drives. Thus the database is kept up to date on any device, it is protected with password, has plugin for every browser and there are clients for pretty much every platform (personally using it on Windows, Android and mac OS).
Think I may switch from lastpass to 1Password. Especially with the Have I Been Pwned integration.
Separate names with a comma.