- Joined
- Nov 28, 2009
- Messages
- 14,814
- Reaction score
- 993
Yesterday morning I had an email that got me in a bit of a panic. I normally ignore and delete anything that is obviously spam but this one was titled "your password is *****" and that indeed was a word that formed part of a password I had in use. so it got my attention.
The email was demanding $1000 paid in bitcoin otherwise they will send images of me "enjoying myself" captured on my web cam to everyone in my address book. I don't even have a web cam so I know that is untrue, but I still worried they could send any indecent video and claim it was me.
First thing I did was take that computer off line. Then using a different computer spent the morning going round and changing all my passwords. None of them now use that old word or even part of it. This includes all the passwords for websites, passwords for my email servers, web domain log in passwords and website hosting passwords. All changed to something completely new and all different.
Then to have a look at the other computer. The email claimed to have installed a key logger which is how they got my password (and why I changed them using a different computer). But Avast, Malware Bytes and CCleaner could not find anything suspicious so I now believe I have not been hacked and they don't have a copy of my address book.
I then did some googling and found the answer to how this scam is operating.
It appears from all the large scale data breaches there have been, that in certain places you can buy lists of email addresses and the passwords associated with them. This is where all that hacked data is ending up. Such lists are likely to be a bit out of date but be warned if you have not changed your passwords recently, your email address and current password might be on that list.
So all the scammers are doing is sending the same message to people on that list quoting the password that is associated with that email to make you believe your computer really has been hacked.
So the message to everyone, is if you have not changed your passwords for a while GO AND DO IT NOW.
The email was demanding $1000 paid in bitcoin otherwise they will send images of me "enjoying myself" captured on my web cam to everyone in my address book. I don't even have a web cam so I know that is untrue, but I still worried they could send any indecent video and claim it was me.
First thing I did was take that computer off line. Then using a different computer spent the morning going round and changing all my passwords. None of them now use that old word or even part of it. This includes all the passwords for websites, passwords for my email servers, web domain log in passwords and website hosting passwords. All changed to something completely new and all different.
Then to have a look at the other computer. The email claimed to have installed a key logger which is how they got my password (and why I changed them using a different computer). But Avast, Malware Bytes and CCleaner could not find anything suspicious so I now believe I have not been hacked and they don't have a copy of my address book.
I then did some googling and found the answer to how this scam is operating.
It appears from all the large scale data breaches there have been, that in certain places you can buy lists of email addresses and the passwords associated with them. This is where all that hacked data is ending up. Such lists are likely to be a bit out of date but be warned if you have not changed your passwords recently, your email address and current password might be on that list.
So all the scammers are doing is sending the same message to people on that list quoting the password that is associated with that email to make you believe your computer really has been hacked.
So the message to everyone, is if you have not changed your passwords for a while GO AND DO IT NOW.