Hacking question
This morning I received and email from myself. I knew right off it was suspicious. I opened it up and it was from someone who claimed that he got my email and passwords from hacking me and that he knew everything I did, every website I'd been to, etc. Then, he threatened that he would publish pictures of me looking at porn sites (I don't look at porn sites) unless I sent him bitcoin.
Ok, so I did some research and found out that more than likely he was able to get my info from breaches of perhaps Linkedin and one other site, but that the password(s) he might have gotten were from that and from nothing current.
Any thoughts on this? I check my bank account daily for any problems and my credit card every couple of days plus both are very quick to send me possible fraud notices. Do I need to change all my passwords even though I have had no problems?
Thanks
5X
(3,988 posts)Chalco
(1,357 posts)or just important ones like financial?
Just asking because I have passwords in libraries, amazon, washington post, etc
5X
(3,988 posts)the same one in multiple places.
This is a huge job!
SixString
(1,057 posts)for the last several months.
I think they got my password from a Yahoo hack. It is not my email password and it is easy to spoof your email address to make it look like it was sent from your account.
I wouldn't worry about it. Just change your passwords regularly.
Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account ****************** (on moment of hack).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $838 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!
Chalco
(1,357 posts)LakeSuperiorView
(1,533 posts)It is easy to make an email look like it is coming from any given address. The real origin is buried in the headers that are not displayed on most email readers, but it was almost certainly a disposable email account that is already dead and untraceable.
The password they obtained was from a breach of security at a site where you used it.
That password only gives them access to your account at sites where you used the password with the same email address. Given that there are many sites where people can have accounts, finding other sites is a wild goose chase.
That password gives them no inherent access to your computer.
That said, change your password at sites where you used that password or similar variants, with that same email address.
It's best to have multiple email addresses with different purposes. One to be used on sites that really matter, like banking. One for shopping online ( I don't, so I don't have an email for this). One for low security stuff where the site makes you create an account, but no money is involved.
The scammer is hoping that you will be afraid and unknowledgeable enough to deposit the money to their bitcoin account. It is a phishing attempt, they have no power to actually do anything they say.
Chalco
(1,357 posts)csziggy
(34,189 posts)They are spoofing your address and in my case even my web host info down to the server where my site (and some email addresses) are hosted.
When I got the first one I called my web host and the tech I talked to was very reassuring about it. He did recommend changing passwords on all my accounts, but frankly I never bothered. (I had to leave town to go to a wedding, then take care of business.)
Since then I have gotten several more but none of their threat ever came to anything. One dated Nov. 3 said they had hacked my account on Nov. 8!
I just wish they'd tried to call me - I keep a whistle near the phone to use on the Windows Technical Support and IRS scammers. I would love to use it on these clowns.
SKKY
(12,240 posts)...and unfortunately there isn't much you can do about it in terms of not receiving these kinds of emails. There have been so many breaches, across so many platforms and services, it is almost impossible to imagine a scenario where at least some of your information isn't out there in the wild somewhere. But, all is not lost and it sounds like you're making good decisions as far as monitoring things. Change your passwords, all of them, and enforce two-factor authentication for all your accounts that offer it. Get credit monitoring through your bank. If your bank doesn't offer it, get a different bank.