Reply
Honored Contributor
Posts: 16,602
Registered: ‎03-11-2010

Re: How did they get my password?


@NickNack wrote:

I got a spam email this morning giving me my password (it really was one of my passwords) and saying they were watching me and listening to me.  It said they had installed Malware on my computer.  It asked for $1,200 to be paid to them by Bitcoin within 2 days.  Fortunately the password isn't one that I use for banking.

 

It was a long email and said some gross untrue things.  It said it could put all my information on the web if I didn't pay them.

 

It came to my junk mail box.  Normally I would just delete something like that, but they did have my password.  I NEVER click on a link in an email.  I never believe any email that says my account has been compromised and to click on the link and change my password.

 

I immediately scheduled a call from Apple.  They did a Malware Bytes check and also checked to see if anyone could video me or listen to me.  They looked at different things in lots of areas of my computer and could find nothing.  I spent a lot of time on the phone with Apple with nothing found.  She told me to change any place where I used that password and to run Malware Bytes and clear my history frequently.

 

I can't figure out how they got my password.  I haven't given it to anybody.  Is it someone who works for one of the places that I use this password?  The Apple consultant said she couldn't guess how they got it.  Sorry this was so long.


eek

 

Honored Contributor
Posts: 16,837
Registered: ‎03-10-2010

Re: How did they get my password?


@dooBdoo wrote:

@vsm wrote:

@NickNack   No, don't even read the email, which is itself a link and could be infected.  Instead, forward the email to your IP security.

 


 

             @vsm,  This is an important point.   Simply opening an email message can sometimes transmit information to the sender or automatically download something to our device -- particularly if our settings enable it to "load remote images."   Some email providers will automatically block/disable loading the remote image URLs for this reason, and they'll display a message asking if you want to see/display them (don't do it if it's a suspicious message).

 


 

 

@dooBdoo   @vsm   I had no idea that opening the email was a bad idea.  I do have the capability to delete my junk folder without reading it, which I usually do unless something is in it that isn't junk.  Since this showed my password I read it.  I'm surprised the person I spoke with at Apple didn't tell me this.  I've never read that anywhere, although I did Google it and see that it's true.

 

This password is definitely one that they wouldn't have just come up with.


The Bluebird Carries The Sky On His Back"
-Henry David Thoreau





Honored Contributor
Posts: 17,512
Registered: ‎06-27-2010

Re: How did they get my password?

[ Edited ]

   

              @NickNack,   There are several articles online about this -- here's one from KrebsOnSecurity dated 7/12/18. 

 

              Notice that it says, "The email now references a real password previously tied to the recipient’s email address."  

 

             Also, that the passwords probably were gleaned from previous website hacks and shared by criminals.  

 

            Is this similar to the message you received?

 

~~~~~~~~~~~~~~~~~~~~~~~

 

Sextortion Scam Uses Recipient’s Hacked Passwords

 

"Here’s a clever new twist on an old email scam that could serve to make the con far more believable.

 

The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn.

 

The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist?

 

The email now references a real password previously tied to the recipient’s email address.

 

 

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

 

“I’m aware that

<substitute password formerly used by recipient here>

is your password,”

reads the salutation.

 

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: [REMOVED]
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

 

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours.

 

In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

 

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

 

It is likely that this improved sextortion attempt is at least semi-automated:

 

My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords

from a given data breach at a popular Web site that happened more than a decade ago,

and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

 

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords

— and perhaps other personal data that can be found online —

to convince people that the hacking threat is real.

 

That’s because there are a number of shady

password lookup services online that index billions of usernames (i.e. email addresses)

and passwords stolen in some of the biggest data breaches to date.

 

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site,

emailing all users of that hacked site with a similar message and a current, working password.

 

Tech support scammers also may begin latching onto this method as well.

 

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims.

 

Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money...

 

...If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI)."

 

see full article (copy and paste link) at:

 

krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-5/

 

 

Few things reveal your intellect and your generosity of spirit—the parallel powers of your heart and mind—better than how you give feedback.~Maria Popova
Honored Contributor
Posts: 16,837
Registered: ‎03-10-2010

Re: How did they get my password?

[ Edited ]

@dooBdoo   That's not the exact email I received but close to it.  I do still use that password, but it's usually a different form of it now.  I am definitely changing it.  I have thought about using the ones that are suggested to me, but then I wouldn't know them if logging in on my phone.  My phone wouldn't know the suggested passwords too, would it?  It's too many odd letters and numbers to write down.


The Bluebird Carries The Sky On His Back"
-Henry David Thoreau





Honored Contributor
Posts: 17,512
Registered: ‎06-27-2010

Re: How did they get my password?


@BlueFinch wrote:

@NickNack Hello, I'm new here and although I've lurked for a good while and have thoroughly enjoyed this forum, I was leery to join an established group.  I couldn't let this pass by though, without comment.  Excuse novice mistakes, getting to know this system.  I'll give a little bio in the future about who I am.  

 

I feel your pain.  I was contacted by Amazon security, that someone had hacked my e-mail, then my Ammy PW and they were running all over my profile there, and likely everywhere else.  I was advised it was serious and I needed to change ALL my PW's. BUT, before changing ANY PW's, I was instructed to FIRST change my PW with my e-mail, internet provider.  To start at the top!  Only then to change other PW's, since it seems often it is a break into your server, with a trickle down from there.  I'm remaining cautious, but no issues since.  It sure put a scare in me since they had full access into my life, friends, family and other accounts.  So, please change your internet server PW first before other accounts to be on the safe side. 

 

Wishing you the best and for all of us having to deal with such nonsense.  It's very unnerving.

 

 


 

 

             Welcome to the Community, @BlueFinch!   Thanks for the great advice.    I've seen numerous reports of hacked Amazon accounts.   Great to have you join us, and I hope you'll be a regular contributor.

thumbs up gif

 

Few things reveal your intellect and your generosity of spirit—the parallel powers of your heart and mind—better than how you give feedback.~Maria Popova
Honored Contributor
Posts: 17,512
Registered: ‎06-27-2010

Re: How did they get my password?

[ Edited ]

@NickNack wrote:

@dooBdoo   That's not the exact email I received but close to it.  I do still use that password, but it's usually a different form of it now.  I am definitely changing it.  I have thought about using the ones that are suggested to me, but then I wouldn't know them if logging in on my phone.  My phone wouldn't know the suggested passwords too, would it?  It's too many odd letters and numbers to write down.

 


 

              @NickNack,  Looking on the internet, I found quite a few articles about similar emails -- I thought the Krebs article provided good insight into how we might actually see a password we use or have used, or something similar.   

            We have to live with the reality that many websites have been hacked over the years. 

            Just think about how many times we've been told to update our password because of real or suspected security breaches -- those hacked password databases are out there, in the hands of criminals who are using them for nefarious reasons.

            I'm not sure what you mean by "suggested passwords."   We have the option of saving our login credentials on our devices, and then using auto-fill so we don't have to type them in each time.   That saved/stored login info is encrypted, and it's not normally the way a hacker would get it -- they usually find the info by hacking the user files on websites.

 

Few things reveal your intellect and your generosity of spirit—the parallel powers of your heart and mind—better than how you give feedback.~Maria Popova
Honored Contributor
Posts: 16,837
Registered: ‎03-10-2010

Re: How did they get my password?


@BlueFinch wrote:

@NickNack Hello, I'm new here and although I've lurked for a good while and have thoroughly enjoyed this forum, I was leery to join an established group.  I couldn't let this pass by though, without comment.  Excuse novice mistakes, getting to know this system.  I'll give a little bio in the future about who I am.  

 

I feel your pain.  I was contacted by Amazon security, that someone had hacked my e-mail, then my Ammy PW and they were running all over my profile there, and likely everywhere else.  I was advised it was serious and I needed to change ALL my PW's. BUT, before changing ANY PW's, I was instructed to FIRST change my PW with my e-mail, internet provider.  To start at the top!  Only then to change other PW's, since it seems often it is a break into your server, with a trickle down from there.  I'm remaining cautious, but no issues since.  It sure put a scare in me since they had full access into my life, friends, family and other accounts.  So, please change your internet server PW first before other accounts to be on the safe side. 

 

Wishing you the best and for all of us having to deal with such nonsense.  It's very unnerving.

 


 

 

@BlueFinch   Welcome to the forums, and thank you for the advice.  I will follow it.


The Bluebird Carries The Sky On His Back"
-Henry David Thoreau





Honored Contributor
Posts: 16,837
Registered: ‎03-10-2010

Re: How did they get my password?


@dooBdoo wrote:

@NickNack wrote:

@dooBdoo   That's not the exact email I received but close to it.  I do still use that password, but it's usually a different form of it now.  I am definitely changing it.  I have thought about using the ones that are suggested to me, but then I wouldn't know them if logging in on my phone.  My phone wouldn't know the suggested passwords too, would it?  It's too many odd letters and numbers to write down.

 


 

              @NickNack,  Looking on the internet, I found quite a few articles about similar emails -- I thought the Krebs article provided good insight into how we might actually see a password we use or have used, or something similar.   

            We have to live with the reality that many websites have been hacked over the years. 

            Just think about how many times we've been told to update our password because of read or suspected security breaches -- those hacked password databases are out there, in the hands of criminals who are using them for nefarious reasons.

            I'm not sure what you mean by "suggested passwords."   We have the option of saving our login credentials on our devices, and then using auto-fill so we don't have to type them in each time.   That saved/stored login info is encrypted, and it's not normally the way a hacker would get it -- they usually find the info by hacking the user files on websites.

 


 

 

@dooBdoo   I'm on a Mac using Safari.  Whenever I'm creating an account somewhere, I get a message that asks me if I want to use the suggested password.  It's usually something with a bunch of random letters and numbers.  Then it will save it and fill it in for me.  I forget where it comes from, but it's legitimate and safe and connected with Apple.  I always say "no" and create my own password so that I'll have it for my iPhone, too.  If there were some way to save it both places I would use it.  There may be, but I don't know.  I'll notice next time where the suggestion comes from.  I just don't remember.


The Bluebird Carries The Sky On His Back"
-Henry David Thoreau





Respected Contributor
Posts: 4,010
Registered: ‎08-29-2010

Re: How did they get my password?

I'm not creative enough to keep coming up with "strong" passwords, so without intending to hijack this thread, I have a question to ask: 

     Is it enough to switch passwords back 'n forth every few months--I mean, either reverse a numerical sequence, e.g., a former phone number, or alternate between two whole passwords?  

 

 

Strive for respect instead of attention. It lasts longer.
Honored Contributor
Posts: 9,721
Registered: ‎06-10-2015

Re: How did they get my password?

@IamMrsG .........I wouldnt if you thought of it so has the hackers.

 

Here is a suggestion for you.......for example say your favorite book is Little Women, find a sentence you like and use it to start a password.  Use the #4 for for, a star for another letter, etc.

 

or something like....m8bikewas&lueas@KID.

 

use favorite movies, actors, bands, local bands you favorite restaurant and mix up the symbols, numbers and letters.  

 

I keep a notebook with my passwords written in it by my computer.

BE THE PERSON YOUR DOG THINKS YOU ARE! (unknown)