Popular Post travsformation Posted April 17, 2020 Popular Post Share Posted April 17, 2020 (edited) I received my first (alleged) ransomware/blackmail email a few days ago đ±đ±đ± I personally found it pretty funny because I know it's BS, but I imagine this would freak you out if you believed it, particularly because the password revealed in the subject is (or rather was) an actual password of mine. I'll provide an explanation, a âwhat to do ifâ, a security run-down and a few safety tips at the end.    Subject: d0nk3yk0ng [An actual password for an online account of mine; it's been changed since then]  It seems that âd0nk3yk0ngâ is your password. I need your full attention for the coming Twenty-four hrs, or I will make sure you that you live out of guilt for the rest of your life. Hi, you don't know me personally. However I know all the things regarding you. Your current fb contact list, phone contacts and all the digital activity in your computer from previous 175 days. Including, your masturbation video footage, which brings me to the primary reason why I 'm composing this email to you. Well the previous time you went to see the porno websites, my spyware was activated inside your computer system which ended up shooting a beautiful video clip of your self pleasure play simply by activating your web camera. (you got a seriously odd preference by the way haha)  I have got the complete recording. If, perhaps you think I 'm playing around, just reply proof and I will be forwarding the particular recording randomly to 4 people you know. It may end up being your friend, co workers, boss, mother and father (I'm not sure! My software will randomly choose the contacts).  Would you be capable to gaze into anyone's eyes again after it? I doubt it... Nonetheless, it doesn't need to be that route. I would like to make you a one time, non negotiable offer. Buy USD 2000 in bitcoin and send it on the below address:  bc1***qud76r4s6kj8wd4fasewtzh6a6g2em7m5ftcw8p [CASE sensitive so copy & paste it, and remove *** from it]  (If you do not know how, look online how to purchase bitcoin. Do not waste my valuable time)  If you send this 'donation' (let's call it that?). Right after that, I will go away and under no circumstances make contact with you again. I will remove everything I've got concerning you. You may keep on living your current ordinary day to day life with zero fear.  You have 24 hours to do so. Your time begins as soon you check out this mail. I have an one of a kind program code that will notify me as soon as you see this mail therefore don't attempt to play smart.   Note: I've shared the content of this message on Facebook and by email with friends and acquaintances, many of whom have a very basic understanding of online security. I'm sure many/most users on this forum already apply good practices and this information may not be new/relevant to you, but I thought I'd share it anyway, as is, for the benefit of the community.  Before I start my rant, I should probably mention that I replied to the scammer telling him to F off. 2 days later, nothing had happened. 3 days later I received another very similar email from a different person, who I also invited to go [string of obscenities]. No consequences so far, nor do I expect any. So, why the sudden blackmailing? In mid-January, hackers uploaded more than 700 million unique combinations of email address and password  to the MEGA cloud service and shared the link in a hacking forum, from where itâs spread like wildfire. This data breach has come to be known as "Collection 1". Several actual login credentials of mine were among the data, including my password for Adobe, Kickstarter, MyHeritage and Last.fm (Companies I no longer trust, as they never informed me they'd been hackedâŠ). What can be done with those passwords? It depends, but more on that later. What cannot be done is what the email claims: Your computer canât be physically hacked (and your camera accessed) just with those login credentials (that's the first indication it's a bluff), so disregard any threatening emails like the one I received. Does that mean youâre in the clear? Well, no. First, check whether any of your online accounts have been compromised by typing in your email address (or addresses, if you use more than one) in https://haveibeenpwned.com/ If you get a âGood newsâno pwnage found!â message with a green background, youâre in the clear (but should consider reading the advice herein anyway so it stays that way). If you get an âOh noâpwned!â message with a red background, scroll down to check which sites have been compromised and change the passwords immediately (finish reading this message first though). If you use the same password for everything, trouble might be on the way; if you use the same one for your email too, or itâs the same password as any of the sites on the list, change it NOW or you could be locked out of all associated accounts and find yourself in BIG trouble (and by NOW I mean RIGHT NOW. Continue reading later). Itâs also worth subscribing to email notifications (here) so that the site alerts you if any of your associated credentials are ever hacked in the future. The implications of this âpassword dumpâ underline an important security concern many people arenât aware of: On how many sites are you registered online? Facebook, Twitter, Spotify, Dropbox, online forums, recipe/cooking sites, Amazon, Paypal, you name it⊠Each one of them can potentially be breached. Do you use the same password for all of them? Or several of them? If so, that means that a random douchebag who took a peak at the âdata dumpâ (no hacking skills are required for this) and has the email address and password you used to sign into Kickstarter, for instance, can try out that same combination on another site, say Facebook. If it works, the user has access to a wealth of personal information. And Facebook is a tricky one because even if you change your password, theyâve already gained access to loads of valuable personal information (contacts, phone number, photos, private conversations, etc.) that can be used to impersonate you (create a fake account and reach out to your contacts to scam them), blackmail you, you name it. And what if they gain access to your Dropbox? Or your iCloud account? Amazon? Paypal? And if your email address is compromised (the one you use to login into ALL for your services), youâre in big trouble because you can be locked out of your own email as well as all of the online accounts associated with it. Which is why your email password should be unique and very strong (A combination of uppercase, lowercase, numbers, letters and symbols, ideally 20 characters or more, such as âthis.is.n0t.my.paSSw0rd!ââdots or hyphens are special characters and using them to separate words ads an extra layer of security by making dictionary-based brute-force attacks less viable). It also underlines the importance of using a different password for every online account/service/website, so that if one of them is hacked, the same password can't be used to login to any other account. The only way to do that is by using a password manager: There are plenty of options out there. KeePassXC is by far the safest option, since it only stores your passwords locally (on your computer), at the expense of convenience (installing, configuring and importing your passwords manually on every device you want to use it on). For most (non-advanced) users, cloud-based password managers are much more convenient, as they automatically sync your passwords on all your devices (home computer, laptop, phone, tablet, iPad, etc.) and will auto-fill your passwords, let you log in with biometrics (fingerprint) so you donât have to fill in your password managerâs password every time you want it to fill in the password for another site, generate and fill in strong and random passwords for you (think âx8Y7-2m&Bc88%lQ$!92aâ), perform security checks to identify weak passwords or passwords that are used for multiple sites, etc. There are plenty of options out there, including LastPass, 1Password, Dashlane, Keeper, Roboform, etc., all with their strengths and weaknesses (Review of the best password managers here). Cloud-based password managers come with security concerns of their own (what if theyâre hacked?), but the general consensus is that theyâre much safer than the alternativeâreusing passwords on multiple sites (https://www.howtogeek.com/445274/how-safe-are-password-managers/). The key is to use a VERY strong password for your password manager (just as strong asâpreferably stronger thanâyour email password), and for it to be UNIQUE. Using 2FA (two-factor authentication) for it isn't a bad idea either. Once set up, itâs advised to change all of your passwords, for every single online service you use. Albeit tedious, itâs the only way to keep your online accounts compartmentalized and secure, and after youâve gone through this one-time process, the only two passwords youâll ever have to remember are your emailâs (I recommend not saving that one with your password manager, just to be on the safe side) and your password managerâs (I donât save banking, Amazon or Paypal credentials with it either). On the subject of password safety, I advise against using browsersâ built-in password managers, particularly Chrome-based browsers (Chrome, Chromium, Opera, Vivaldi, etc.), since they store your passwords in plain-text form on your computer (meaning theyâre completely unprotected and fully visible to anyone who gains access, physically or remotely, to your computer). Same goes for Edge and Firefox (unless you're using a master password). Safari, on the other hand, does encrypt your passwords. Itâs also important to use an antivirus (regardless of the operating system youâre using); there are plenty of free options out there that, for normal use, should do a perfect job at keeping you safe (AVG, Avira, Bitdefender, Sophos, etc.), while paid antivirus suits come with extra features like built-in password managers, firewalls, phishing protection, etc. Using 2FA, VPNs, browser plugins such as httpseverytwhere or browser guards (I recommend this one) can also help to keep you safe. But the best protection of all is knowledge: be wary of emails coming from your bank, Paypal, Amazon, or any online service claiming your account is going to be closed unless you update your information, change your password, etc. (weâre passed the stage where people need to be warned about large fortunes inherited form a Nigerian prince, right?). Nowadays, these often look very legit, including logos, correct formatting (and correct spelling), etc. Clicking on the link will direct you to a site posing as the site it claims to be, which might also look legit. If in doubt, the trick is to go to the site instead of clicking on the link, so if you get an alleged email from Amazon claiming you need to update your password, donât click on the link in the email, open your browser and go to amazon.com instead. Same for any other site. I'm sure many of you know all of this, but better safe than sorry, Also, quarantine = too much time on my hands = rants like this one. A simple warning email ended up turning into a multi-page soliloquy attempting to address every online threat known to man đ My point being: stay safe. Outdoors, online and everywhere. And if youâre paranoid because of your browsing habits, consider putting a piece of duct tape or a post-it over your webcam đ Edited April 17, 2020 by travsformation 8 Quote Link to comment Share on other sites More sharing options...
Rehab1 Posted April 17, 2020 Share Posted April 17, 2020 (edited) 7 hours ago, travsformation said: Including, your masturbation video footage, which brings me to the primary reason why I 'm composing this email to you. Ugh....I received a similar message a few months ago so now I put tape over my camera. Applying your recommendations is definitely prudent. The 2 factor authentication process is highly recommended. My email account and bank now use both methods along with answering prepared secret questions. This forum also has a 2 factor authenticator if you elect to use it. My worst experience was 10 years ago with my bank. Someone had hacked my email account which stores everything from IRS info to private letters. Based on all of the compartmentalized private information the hacker had accessed he was able to formulate a professionally written, personalized email to my business bank manager. The hacker had studied my phraseology and syntax and was able to compile a perfectly written email that completely fooled my bank manager. The email stated that I had just lost my brother to a tragic car accident in Arizona and that I needed funds wired to the state for funeral expenses. My bank manager never asked for additional proof of my identity because everything presented to her was completely in order. She also didnât want to pry further as I had lost my son a few yearâs earlier. So at the hackerâs request $40,000 was wired to the Arizona bank. Thank God the Arizonaâs bank manager became suspicious when the hacker arrived to collect the funds. This episode resulted in a complete overhaul of the bankâs wire transfer policy. The bank manager did keep her job which I totally agreed with. We had formed a tight bond over 20 years and it was an honest, but stupid mistake.   Edited April 17, 2020 by Rehab1 2 Quote Link to comment Share on other sites More sharing options...
EUC Custom Power-Pads Posted April 18, 2020 Share Posted April 18, 2020 11 hours ago, Rehab1 said: Ugh....I received a similar message a few months ago so now I put tape over my camera. Good idea with the tape. Do you leave the tape on all the time now, or just while you masturbate? 3 Quote Link to comment Share on other sites More sharing options...
mrelwood Posted April 18, 2020 Share Posted April 18, 2020 2 hours ago, buell47 said: Good idea with the tape. Do you leave the tape on all the time now, or just while you masturbate? What do you mean? Whatâs the difference? 2 Quote Link to comment Share on other sites More sharing options...
EUC Custom Power-Pads Posted April 18, 2020 Share Posted April 18, 2020 9 minutes ago, mrelwood said: What do you mean? Whatâs the difference? 20 hours ago, travsformation said: Hi, you don't know me personally. However I know all the things regarding you. Your current fb contact list, phone contacts and all the digital activity in your computer from previous 175 days. Including, your masturbation video footage, which brings me to the primary reason why I 'm composing this email to you.  13 hours ago, Rehab1 said: Ugh....I received a similar message a few months ago so now I put tape over my camera.  Quote Link to comment Share on other sites More sharing options...
mrelwood Posted April 18, 2020 Share Posted April 18, 2020 2 minutes ago, buell47 said: (It was a joke. ) 1 Quote Link to comment Share on other sites More sharing options...
Rehab1 Posted April 18, 2020 Share Posted April 18, 2020 2 hours ago, buell47 said: Good idea with the tape. Do you leave the tape on all the time now, or just while you masturbate?  8 minutes ago, mrelwood said: (It was a joke. )  The tape is on all of the time but I do change it out after each session. 3 Quote Link to comment Share on other sites More sharing options...
..... Posted April 18, 2020 Share Posted April 18, 2020 (edited) And yet I'm still considered paranoid? I second the tape on phone cameras. My ipad has been covered since day one. Not sure if the camera even works. So, if they are stealing all passwords anyhow, can i just set them all to 1111? Using a login that verifies your password and phone, doesnt that just give them your phone number too? Yahoo and google have been fishing for my phone number for years. I cant receive texts on a home phone, so its a moot point. I wonder how long until hackers figure out how to fool facial recognition too? Of course, you'd have to have a camera for that. All this devious hacking, no way in hell im using biometrics either. Just wait until everyone is sectioned off according to dna records, THEN we'll see some serious hacking. @Rehab1 You patron a bank that was willing to send that kind of money via wire transfer? Holy crap man, that half a fukn house they almost lost you. I'd stuff that shit in a safe and cancel those accounts. Friend or not, they ALMOST give away over 2 years salary. I dont trust banks, they dont care about your money, only you do. Last bank I had, I was VERY adamant about them requiring ID for ALL transactions. Even after 3 years (same 3 ladies) of knowing me, I still wanted them to verify ID. The day they forgot to ask was the last time I let them handle a single cent of mine. At least in tangible form, youll have to physically steal my money. All this digital identity and currency shit is just asking for trouble. Honestly, you hack me, its not costing me a dime.  Edited April 18, 2020 by ShanesPlanet Quote Link to comment Share on other sites More sharing options...
travsformation Posted April 19, 2020 Author Share Posted April 19, 2020 On 4/18/2020 at 12:44 AM, Rehab1 said: Ugh....I received a similar message a few months ago so now I put tape over my camera. Applying your recommendations is definitely prudent. The 2 factor authentication process is highly recommended. My email account and bank now use both methods along with answering prepared secret questions. This forum also has a 2 factor authenticator if you elect to use it. My worst experience was 10 years ago with my bank. Someone had hacked my email account which stores everything from IRS info to private letters. Based on all of the compartmentalized private information the hacker had accessed he was able to formulate a professionally written, personalized email to my business bank manager. The hacker had studied my phraseology and syntax and was able to compile a perfectly written email that completely fooled my bank manager. The email stated that I had just lost my brother to a tragic car accident in Arizona and that I needed funds wired to the state for funeral expenses. My bank manager never asked for additional proof of my identity because everything presented to her was completely in order. She also didnât want to pry further as I had lost my son a few yearâs earlier. So at the hackerâs request $40,000 was wired to the Arizona bank. Thank God the Arizonaâs bank manager became suspicious when the hacker arrived to collect the funds. This episode resulted in a complete overhaul of the bankâs wire transfer policy. The bank manager did keep her job which I totally agreed with. We had formed a tight bond over 20 years and it was an honest, but stupid mistake. Wow, that was a close call! Not your run-of-the-mill, half-assed scamming job either, if they took the time to study your writing style. Glad the Arizona bank manager caught that on time! What happened to the perp? All scam experiences I've had involved Facebook: a couple friends' accounts got hacked, and the scammers made false profiles to impersonate them, then gather info on their contacts, and eventually send out messages saying they were stranded in Thailand/wherever, had their wallet, VISA, etc. stolen and needed funds wired to them at a Thai friend's bank account. Also send he'd had his phone stolen so he could only be contacted by Facebook. I was wary and called the person, who was indeed in Thailand (so the scammer did do his homework) so he didn't pick up. Emailed him and discovered the scam, then alerted all his contacts. I've seen this same scheme in play a number of times...one has to be cautious these days... Quote Link to comment Share on other sites More sharing options...
travsformation Posted April 19, 2020 Author Share Posted April 19, 2020 On 4/18/2020 at 11:49 AM, buell47 said: Good idea with the tape. Do you leave the tape on all the time now, or just while you masturbate? It lives on there permanently. I have a feeling my 3 AM, insomniac google deep-dive face is just as embarrassing or more so than anything else one might be able to record... 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.