Got my First extortion Email.

TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,135 ■■■■■■■■■□
I am aware, "Password", is your password

I require your total attention for the next Twenty-four hours, or I may make sure you that you live out of guilt for the rest of your life span. 

The email goes on to tell me that they have my facebook contacts, smartphone contacts, a recording of a masturbation video that was taken of me by my web cam that was triggered by malware on my PC when I visited an "adult" site. If I demand proof, they will forward the video to 9 of my friends, co-workers, relatives, etc. I have a one time no negotiable offer to pay $2000 in bit coin within 24 hours to pay up or else. 


Well they got the password right anyway. When I have create an account for a low value website I usual a fairly simple password. Like an forum website about interests like tractors, Car repair, model trains or I need to register to download software, etc. I usually register them against another email account that I never check other than to confirm yes this is a valid email address, but in this case it looks like I used my primary one when registering.  I'm also guilty of using the same password across several different sites. Anything more important like Bank accounts, PC login, work accounts, Paypal, smart phone, etc, gets a much more complicated password, and not repeated else where, I use a password tracking program to keep track of the passwords. I must admit I may have visited an "adult" site from time to time, but I do not have a webcam on my PC, and laptops are work laptops, I never use them for non work stuff.  

One of the many web sites that were hacked in the past, must have have my email address and password in the list. no telling what one, the worse they can do is send spam to my email inbox, but the rest are empty threats. Chances are if the same extortion email was sent to thousands of other users, someone is now buying $2000 in bitcoins at this very moment. Just not me.     

Anyway I thought it was an interesting email. And if you do get a masturbation video of me in the future. Enjoy.  :p  
Still searching for the corner in a round room.

Comments

  • wd40wd40 CISA, eJPT, MCP, MCTS, CompTIA x 6 Member Posts: 1,017 ■■■■□□□□□□
    edited April 2020
    I received 3 of them last week, seeing the password in the subject line gave me a small shock.

    Do you have a yahoo account that used the same password?

    Anyway I changed that password long time ago, and last week I have been going through my passwords list and changing all the duplicate passwords that I use.
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,745 ■■■■■■■■■■
    Yep same here, listed a password I use to go to a lot.  Thankfully for 99% of my accounts it's much more complex and different.......    Wow that was scary to me to be honest.  
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,135 ■■■■■■■■■□
    wd40 said:

    Do you have a yahoo account that used the same password?

    Perhaps at one time, but that not my current Yahoo account password. I'll have take a look at what accounts I do have in Keypass and change them. In some cases i didn't even bother to record that info, they may have wanted a email / password to download some demo software. A site I'll never visit again.  
    Still searching for the corner in a round room.
  • E Double UE Double U Member Posts: 2,140 ■■■■■■■■■■
    Hurry up and pay guys. I really want to use that money. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, etc.

    2022 goal(s): CRISC, land a new job

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    Amazing what scammers can do with a cracked password database that has email addresses as user names.  B)
  • wd40wd40 CISA, eJPT, MCP, MCTS, CompTIA x 6 Member Posts: 1,017 ■■■■□□□□□□
    wd40 said:

    Do you have a yahoo account that used the same password?

    Perhaps at one time, but that not my current Yahoo account password. I'll have take a look at what accounts I do have in Keypass and change them. In some cases i didn't even bother to record that info, they may have wanted a email / password to download some demo software. A site I'll never visit again.  
    I was trying to download Untangle NG Firewall Demo yesterday and I was asked to create an account that I will probably never use again.

    I will follow your lead and create a new email just for these things.

  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 1,012 ■■■■■■■■□□
    It would be glorious if someone cryptolockered all of these spammers’ computers by pretending to be computer illiterate and baiting them into downloading something to help you transfer bitcoins to them.  Probably not worth the potential legal trouble though.
  • fitzlopezfitzlopez PCIP,CCNA CyberOps,CySA+,Pentest+,Linux+, CSSLP,CISSP-ISSMP,CISM,CEH,ITIL F,Cobit F,ISO27K F Member Posts: 103 ■■■□□□□□□□
    I use  a different email and password for each site, that way I know which site got leaked. About 4 times they have been old test accounts for when I did website/systems work for clients, they probably don't hash the passwords internally. The new sysadmins must sell the accounts and passwords. I get those emails every week in my spam with the same template and in several languages,  "I make no mistakes" that line still cracks me up. Most of the time I just delete the account or market it for the spam folder. I also recommend you use a webcam cover... sometimes I forget to turn of the cam in new conference software.
Sign In or Register to comment.