Troublesome Email

[amdx]

I just received an email with the subject line,

I RECORDED YOU

From Mastr Plux

Hey, I infected your computer, one of your passwords is: fgu&&njd,
right?! ;-D

Read the attachment for more information, but please don't flip out, you
still got the chance to save your ass.

*****************************************************************

That is a correct password (before I mucked it)

I'm not about to open the attachment.

I'd send the header, but can't figure out how to copy and paste it.

Any thoughts, other than changing my passwords?

This is just during the transition from 7 to 10, I'm switching back and
forth. If that means anything.

Mikek

[jla...@highlandsniptechnology.com]

Password to what?




--

John Larkin Highland Technology, Inc

Science teaches us to doubt.

Claude Bernard

[TTman]

I had a similar one... phishing...in outlook express, right click the
body then select message options from the drop down. There you will find
the header txt. Can't help you with any other mail providers, sorry. The
txt info is likely to be 'spoofed' so you won't get far, sorry to say.
Except you can report it as phishing to your mail provider....

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

[amdx]

On 6/14/2020 10:15 AM, jla...@highlandsniptechnology.com wrote:
> On Sun, 14 Jun 2020 10:04:33 -0500, amdx <noj...@knology.net> wrote:
>
>> I just received an email with the subject line,
>>
>> I RECORDED YOU
>>
>> From Mastr Plux
>>
>> Hey, I infected your computer, one of your passwords is: fgu&&njd,
>> right?! ;-D
>>
>> Read the attachment for more information, but please don't flip out, you
>> still got the chance to save your ass.
>>
>> *****************************************************************
>>
>> That is a correct password (before I mucked it)
>>
>> I'm not about to open the attachment.
>>
>> I'd send the header, but can't figure out how to copy and paste it.
>>
>> Any thoughts, other than changing my passwords?
>>
>> This is just during the transition from 7 to 10, I'm switching back and
>> forth. If that means anything.
>>
>> Mikek
>>
>>
>>
>>
>>
>
> Password to what?
>

5 webpages, 3 forums and two others kind of important, with the most
important one changed about 3 months ago.
I have changed the passwords on all theose sites.
Mikek

[amdx]

Phishing, but he had good info!
Mikek

[Ricketty C]

This is the problem with using the same password for many things. Eventually one of the repositories is hacked and that password is now known and tied with your email. So you need to use many passwords or at least different passwords for different levels of security.

I used a basic password for web sites I care not about. Another with more rigorous variations for web sites with no particular repercussions but that should at least be given some protections. The web sites with important info/finances I use passwords that meet nearly anyone's definition of a random password.

These emails never actually present any danger in that the people behind them have no intention of hacking any accounts. They want to frighten you into sending them money. Ignore the emails, but change all your passwords, even the unimportant ones. If you don't remember everywhere you have used them, don't fret that. The important ones are the ones you really need to protect. It's not even so important that they be highly "random". You just need to not reuse them at web sites that are likely to be hacked and passwords stolen. Using different email addresses help prevent linking of accounts when they are hacked... if they don't have your mail address info.

--

Rick C.

- Get 1,000 miles of free Supercharging
- Tesla referral code - https://ts.la/richard11209

[Joe Gwinn]

On Sun, 14 Jun 2020 10:04:33 -0500, amdx <noj...@knology.net> wrote:

It's dressed up as an extortion attempt. But as you suspect, it is
likely that the attached file is booby trapped, to finish the takeover
job.

Windows has nothing to do with it. I'm on a Mac.

I've gotten three extortion emails over the last few months, but none
with an attachement. In all three cases, the email subject was a
long-expired COMCAST email password of mine.

Looking in my records, a few years ago COMCAST sent an email to all
subscribers that their email address had been compromised, and please
change it. Which I did, and nothing bad ever happened.

The password has been changed a few times since then. One time when I
got an annoying sales email from Norton saying my email credentials
had been found on the dark web (with some kind of link to which one
gave an email address), so please subscribe, but never making the key
suggestion, that I immediately change my credentials. Which I did,
never mind if Norton is or is not correct. But I didn't subscribe
either.

Anyway, reading the three extortion emails (all of which were composed
from a common script but differ in both details and command of
English, and claim to come from different people), one could see that
despite all the claims that my computer was compeletly compromised,
they actually had only that expired password, and were fishing. They
each asked for US $2000 and $3000 via bitcoin to go away.

What I think happened is that the data stolen when COMCAST was
penetrated a few years ago has been sold to multiple criminals on the
dark web. Or, one very persistent criminal. But, given the differing
approaches and levels of English, I think it's three people.

The emails made various accusations, but actualy had no details. What
they appear to be doing is to spam these extortion emails out to a
very large list, secure in the probability that someone is guilty of
at least some of them, and when one gets a live one on the fishhook,
it's the gift that keeps on giving.

Anyway, I did not and will not respond in any way.

Joe Gwinn

[Jeff Liebermann]

On Sun, 14 Jun 2020 10:04:33 -0500, amdx <noj...@knology.net> wrote:

>Any thoughts, other than changing my passwords?

Check which one of your other accounts have had their customer
database leaked to the "dark web".
<https://haveibeenpwned.com>
Your noj...@knology.net address shows 4 breaches.

My email address shows 12 "breaches". I've changed my password on all
but one account, but all 12 continue to appear since they were first
listed. That's because my name, email address, and former passwords
are still being offered for sale on the "dark web" and will probably
never be removed from the list of "breached" accounts. Therefore, as
a minimum measure, I suggest that you:
1. Not reuse any passwords. Each password should be unique.
2. Maintain a list of accounts where you have fixed a password leak
problem.
3. Be prepared to change the password again on breached sites because
some IT departments are chronically clueless or have internal
problems.
4. Use 2FA (two factor) authentication when available.
5. Decide if you prefer convenience or security. If you prefer
security, I suggest you purge your "saved passwords" from your browser
and other password collectors, such as Google:
<https://passwords.google.com>
However, if you trust Google, you might try these:
<https://support.google.com/accounts?p=password-checkup>
"Password Checkup extension"
<https://chrome.google.com/webstore/detail/password-checkup-extensio/pncabnpcffmalkkjpajodfhijclecjno?hl=en>

--
Jeff Liebermann je...@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

[Anthony Stewart]

Your best bet is Malwarebytes free ADware Cleaner

https://www.malwarebytes.com/adwcleaner/

Fast > reboot > fixes most simple malware. Report back results.

[Brian Gregory]

On 14/06/2020 16:04, amdx wrote:

They get lists of emails and passwords that have been stolen in the past
and send these emails out hoping to scare a few people enough that they
can blackmail them into sending cash.

--
Brian Gregory (in England).

[jrwal...@gmail.com]

On Sunday, 14 June 2020 17:15:05 UTC+1, Ricketty C wrote:
> Using different email addresses help prevent linking of accounts
> when they are hacked... if they don't have your mail address info.

As I have my own domains I use a different email address for every
organisation (plus a throwaway gmail account for usenet).
It is surprising just how many organisations, even very reputable
ones, either sell or leak email addresses. I often tell them when this
happens. On one occasion an online supplier investigated and found
that the company they used for managing mailshots had sold on their
customer list to somebody whose products definitely did not fit
well with their customer base.
John

[Ricketty C]

I do the same thing and have found similar issues. This often results in a hesitation to use the fabricated email address when a person is in the loop. I use the company's URL in front of the @ sign and people think that means it is an email address at their company. Sometimes I have to call them and talk to someone to get them to even try sending an email. The spammers don't care at all. They will use any address they get their hands on.

--

Rick C.

+ Get 1,000 miles of free Supercharging
+ Tesla referral code - https://ts.la/richard11209

[legg]

On Sun, 14 Jun 2020 10:04:33 -0500, amdx <noj...@knology.net> wrote:

The same thing was in my ISP's spam filter.

They're using a recycled password list with (in my case)
a password that hasn't been used in 15 years or more.

Has been used by other phishers in the last two years -
some claiming access to PC and control of webcam, , etc.

I assume access to the list is getting cheaper, as not
many email addresses from that time will be still valid,
never mind passwords.

RL

[Sylvia Else]

OK, so there's no reason to think your PC has been hacked, contrary to
the claim.

Sylvia.

[bule...@columbus.rr.com]

I had this a month ago. They had my email and a very valid and secret password of mine. It shook me a while. In my case I believe linkedin got hacked and that was how they got it. They had nothing else, but it took me several hours to sort it out and convince myself that in the end it was a scam with no real teeth behind it

[Jasen Betts]

On 2020-06-14, amdx <noj...@knology.net> wrote:
> I just received an email with the subject line,
>
> I RECORDED YOU
>
> From Mastr Plux
>
> Hey, I infected your computer, one of your passwords is: fgu&&njd,
> right?! ;-D
>
> Read the attachment for more information, but please don't flip out, you
> still got the chance to save your ass.
>
> *****************************************************************
>
> That is a correct password (before I mucked it)

These guys are not your friends. distrust every claim they make until
it can be proven true.

They probably got your password and email from a server breach, check
with HIBP https://haveibeenpwned.com, or it may be a breach that they
are unaware of.

--
Jasen.

[Martin Brown]

On 14/06/2020 16:04, amdx wrote:

> I just received an email with the subject line,
>
> I RECORDED YOU
>
>  From Mastr Plux
>
> Hey, I infected your computer, one of your passwords is: fgu&&njd,
> right?! ;-D
>
> Read the attachment for more information, but please don't flip out, you
> still got the chance to save your ass.
>
> *****************************************************************
>
> That is a correct password (before I mucked it)

It will be - there are various insecure password archives. You could
probably do everybody a service by telling us which one you used that
password on. One of them is surely guilty of a serious security breach.

I am not inclined to be forgiving on these scams. Show headers all
should provide enough information for you to copy and paste here.

Experian gave my personal information away to hackers because their own
system security was found badly wanting. Pay peanuts get monkeys.

I have not choice about it my bank discloses all my personal details to
them as a part of it's fraud prevention measures :(

> I'm not about to open the attachment.
>
> I'd send the header, but can't figure out how to copy and paste it.
>
> Any thoughts, other than changing my passwords?

Make sure you change any that use that pattern or a similar one.

And do a deep scan of your PC before you do anything else.

Malwarebytes has always allowed me to dig neighbours out of deep holes.
It is just possible your computer has been compromised but it is far
more likely that some random site where you used that password has been
hacked and the perps are hoped to spook you into doing something stupid.

Like giving them money in bitcoin or downloading malware.

> This is just during the transition from 7 to 10, I'm switching back and
> forth. If that means anything.
>
>                               Mikek

Could you repeat that last sentence in English please?

--
Regards,
Martin Brown

[Dave Platt]

In article <rc5h19$nai$1...@dont-email.me>, amdx <noj...@knology.net> wrote:

>>> That is a correct password (before I mucked it)
>>>
>>> I'm not about to open the attachment.

Good. The attachment itself may very well be malware. You might want
to upload it to one of the online malware-checking sites to see just
what sort of nasty it was... but the odds are that opening it _would_
compromise your computer.

>5 webpages, 3 forums and two others kind of important, with the most
>important one changed about 3 months ago.
> I have changed the passwords on all theose sites.

Good. It's most likely that it wasn't your computer which was
hacked... it was the account/password database on one of those sites.

Rule #1: never use the same password on more than one site.

[Robert Baer]

Have seen crap like this numerous times, more like have sit on
shoulder watching your porn and seeing you get yourself off on your cam.
If you send me <numbergiven> bitcoin will delete all and not tell all
friends you have on Facebook, will not broadcast recordings to all 20 of
your relatives, or your sweetheart.
They go on but they have every thing wrong.
A few things they cannot do is trash me on FB, NO FB account; tell
anyone in family (NO living relatives), broadcast any recordings (cannot
exist as no cam and MB board cannot make realtime vid copy), NO
sweetheart, and no porn.
They would be safer to say i killed all of my relatives and
sweethearts and left it at that.

Mail headers are so easily spoofed that it is pathetic.

[Ricketty C]

I misunderstood the emails I received. I thought I paid them to POST the images. Darn, wonder if I can get my money back?

--

Rick C.

-+ Get 1,000 miles of free Supercharging
-+ Tesla referral code - https://ts.la/richard11209

[Taren Gilliland]

My husband feels his way to smart by deleting all his WhatsApp MESSAGES, text messages, iMessages and many more but with the help of russiancyberhackers @ gmail com I proofed my husband wrong because With this hacker I got all deleted messages my husband has been deleting since 6 months back till date I got the chance to read all that he has been hiding from me, all thanks to you russiancyberhackers @ gmail com

[Travis Winnick]

On Friday, January 7, 2022 at 5:11:53 PM UTC-5, Taren Gilliland wrote:
> My husband feels his way to smart by deleting all his WhatsApp MESSAGES, text messages, iMessages and many more but with the help of russiancyberhackers @ gmail com I proofed my husband wrong because With this hacker I got all deleted messages my husband has been deleting since 6 months back till date I got the chance to read all that he has been hiding from me, all thanks to you russiancyberhackers @ gmail com

The best and most reliable crypto recovery expert service for me ever goes to CYBER GENIE HACK PRO! Wow; these guys are so good at their job and their customer service relationship is so friendly and reliable. I made a huge error with a transaction at work, sending $68,000 worth of BTC to the wrong wallet address. Tension arose and I was literally shaking even while I searched online for a possible solution. I contacted the customer support of the wallet address provider but they said they couldn't help. I was about to pay my company money I never spent till I read something about CYBER GENIE HACK PRO Recovery services and I immediately contacted them. Because the money hadn't been withdrawn and contacted on time, they were able to retrace the transaction, and the money was credited back to the company's wallet swiftly. How would I have explained to the company I am innocent, CYBER GENIE saved my life.
"http: // cybergeniehackpro (.) x y z "
(+12)(5)(25)(12)(03)(91)..