By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - General Discussion - Warning: Sextortian scam going around

I just got hit with this today
https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/

They apparently got my email address (hasn't changed since the 90s) and some super old password (also from the 90s) to try to scam me out of money. Now I do google porn but my webcam has been disabled since I got this laptop. Nice try, not.

Unfortunately I did still use that password for wifi (easy to remember) and my Amazon password was also an oldie from when Amazon first started. So to be safe I updated those (pita to get back into modem and extender, change wifi passwords and reconnect a dozen+ devices, hence I never did it)

Still a bit concerning to find out my email and some old password are out there :/



Around the Network

I use different passwords for everything, and I don't have a webcam, so I guess something like this wouldn't concern me.
But good for people to know that these things tend to be scams.



And here was I eager to see your leakages.



duduspace11 "Well, since we are estimating costs, Pokemon Red/Blue did cost Nintendo about $50m to make back in 1996"

http://gamrconnect.vgchartz.com/post.php?id=8808363

Mr Puggsly: "Hehe, I said good profit. You said big profit. Frankly, not losing money is what I meant by good. Don't get hung up on semantics"

http://gamrconnect.vgchartz.com/post.php?id=9008994

I got something like this years ago. But it was a bit different, it didn't reveal a password. It did manage to read my contacts and randomly pulled two names of people who would be informed though. Pretty funny that it happened to pick a local pizza shop, what a way to scare me!



Hiku said:

I use different passwords for everything, and I don't have a webcam, so I guess something like this wouldn't concern me.
But good for people to know that these things tend to be scams.

Yeah me too, it's just that one password I use for low risk stuff. I might have used it once for some one time use website to send a card or something. Or maybe the psn hack got it although that shouldn't have your wifi info. The rest of my passwords are all different random strings of characters.

A new one for me although this scam is already 2 years old. Meanwhile the apple / amazon / netflix scams continue almost daily. Is there no law against this stuff that it continues to go on at this scale? They're starting to look closer and closer to the real thing. Of course never ever click on anything inside an email, and only open attachments from people you are expecting to send you them.



Around the Network

Didn't click the link but I'm pretty sure I know what it says. There are some lucky ladies with my nudes out there but I'm kinda proud of them. Hell, if they ever leak, go ahead and consider me the prime suspect!



mZuzek loves Smeags. 😢

I use various passwords tho some repeat I admit. I don't have a webcam. Well I kinda do in the laptop but it's set up like a desktop for space reasons so the lid is never open. I should create even more passwords since I do use Lastpass anyway.



Bite my shiny metal cockpit!

d21lewis said:
Didn't click the link but I'm pretty sure I know what it says. There are some lucky ladies with my nudes out there but I'm kinda proud of them. Hell, if they ever leak, go ahead and consider me the prime suspect!

Good man!

Here's the email for your reading pleasure

I'mFaware,N********,cisTyourkpassword.cYounmayrnotGknowPme,jandhyouwareSmostOlikelyrwonderingEwhyoyou'rejgettingUthisBmail,Sright?L

Overview:

IxinstallediaymalwarewonLtheHadultbvidsB(sexVsites)msite,bandathere'sKmore,XyouuvisitedzthisxsiteftohhavezfunL(youvknowiwhatPIMmean).fOnceqyouSwereetherefonktheDwebsite,nmyAmalwareYtooklcontrolqofQyourgbrowser.JIthstartedroperatingjasaatkeyloggereandSremoteFdesktopdprotocolzwhichNgaveqmeeaccessvtoJyourjwebcam.jImmediatelyoafterTthat,umyvsoftwareEcollectedmyourAcompleteCcontactsvfrombyourbMessenger,OFB,Landremail.sTIYcreatediacdouble-screenfvideo.OFirstvpartNshowsztheDvideoIyoutwerehwatchingw(youthaveMaGgoodMtasteylolk.n.t.),eandrtheisecondMpartKdisplaysktheHrecordingAofUyourFwebcam.Q

PreciselyMwhatTshouldfyouFdo?

Well,mIwbelieve,v$1900jisKaWfairHpriceLforVourtlittleCsecret.EYouGwillRmakeitheSpaymentHthroughmBitcoiny(ifsyoutdon'tOknowjthis,XsearchP"howqtoebuyUbitcoin"ginEGoogle).l

BTCsAddress:Z
bc1qmmksuk7fqzg5l9rkkm6pp5vkfsrjqd5kffsfsg
(ItgisOcaseCsensitive,NsoecopyYandKpasteKit)

Note:

YoudhavegoneLdayytotmakeithespayment.D(I'vesalspecificYpixelvwithinSthisOmessage,nandvnowYIFknowOthatWyouyhavewreadZthroughHthisMemail).UIfRIedounotUreceiveDthejpayment,MINwillNsendryourmvideotrecordinggtokallmofayourLcontacts,Xincludingqyourmrelatives,Zandicolleagues.mHowever,TifJIkdoWgetMpaid,ltheZvideocwillXbeMdestroyedeimmediately.iIfMyoubneedzevidence,XreplyKwithV"Yes!"FandyIkdefinitelyjwillPsendbyourYvideoKrecordingqtotyourH10zcontacts.XThisRisuaunon-negotiableloffer.BPleaseMdon'tXwasteTmyNpersonalZtimeeandryoursfbyYreplyingKtozthisYemail.

Magdalena



I'mFaware,N********,cisTyourkpassword.cYounmayrnotGknowPme,jandhyouwareSmostOlikelyrwonderingEwhyoyou'rejgettingUthisBmail,Sright?L

Overview:

IxinstallediaymalwarewonLtheHadultbvidsB(sexVsites)msite,bandathere'sKmore,XyouuvisitedzthisxsiteftohhavezfunL(youvknowiwhatPIMmean).fOnceqyouSwereetherefonktheDwebsite,nmyAmalwareYtooklcontrolqofQyourgbrowser.JIthstartedroperatingjasaatkeyloggereandSremoteFdesktopdprotocolzwhichNgaveqmeeaccessvtoJyourjwebcam.jImmediatelyoafterTthat,umyvsoftwareEcollectedmyourAcompleteCcontactsvfrombyourbMessenger,OFB,Landremail.sTIYcreatediacdouble-screenfvideo.OFirstvpartNshowsztheDvideoIyoutwerehwatchingw(youthaveMaGgoodMtasteylolk.n.t.),eandrtheisecondMpartKdisplaysktheHrecordingAofUyourFwebcam.Q

PreciselyMwhatTshouldfyouFdo?

Well,mIwbelieve,v$1900jisKaWfairHpriceLforVourtlittleCsecret.EYouGwillRmakeitheSpaymentHthroughmBitcoiny(ifsyoutdon'tOknowjthis,XsearchP"howqtoebuyUbitcoin"ginEGoogle).l

BTCsAddress:Z
bc1qmmksuk7fqzg5l9rkkm6pp5vkfsrjqd5kffsfsg
(ItgisOcaseCsensitive,NsoecopyYandKpasteKit)

Note:

YoudhavegoneLdayytotmakeithespayment.D(I'vesalspecificYpixelvwithinSthisOmessage,nandvnowYIFknowOthatWyouyhavewreadZthroughHthisMemail).UIfRIedounotUreceiveDthejpayment,MINwillNsendryourmvideotrecordinggtokallmofayourLcontacts,Xincludingqyourmrelatives,Zandicolleagues.mHowever,TifJIkdoWgetMpaid,ltheZvideocwillXbeMdestroyedeimmediately.iIfMyoubneedzevidence,XreplyKwithV"Yes!"FandyIkdefinitelyjwillPsendbyourYvideoKrecordingqtotyourH10zcontacts.XThisRisuaunon-negotiableloffer.BPleaseMdon'tXwasteTmyNpersonalZtimeeandryoursfbyYreplyingKtozthisYemail.

Magdalena




Edit: well that's odd, pasting this email is a mess... looks alright in edit mode. Second time I tried ctrl shift v, bigger mess.
Ah, the spaces are actually white on white random letters, to circumvent filters I guess.



I redacted the password, not that it matters anymore, wifi security updated.
Not that I visit porn sites anyway, no need with image search programs lol.

And indeed, even if the webcam was operational, at most the top of my head would be visible... Nothing like the nudes and webcam sessions I had with my wife in the past lol. She probably has some compromising pictures on her phone, although compromising is the wrong word, flattering is a better word.

Last edited by SvennoJ - on 10 April 2020

The big problem almost isn't your password itself but the quality of the security storing it. If a company stores all passwords in plain text in an easy to access database, your 20 random alphanumeric character password means squat now.

As for password themselves, either use a quality password manager or develop your own system for creating unique complex passwords for every important site.
For instance, start every password with a base of 8 characters (this can be a word, numbers, characters or a mix. Just start with 8). Every password will use this same base. Then add 2 words that are relevant to the site but aren't obvious (maybe the company founders name). Now bring your base back but reverse it and append a number, letter or character.

This (and any system you develop like it) will give you a password that is easy for you to remember, that is unique for every important site and damn near impossible to brute force.

Here is a fantastic comic from XKCD about passwords and entropy.



Massimus - "Trump already has democrat support."

What's the max length of a password that's actually used/stored on sites though? Some random sentence might sound safe, but if the site only checks the first 10 characters or so :/ Then try to remember 40 different random sentences for stuff you maybe only access a few times a year. Write it down somewhere safe. There's only 2 (difficult) passwords I remember, the one for my bank and the one for my email, since every password reset request goes to my email. That's the most vulnerable point. That's my Microsoft password now which I also unlock my laptop with every day, so won't forget it. Of course if MS gets hacked :/