The other day I received a ransom eMail

for all subjects/topics not covered by the other forum categories
Post Reply
User avatar
daveejhitchins
Posts: 5759
Joined: Wed Jun 13, 2012 6:23 pm
Location: Newton Aycliffe, County Durham
Contact:

The other day I received a ransom eMail

Post by daveejhitchins » Wed Jun 26, 2019 8:15 am

Some of you may be aware that I received an eMail informing me that my MacBook had been invaded and (sensitive) information had been stolen. Due to the nature of the information that was revealed in the eMail (more later) I was extremely worried!

My first action was to visit the Police, in Durham. I also logged the eMail on the Police ActionFraud website. My case was eventually passed to CID who contacted me and tried to assure me that in the majority of cases it was just a scam, however, they hadn't seen this particular mail before and advised me to warn the people held in my address book that they could be targeted with a malware attack in the form of a video or a link to a video, as this was one of the more common results of actual breaches.

One of my son-in-laws (Paul - a professional code writer) suggested several links to check my eMail addresses and passwords. The password mentioned in my eMail was an old one and had been compromised along with my main eMail address (I can't remember all my old passwords!). Paul also spent some considerable time searching for the same or similar messages to the one I received. He finally found a very similar one that was reported to be a scam. Relief! Just before lunch, yesterday, I received a 'phone call from the ActionFraud team letting me know that they had the eMail in their database and confirmed it was noted to be a scam, however, I was only the fourth person to report this particular one!

So, what was in the eMail that got me so worried - Well to start with it didn't involve my webcam! But it did reference more than one of my shares account details. As I keep a number of spreadsheets, with account numbers embedded, I thought my spreadsheets had been stolen along with my address book, which was also mentioned. How that information was mined I really don't know. So: Password, share account details and address book were all keys to this eMail - with the financial details being the threat of publications - but for the sum of about £1500 all would be deleted!

Thanks - Dave H.
Last edited by daveejhitchins on Tue Jul 09, 2019 7:08 am, edited 1 time in total.

User avatar
1024MAK
Posts: 10102
Joined: Mon Apr 18, 2011 5:46 pm
Location: Looking forward to summer in Somerset, UK...
Contact:

Re: The other day I received a ransome eMail

Post by 1024MAK » Wed Jun 26, 2019 8:34 am

And I was so looking forward to those emails with their nasty links... :(

The thing to remember, is that normal email traffic is communicated as plain text. Plus there are various other ways for nasty people to dig around your online life.

Always use encryption when sending sensitive information with the password communicated via a different channel.

Anyway Dave, thankfully it’s a great relief now that it was a scam and not a real ransom. Hopefully your stress levels have dropped back to near normal.

The way that I think about ransom demands (not that I’ve ever had one mind), is that it is best to just ignore them. Even if they did have your data, or something you would rather did not get released, paying money is not going to stop it. As they either will want even more money, or they will eventually release it anyway. And there is a trade in “gullible” people’s contact details. So then the next nasty person will be along to demand yet more money...

Mark

User avatar
vanpeebles
Posts: 658
Joined: Wed Nov 28, 2012 10:01 am
Location: UK
Contact:

Re: The other day I received a ransome eMail

Post by vanpeebles » Wed Jun 26, 2019 8:39 am

Seen this a few times at work, and it always points to old leaks from websites. Like when amazon got hacked etc. There are sites that let you check if your details/email is held out there, but I don't trust them either. :lol:

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Wed Jun 26, 2019 9:30 am

I have had these several times I just marked as spam in spamsieve.

I assume we all know about the powned website, or firefox's equiv. If you always use a different password for every website (and a record of past ones) you can even work out which compromised site they came from.

As a fellow Mac user, I would recommend Intego's security suite and a good password manager, and even if you don't get them the free weekly Intego mac security podcast is good. I listen to it while mowing the lawn.

User avatar
davidb
Posts: 2823
Joined: Sun Nov 11, 2007 10:11 pm
Contact:

Re: The other day I received a ransome eMail

Post by davidb » Wed Jun 26, 2019 11:01 am

A lot of the scam or phishing e-mails I get are easy to spot, but the whole point of phishing is that information in the mails which doesn't ring true for me will ring true for someone else, and they'll pay up.

Unfortunately, even the highest profile sites aren't immune to being hacked, so sometimes the information is disturbingly familiar. At this point you can get worried about the amount of information the scammer has. For example, when Patreon was hacked and contact details were taken, I got a mail like the one DaveH got - the insinuation was that they also had my payment card details. However, it turned out that payment information had been stored separately as was, apparently, safe. (Patreon reacted slowly to the attack, which affected quite a lot of users, and have now deleted their page that talked about it.)

If you think someone has obtained information a particular website (e.g. from a bank or investment site) then it might be worth letting the company or organisation behind the website know about it.

Anyway, I hope DaveH is feeling better about things now. :)

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Wed Jun 26, 2019 11:22 am

Some banks are quite quick. But not sure if any national process behind it. I have had cards automatically cancelled and reissued before due to sites being hacked, and that was before GDPR. Of course, people are meant to officially tell people these days, at least in EU (ignoring Elephant in the room).

Also switch on two-factor authentication on everything. Not infallible of course, like that man who lost hundreds of thousands the other day when his phone was cloned, and that was his second factor.

User avatar
topcat96
Posts: 271
Joined: Thu Jun 26, 2008 1:17 am
Location: Somewhere wonderful!
Contact:

Re: The other day I received a ransome eMail

Post by topcat96 » Thu Jun 27, 2019 5:27 pm

As already mentioned, no system in place to thwart a scammer is infallible. The biggest security risk in all this is YOU.

FWIW I have 2 factor authentication enabled on both of my Nationwide business and personal bank accounts also on Ebay, Amazon and Paypal.

All of my online banking requires the use of a bank supplied (so hopefully secure) external card reader/code generator before any changes to account details or movement of money is allowed just to be safe.

Image

Yes, it can be tedious at times ... but would you prefer to wake up one morning to empty bank accounts?

Also consider a password manager that can both generate and store multi-character unique passwords for various websites. I personally have been looking at 1Password from www.1password.com to see if it fits my needs. This is a personal view and am not affiliated with any one company or product and other products are available.

Also one last quick word ... NEVER trust any email that you do not know who the sender is, and certainly NEVER click on links contained within them or reply to them.

Remember, if it looks dodgy then it probably is!
Last edited by topcat96 on Thu Jun 27, 2019 5:29 pm, edited 1 time in total.
Image

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Thu Jun 27, 2019 5:42 pm

I have used 1password for 10 years approx. Held off going to subscription model. Was the best (on Mac) 10 years ago and stuck with it.

User avatar
jgharston
Posts: 4039
Joined: Thu Sep 24, 2009 12:22 pm
Location: Whitby/Sheffield
Contact:

Re: The other day I received a ransome eMail

Post by jgharston » Thu Jun 27, 2019 6:48 pm

daveejhitchins wrote:
Wed Jun 26, 2019 8:15 am
So, what was in the eMail that got me so worried - Well to start with it didn't involve my webcam!
I recently got a couple of emails with an old password in the subject line - ironically, my password my MDFS! So to be sure I changed it ;) It told me they had remote control of my webcam and had filmed me watching salacious websites. Where to start? I don't have a webcam!

I can only guess they trawlled the email address/password combo from a leaked password file from some low-risk website I used my throw-away password with.

Code: Select all

$ bbcbasic
PDP11 BBC BASIC IV Version 0.32
(C) Copyright J.G.Harston 1989,2005-2020
>_

Prime
Posts: 2866
Joined: Mon Jun 01, 2009 12:52 am
Contact:

Re: The other day I received a ransome eMail

Post by Prime » Thu Jun 27, 2019 6:58 pm

I've mostly had the "we hacked your account and caught you doing naughty things with your webcam, downloaded all your files and will send the video to all your contacts unless you pay us in bitcoin, and to prove it we sent this email from your account....also I am not their only victim"

A few things should alert you this is a scam......
"sending email from my account", come on guys I learnt this trick in 1991, not exactly new :)
You've downloaded all my files.....funny I think I would have noticed the slowdown whilst you transferred several terrabytes of data :)
I don't have a webcam or microphone on my main computer,and my laptop has a shutter that I keep closed unless it's in use.....

Besides this always seems like a *LOT* of work for a couple of bitcoin, they must need all that money to pay for the storage to keep all those copies of "all your files" :) :) :)

On a more serious note don't password managers just concentrate the problem in a single place? I mean if the pw manager gets compromised they (potentially) get everything right? Also how well do they handle mutiple machines across multiple operating systems e.g. Home machine is W7, laptop is W10, have a Linux 'server' at home, Windows and Mac machines at work?

Cheers.

Phill.

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Thu Jun 27, 2019 7:10 pm

Prime wrote:
Thu Jun 27, 2019 6:58 pm

On a more serious note don't password managers just concentrate the problem in a single place? I mean if the pw manager gets compromised they (potentially) get everything right? Also how well do they handle mutiple machines across multiple operating systems e.g. Home machine is W7, laptop is W10, have a Linux 'server' at home, Windows and Mac machines at work?
So the save file will be encrypted with aes 256 or better, currently uncrackable. You can use on one device or many depending if you chose the cloud or not. The main password managers are pretty secure, it is more likely other things will get broken.

It allows you to have a unique, unguessable 40+ character passwords and usernames across hundreds of accounts. It flags compromised accounts automatically etc etc. You can also save you complete mad3 up memorable questions and answer, again unique across all account. The only other way you can do that is with a notepad and a safe.

And of course you have two factor authentication.

Most important account is always email. And obviously you machine should have all the usual security software and drive encryption.
Last edited by Elminster on Thu Jun 27, 2019 7:13 pm, edited 2 times in total.

User avatar
topcat96
Posts: 271
Joined: Thu Jun 26, 2008 1:17 am
Location: Somewhere wonderful!
Contact:

Re: The other day I received a ransome eMail

Post by topcat96 » Thu Jun 27, 2019 7:15 pm

Prime wrote:
Thu Jun 27, 2019 6:58 pm
On a more serious note don't password managers just concentrate the problem in a single place? I mean if the pw manager gets compromised they (potentially) get everything right? Also how well do they handle mutiple machines across multiple operating systems e.g. Home machine is W7, laptop is W10, have a Linux 'server' at home, Windows and Mac machines at work?
I haven't personally investigated this but 1Password has encrypted cloud storage facilities so you can access your passwords from any computer and OS they support and have a machine ID for (generated at initial software installation time I presume). Seems all you need is to have the 1Password software/app and your master key which will let sync across all machines it knows.

Loads of information and support on their forum too.

Their promo video: https://youtu.be/mcly2-b1W20

edited ... speeling mishtakez and videyo addid :D
Last edited by topcat96 on Thu Jun 27, 2019 7:28 pm, edited 2 times in total.
Image

User avatar
1024MAK
Posts: 10102
Joined: Mon Apr 18, 2011 5:46 pm
Location: Looking forward to summer in Somerset, UK...
Contact:

Re: The other day I received a ransome eMail

Post by 1024MAK » Thu Jun 27, 2019 7:43 pm

Elminster wrote:
Thu Jun 27, 2019 7:10 pm
The only other way you can do that is with a notepad and a safe.
I use an “air gapped” Psion Series 5 to store a lot of my passwords. Itself protected by a password to allow access to the machine, and then the passwords are stored in a password protected file (and according to Psion, this file is encrypted by the password).

Although I can’t compete with passwords that are 40 characters long...

I try to avoid giving my actual age / date of birth / previous addresses, schools or other similar personal information for security questions and answers, and instead make up answers. Then if someone does find out my personal information, it will not help to bypass my passwords.

Mark

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Thu Jun 27, 2019 8:05 pm

1024MAK wrote:
Thu Jun 27, 2019 7:43 pm

I try to avoid giving my actual age / date of birth / previous addresses, schools or other similar personal information for security questions and answers, and instead make up answers. Then if someone does find out my personal information, it will not help to bypass my passwords.

Mark
My dogs name is ‘futfuygihvystrdhcdtsty’

The thing to consider is all the companies who are looking after all the computer systems have to store password and keys somewhere (even in a world of federated security and identity providers, somewhere there is a key or a password, or a graphics or something) that can be shared, better a password manager than a spreadsheet on a sharedrive.
Last edited by Elminster on Thu Jun 27, 2019 8:05 pm, edited 1 time in total.

User avatar
topcat96
Posts: 271
Joined: Thu Jun 26, 2008 1:17 am
Location: Somewhere wonderful!
Contact:

Re: The other day I received a ransome eMail

Post by topcat96 » Thu Jun 27, 2019 8:10 pm

Elminster wrote:
Thu Jun 27, 2019 8:05 pm

My dogs name is ‘futfuygihvystrdhcdtsty’
I think my master password is compromised .. #-o
Last edited by topcat96 on Thu Jun 27, 2019 8:11 pm, edited 1 time in total.
Image

matt_nottm
Posts: 137
Joined: Sat Feb 11, 2017 11:54 am
Contact:

Re: The other day I received a ransome eMail

Post by matt_nottm » Thu Jun 27, 2019 9:37 pm

Elminster wrote:
Thu Jun 27, 2019 5:42 pm
I have used 1password for 10 years approx. Held off going to subscription model. Was the best (on Mac) 10 years ago and stuck with it.
"ditto" Also, new users don't have to go to the subscription model, you can still purchase the perpetual license. Now with over 300 passwords stored, I cannot do without it!

User avatar
jonb
Posts: 2665
Joined: Sat May 21, 2011 1:42 pm
Location: South Coast of England
Contact:

Re: The other day I received a ransome eMail

Post by jonb » Fri Jun 28, 2019 8:49 am

@Mark: Nice idea. I'll have to fish out a Series 5 from somewhere (I have 2 of them).

So are we saying the browser's password manager is not to be trusted? I use Chrome.

User avatar
danielj
Posts: 8246
Joined: Thu Oct 02, 2008 5:51 pm
Location: Manchester
Contact:

Re: The other day I received a ransome eMail

Post by danielj » Fri Jun 28, 2019 9:10 am

Most of these things decrypt the password on your machine, so the storage never actually holds the unencrypted password. I'm fairly sure the chrome storage is just as secure as something like lastpass or 1password. If your master password is compromised, you might have an issue, but it has to be tied to your account. I use 2-factor where available for anything important.

You can check if your password has ever been compromised here:
https://haveibeenpwned.com/Passwords

Read how it works and make sure you're comfortable with it before typing a password in! :)

d.

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Fri Jun 28, 2019 9:43 am

danielj wrote:
Fri Jun 28, 2019 9:10 am
Most of these things decrypt the password on your machine, so the storage never actually holds the unencrypted password. I'm fairly sure the chrome storage is just as secure as something like lastpass or 1password. If your master password is compromised, you might have an issue, but it has to be tied to your account. I use 2-factor where available for anything important.

You can check if your password has ever been compromised here:
https://haveibeenpwned.com/Passwords

Read how it works and make sure you're comfortable with it before typing a password in! :)

d.
1password also links directly into pwned as well and will flag all you passwords that are duplicates or poor. But even so, I have all my email addresses registered with pwned. Firefox has also no released a similar service, not sure if they are using pwned or set up their own one.

Even though I rust pwned and the way it works I still wouldn't type in an active password, call me paranoid. There was a good interview with the Troy Hunt from pwned at the Azure conference the other day. There was a good interview with the Troy Hunt from pwned at the Azure conference the other day.

The web browser password managers used to be very poor security-wise and featurewise, but that was years ago, hopefully, they have improved. The main advantage is they are free .... although do I trust google ....

Edit: I forgot to add we all also need to wear out tin hats to stop people reading our minds.
Last edited by Elminster on Fri Jun 28, 2019 9:47 am, edited 1 time in total.

User avatar
Elminster
Posts: 4207
Joined: Wed Jun 20, 2012 9:09 am
Location: Essex, UK
Contact:

Re: The other day I received a ransome eMail

Post by Elminster » Fri Jun 28, 2019 9:54 am

Probably worth mentioning at this point in case you really got infected with some ransomware that looks up your machine. Make sure you have backups. Preferably encrypted.

guesser
Posts: 351
Joined: Mon Jun 26, 2006 10:21 pm
Contact:

Re: The other day I received a ransome eMail

Post by guesser » Fri Jun 28, 2019 2:17 pm

Firefox possibly encrypts the passwords when you set a master password but I don't think it does. This means it's only as secure as any other file on your computer, any third party code you run under your computer login could exfiltrate them. Up to you to decide how likely an attack vector that is.
If you use it to store a 20 character random string of gibberish for each site it's still much safer than using the same dictionary word and last two digits of your year on every website you sign up for for one or many of them to lose their database.
A web based teletext editor which can export as Mode 7 screen memory: https://zxnet.co.uk/teletext/editor
Join the Teletext Discord for teletext chat.

Post Reply

Return to “off-topic”