The other day I received the following; I am putting the entire email in here so that if anybody other than us searches for it on the internet then they will find this. [I shall put it in a reply]
Now clearly an utter scumbag and doomed to failure, at least with me.
However, one can easily understand how some people might get a nasty shock purely by coincidence and might be tempted to pay out of fear.
Even though the contents of the email could not possibly apply to me, even though it was to an email address I no longer use and included a password I haven't used for years, it was still a heart-stopping moment when I saw an email arrive with the heading "Your password is xxxxx".
The Email this was sent to is indeed an email address of mine, obviously. Though actually while it remains valid I haven't actually used it for at least 7 or 8 years for anything new. The password is also one I have used. I'm pretty password careful so I know where and when.
The *ONLY* time I have used that EMail / Password combination was LinkedIn, and even then it was years ago.
I remember that some years ago Linkedin was hacked and at that time I was prompted by them to change my password which I immediately did. Though I do change my passwords fairly frequently anyway - and I never use the same password twice, nor do I ever use them in more than one place.
So that is 100% where it came from. I assume the hacked and stolen list is for sale on the Dark Web somewhere.
Nor does the guy explain quite how that username/password combination would help him to access the webcam that i don't have, even if i did have one.
This is why you should never use the same password on more than one site. A turd like this bloke will buy that list from somewhere, which was why it was hacked and stolen in the first place, and then try your email/password combination on all the obvious sites - Facebook, Instagram, etc. etc. etc. - using automation and thus able to try loads and loads.
You can imagine the blackmail they would try if they did get into something. For all I know they did try to get into my other accounts. They would just have failed. They would be unlikely to cause any flags or warnings since they would never try an account twice.
It is also why you should never reuse a password. You simply don't know how long the gap between your password being stolen and it being used against you could be.
*ANY* company that stores user credentials in a manner or state such that they can be stolen and used should be brought down by the subsequent class action suits which bankrupt them.
If you feel that your password management might not be all it should be, I advise you to get smarter about it, quickly. As well as using two-factor authentication wherever you can.
Passwords and firewalls just make your computer more difficult than the next one. They don't make it impossible. Remember, if nothing else, they can be stolen.
Fundamentally, f you're not prepared to print out anything on your computer and stick it to the fridge door, then DON'T do it on your computer. Computers are about as secure as your house; only the odds really protect you.
There are reports of this particular scam being tried before, though this is the first time I've received anything. In this case it was based on a linkedin breach, and thus was an old password, I don't have a webcam and in any case I'm anal about my passwords. However, it is only a matter of time before it happens to more recently stolen data or to someone less fortunate/careful.
If you want to check whether or not your email address has been part of any breaches, go here...
haveibeenpwned.com/
Protect yourself.
Last edited by: No FM2R on Sun 19 Apr 20 at 21:08
|