Oh noes, I've been pwned....!!!1

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

Lob

What could possibly go wrong?
Nov 7, 2020
81
16
I got a rather scary email today so thought I'd share it with you. It's to an old, old email address of mine that is simply a forwarder into my primary email address - which is exposed in one leak, according to Troy's haveibeenpwned.com.

So the bad guy wrote to me....
Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (name@domain.com).

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_<)

The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.
My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.

So, by now you should already understand the reason why I remained unnoticed until this very moment...

While collecting your information, I have found out that you are also a huge fan of websites for adults.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.

If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.
It is also not a problem for me to allow those vids for access of public as well.
I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.

Let's resolve it like this:
All you need is $1350 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.
Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.

That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.
If you are unaware how to buy and send bitcoins - it can be easily fixed by searching all related information online.

Below is bitcoin wallet of mine: <redacted - let's not be paying numbnut any coin here....>

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Below is the list of actions that you should not attempt doing:
> Do not attempt to reply my email (the email in your inbox was created by me together with return address).
> Do not attempt to call police or any other security services. Moreover, don't even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) - the video of yours will become available to public immediately.
> Do not attempt to search for me - there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
> Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don't need to be concerned about:
> That I will not receive the money you transferred.
- Don't you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
> That I still will make your videos available to public after your money transfer is complete.
- Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget...moving forward try not to get involved in this kind of situations anymore!
An advice from me - regularly change all the passwords to your accounts.
I think it's a pretty good attempt - so good in fact that the wallet contains: 0.09302854BTC = $4,173.64. But then again the last transaction, yesterday, appears to be from a wallet with 34BTC presently in it (and that has had a high of 2974029BTC(!!!))

I will sadly have to withdraw from public now as I don't have any BTC to give these bozos and so my videos will be released to you all.

Or rather not, because even though he got a 20-year-old email/password combination (from an online store where I bought a DVD player in 1999!!), there is nothing behind it to hack as my Internet security has increased massively since then. Let's just say each account I create has a unique email address and complex, Bitwarden-created password.

I can rather imagine that quite a few will fall for this, I also expect that one criminal wallet is feeding another to create an illusion that people are paying - it seems there were 3 payments of close to 0.031BTC made 30-Sept-21 - conceptually probably like a busker putting his or her own money in their cap to create momentum in getting more money.

The miscreant needs to improve the comms skills though, I had to read twice to see what might happen to me...... :D
 
  • Like
Reactions: Dror Harari

Intuit

Well-known member
Dec 27, 2020
80
20
Friends of a computer customer kept telling her she had something on her computer because her bank account was wiped out. (I knew nothing was ever on there.) Slightly longer story short, she replied to one of these types of emails. She gave away her routing and checking account number. That money went overseas. The bank claimed they couldn't recover the funds. A senior citizen who I'd consider to be street savvy, I wouldn't have pegged her for having fallen for such a scam. They got her early in the morning, on her meds, not clear-headed. I suspect that for nearly everyone, it's just a matter of catching them at the right time and with the right scam. Some decades ago my Mom was nearly scammed by someone calling her, claiming to be a creditor saying that her son (me) owed money; despite the fact that even borrowing from anyone (let alone owing) would be totally out of character for me.

@PHolder - That is news to me too. I only knew about (and grew up with) the WWF stage character and not really the person, the human portraying that character though. We shouldn't be surprised that the people portraying these characters are themselves, human, flawed; sometimes deeply. But it's important that we are afforded the opportunity to learn from our mistakes, apologize, change and atone. There are many people who really are disingenuous about their apologies. Only way to know is to look at what they've done since that or those apology(ies). The actor behind that character certainly did insult a fair portion of his fan-base though. Not exactly good business sense.
 

Ralph

Active member
Sep 24, 2020
38
3
One thing I do is never rush into anything. Whether it be a phone call, voice message, email, text... whatever. Jumping at anything too fast is not a good idea and ups the odds of making a wrong choice. I've had a few times where I was initially tempted to act on something that seemed legit, but thinking about it for a while realized it was a scam. Some of the scams out there are pretty good. One interesting podcast I should re-subscribe to is from AARP called 'The perfect scam' Not giving a potential victim time to think is a fairly common strategy they use. Check the podcast, it is informative.
 

Bplayer

Chris
Sep 19, 2020
21
5
The latest telephone scam caught me off-guard for a second. "Hello, I am calling last name from Amazon Cancellation Services to assist you with your recent cancellation of Amazon Prime and your $200 refund". Well I had recently cancelled an Amazon product, not quite as much as that amount, and thought that this call was connected. But after coming to my senses, without giving any information, I hung up.

My responses to "duct cleaning" calls are usually involve stringing them along to waste their time or use some language that my wife does not approve of. She just repeatedly asks them nicely to remove our number from their call list. But it does not help as they keep calling back from another spoofed number.
 

Intuit

Well-known member
Dec 27, 2020
80
20
Trying to limit detail and keep it short. I had never heard of it and had no idea what it was at the time, but I have a story about my introduction to pyramid schemes. My second job was a buss boy at a large family run restaurant. A large room was reserved; a large party with very nicely dressed guests. I assumed it was some sort of church function. As soon as it ended I began cleaning up for the night. One of the hosts approached me with an important invite to get in on a business opportunity; didn't go into any detail, that's what the meeting was for. Meanwhile, what I assumed to be his beautiful wife, silently comes up behind him and starts silently mouthing and waving 'no'. That kind of caught me off-guard and I had no idea what that was about, but pretended not to see it and accepted his invitation. Nearing the date, I get a call from his daughter (pretty voice) to confirm location and attendance. She wants me to be well dressed. So on the date and with the daughter's help by phone, (pre-GPS) I find my way to the meeting, a hotel party room. Added name to guest list. The invitee and his daughter greet me. The wife shows up and I think for the daughter's benefit said something like, 'just goes to show, those who you think won't show up, will.' Received a packet, picked a row and had a seat. Waiting, scanning the crowd, I noticed the attendees seemed a little, "off". There was a lot of randomness, no congruity, and a fair number of "guests" were physically/mentally handicapped from birth; not the type you'd typically see at a "business opportunity". I began scanning through the packet; interrupted by the start of the meeting. So as they began laying things out, I quickly realized this was a scam; the entire room full of suckers. The husband and daughter kind of seemed oblivious more concerned with the crowd in general but the wife was clearly reading the expressions on my face as the meeting went on. I was eyeing her as if she'd just slapped a baby. Out of a large room of people and when making key points, she'd look directly at me. She wanted me to leave. They were directing the crowd in filling out and signing a form in that packet. Curiosity was the primary thing making me stick around. I finally got up and rapidly walked out at which point they directed people to sign that document. I forget where the daughter said they were from, but it wasn't close. They likely traveled from town-to-town running this scam. I got a call from the daughter sometime after the meeting, apparently still oblivious that I was on to them.
 

Intuit

Well-known member
Dec 27, 2020
80
20
@Bplayer - Yeah worse thing you can do is say anything to any of them. If there's any delay when I say 'who's calling', I immediately hang up. I don't give their system enough time to switch over to a human. If it's an automated voice of any kind, I immediately hang up. If it's not important enough to have a human pick up the phone, dial the number and immediately respond to my 'who's calling' question, then it isn't important. If they can't answer the question of 'who's calling' or seem disingenuous in their response, I immediately hang up. Waisting my time alone with that non-sense is enough to piss me off; and to do it repeatedly is even worse.

You remember the days of MCI? The phone company? I affectionately named them, "Malevolent Cowards Incorporated" after they scammed me. Many years ago I had a landline with Verizon. One day, I opened a snail-mail bill to find MCI had taken over my long-distance and was attaching a rather small charge. Called Verizon to ask how this happened. The representative clued me in. They call you and RECORD you saying yes to something, anything really... such as acknowledging whether or not you're the head of the household. Then they in-turn called your carrier and played back recordings of you saying whatever in order to switch your service. It was from that point on I knew to not only never speak to cold-callers who weren't friends/family/customers, but to also avoid using the words 'yes' and 'no'. MCI was so crooked, their own execs were busted for stealing money from the company. Fortunately they're gone. Still wondering how Wells Fargo and EquiFax are still around. Too big to fail I guess.

EDIT: BTW on that bill, I told Verizon not to pay them even one penny or they would get dropped too LoL. I didn't want MCI to profit from that in any way.
 
Last edited:

SeanBZA

Active member
Oct 1, 2020
33
5
Had the automated call last week, so simply let it play out for the 4 minutes it took for the automated system to finally give up. I figure in that time they did not call at least 20 other numbers, a win for me, and a loss in call charges for them. They want to sell you a ringtone, via a subscription model, but pretty all phones are quite capable of using any sound file as a ringtone, and getting that sound is not exactly a hard thing.
 

Lob

What could possibly go wrong?
Nov 7, 2020
81
16
Thanks, all, for derailing my thread :D :D :D

Has anyone seen my videos yet?

Me neither..... :)
 

Dave New

Active member
Nov 23, 2020
29
7
I got almost exactly the same scam email, repeatedly, using my Linkedin email and a rather old password, from back before I started using LastPass.

I also use a unique email for every different online account, and now use a LastPass-generated complex password for each account.

I never answer a mobile call if it isn't in my contact list. If it's important, they'll leave a message. If they leave a message, and it's a scam, I block the number. If they don't leave a message, I block the number. Because the scammers can freely invent caller ID numbers, it's like playing whack a mole, but it helps to keep the calls down, as sometimes a particular number gets used repeatedly.

I still have a landline (an actual copper drop) but the only calls I get on it these days are all scammers. I turned off the answering machine years ago, because I was tired of them filling up the incoming message tape, and I didn't want to have to listen to all the crap, in case someone left a message I cared about. Now, I just screen the incoming calls, and if I don't recognize the caller ID, I just dump the call. Eventually, I'll just drop the service. Don't know what I'm paying US$62 a month for, anyway.
 

Lob

What could possibly go wrong?
Nov 7, 2020
81
16
It seems the crims are working with these addresses as fast as they can. I just ordered a new camera, I guess they want me to call them to complete the scam....

-PayPal-
24*7 Helpline +1 (888) 663-0688
________________________________________
Hi there ,
Thank you for choosing us as your preferred payment partner.
You payment has been processed successfully, you will receive your order shortly.
Order Summary
Product Name Qty Price
Nikon D5600 Digital Camera 01 $775.99
Order Placed On - Oct 04, 2021
Transaction Id - 6388VB35197
Shipping Type - Standard
Amount Paid - $775.99
You have made this purchase through your first line paypal credit service.
If it was you please ignore, if not kindly raise a complaint in the resolution centre or connect with us.
Help & Support # +1 (888) 663-0688
Looking forward for shopping with us again!

Sincerely
Service Dept.
 

Dave New

Active member
Nov 23, 2020
29
7
It seems the crims are working with these addresses as fast as they can. I just ordered a new camera, I guess they want me to call them to complete the scam....
Mine came in German language. Guess they aren't paying too much attention to their target market...
 

SeanBZA

Active member
Oct 1, 2020
33
5
I get the unsubscribe emails, which are almost always caught by the Gmail spam filter. They have a confirm or unsubscribe link, which actually is just a whole load of mailto email addresses to various free email providers, including the big ones, and a lot of ru ones.

I used to keep one of the RU ones, as seeing spam there was very easy, if language is Cyrillic it is spam..... The admins sent their mail in both Russian and English.
 
  • Like
Reactions: danlock

Dave New

Active member
Nov 23, 2020
29
7
It's funny, I use Horde web email client, and when I do a 'view source', it offers to translate!
 

soccer_ref

New member
Oct 8, 2020
1
0
I still have a landline (an actual copper drop) but the only calls I get on it these days are all scammers. I turned off the answering machine years ago, because I was tired of them filling up the incoming message tape, and I didn't want to have to listen to all the crap, in case someone left a message I cared about. Now, I just screen the incoming calls, and if I don't recognize the caller ID, I just dump the call. Eventually, I'll just drop the service. Don't know what I'm paying US$62 a month for, anyway.
I parked the landline number I've had for 42 years at numberbarn.com for $6.00 per month and then cancelled the landline. Calls to the landline number are answered with a recorded message telling callers to press 1 for me, press 2 for my wife and 3 for me or my wife. Robocalls don't have the smarts to do anything with this. I avoid an average of 150+ calls each month with this feature. Friends who haven't made the transition to our mobile numbers make a selection and are forwarded to our cell phones. Caller ID on the forwarded call is my landline so I know that a real person is calling. Most of our friends now have our mobile numbers so I might change this in the near future to the $2.00 per month plan with a plain recorded message.
 

Ralph

Active member
Sep 24, 2020
38
3
I used to get bogus calls that left voice messages in Chinese. The only thing I understood was they mentioned a bank (forget which). Recently they seem to be getting more creative. Caller ID shows the electric or gas company, no voice messages. I guess they don't keep records of calls that never get answered or they would have stopped calling me long ago.
 

Ianc

New member
Oct 6, 2020
3
0
I received that email too, I was amazed that they had videos of me as my Windows7 desktop computer has no webcam. What fantastic technology were they using I wondered, but "sadly" I never found out.
 

Dave New

Active member
Nov 23, 2020
29
7
I parked the landline number I've had for 42 years at numberbarn.com for $6.00 per month and then cancelled the landline
Wow. What a find! I'll have to check that out. We've been holding onto two copper land lines (the 2nd was for dial out for TiVo and FAX in/out, etc) forever it seems, and I'm currently paying over $60/mo for each. We've had one or the other lines repaired repeatedly over the past few years, due to failing infrastructure. We're likely almost out of spare pairs in the blister, now.
 

SeanBZA

Active member
Oct 1, 2020
33
5
Don't worry, your telco techs will start to use split pairs, looking for the "good" wires in the cable among the bad pairs to use. You will know they have run out when they start using single wires with a ground return. Took around 5 years of weekly complaints about bad lines before they passed it over to the street crew to dig from our DP to the local street junction, and put in a new 50 pair cable. Left the old lead sheathed cable in situ, as it was not coming out at all, rusted and corroded into the steel conduit, so instead went up a floor in the building using PVC drain pipe and fittings, as this would both disguise the cable, and securely mount it, as otherwise you would have copper cable out in view. In the street manhole (at least a century old, from the days there were tram lines in the city) it was joined back to the old lead sheathed paper cable, which was still good enough to handle DSL, and with old cores of 18 gauge copper wire, still bright when the paper was stripped. Tech did though strip all the jumpers out of the 3M frame around the corner (79m of cable according to the old drawings) and wired the 2 trunk cables together direct, as those 40 plus year old 3M junctions blocks are well past the replace point. All phone line issues went away with that.