Email scam with Buds Gun shop password in it.

The #1 community for Gun Owners in Indiana

Member Benefits:

  • Fewer Ads!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • bigretic

    Master
    Rating - 100%
    71   0   0
    Jan 14, 2011
    2,179
    83
    NWI
    Little PSA for you all. I was dumping my junk email folder and as usual, being in the IT field, I like to sift through the scams to enlighten my users as to what they should be looking out for in the corp network and emails, since they know if they are the one that causes a problem the starts with "i probably shouldn't have clicked that" i will absolutely lose my poo on them.
    So anyway, I've seen these before, they started about a month ago and contain your email and a (hopefully) old password of yours and want to pay bitcoin extortion money to them because they have proof you were on a porn site or something.
    Here's how the actual emails start:

    Hello!
    I'm a member of an international hacker group.


    As you could probably have guessed, your account support@*******.com was hacked, because Isent message you from it.

    Now I have access to you accounts!
    For example, your password for support@*******.com is A-VALID-PASSWORD-OF-YOURS

    Here's the thing - this one i got - had the password for my account at Buds Gun Shop. And i know for a fact that is the ONLY site i used that password for. (i generally do NOT use the same passwords across multiple accounts)
    This may go back to the 2011 hack - i'm not sure. But i'm pretty sure i had changed my password since then.


    Head's up.
     

    BehindBlueI's

    Grandmaster
    Rating - 100%
    29   0   0
    Oct 3, 2012
    25,890
    113

    Here's the thing - this one i got - had the password for my account at Buds Gun Shop. And i know for a fact that is the ONLY site i used that password for. (i generally do NOT use the same passwords across multiple accounts)
    This may go back to the 2011 hack - i'm not sure. But i'm pretty sure i had changed my password since then.


    Head's up.

    Is it possible it's running a script to get the information from saved passwords in your browser somehow?
     

    bigretic

    Master
    Rating - 100%
    71   0   0
    Jan 14, 2011
    2,179
    83
    NWI
    Is it possible it's running a script to get the information from saved passwords in your browser somehow?
    Negative (sure anything is possible) - this is a known scam mail that is generated as a form letter from previous hack user/pwd databases that started back in July. They have netted about $500k in bitcoin by some estimates so far. This is the 3rd variant I've seen in my spam. The other 2 were very old, generic passwords I used to log into B.S. forums and stuff (like this!) and I knew those 2 passwords were in compromised hacks. Didn't matter because I only used them for this kind of stuff. Go ahead - steal my ingo identity! Ha! The Buds one was SPECIFIC to them only and I have not logged into it since about 6 months or so ago when I did my annual password audit on my personal accounts.
     

    snorko

    Grandmaster
    Site Supporter
    Rating - 100%
    361   0   0
    Apr 3, 2008
    8,292
    113
    Evansville, IN
    I got one of those a month ago or so. Had my work email address and an old no longer used password which was in no way connected to my work email. I deleted it and moved on.
     

    doddg

    Grandmaster
    Site Supporter
    Rating - 100%
    135   0   1
    May 15, 2017
    8,613
    77
    Indianapolis
    Believe it or not I got that spam in my school email saying I they had a computer video of me watching porn on my work computer.
    They had an old password, as in years old.
    I can't even get youtube or even my bank site on my work cmp.
    The idea of watching porn on a work laptop is laughable. I actually knew a teacher who got fired for porn on his laptop from work: don't know how he got around the filters.

    I turned it into the tech dept.
    I wasn't happy about it, but I guess the IT dept. sees this all the time.
    I year ago I got one about if I didn't pay XX amount in bitcoin they were going to freeze up my computer: it had been going around for awhile apparently.

    I don't know how these things get through our filters.
    I will send an email to my wife and she won't get it for over an hour sometimes.
    This past weekend I sent a yahoo email to my school email and it took over a day to get there!!!
     

    Cameramonkey

    www.thechosen.tv
    Staff member
    Moderator
    Site Supporter
    Rating - 100%
    35   0   0
    May 12, 2013
    31,683
    77
    Camby area
    This is a new scam... they are using a list of stolen passwords to scare people. Ignore it.

    Yep. I got that same email last week, with a twist. Told me that they had my work iphone (number ending in XXXX) browser history that I was using to surf porn, and if I didnt pay them the ransom, they would tell my boss and get me fired.

    HAH! Joke's on them! I only surf for porn on my personal computers!!!

    Wait, was I not supposed to admit that? OH well. :dunno:
     

    bigretic

    Master
    Rating - 100%
    71   0   0
    Jan 14, 2011
    2,179
    83
    NWI
    Yep. I got that same email last week, with a twist. Told me that they had my work iphone (number ending in XXXX) browser history that I was using to surf porn, and if I didnt pay them the ransom, they would tell my boss and get me fired.

    HAH! Joke's on them! I only surf for porn on my personal computers!!!

    Wait, was I not supposed to admit that? OH well. :dunno:
    shhhhh….. we won't tell. lol

    Seriously though, I send (usually) weekly emails to my staff on the current email scams. I've made them a bit paranoid, but that's for the better.
     

    Cameramonkey

    www.thechosen.tv
    Staff member
    Moderator
    Site Supporter
    Rating - 100%
    35   0   0
    May 12, 2013
    31,683
    77
    Camby area
    shhhhh….. we won't tell. lol

    Seriously though, I send (usually) weekly emails to my staff on the current email scams. I've made them a bit paranoid, but that's for the better.


    Check out this company. We use them and they are good. End user CBTs, as well as proactive probing of your users to track how effective the training is. Part of the system is them sending your users fake attack emails to see who is paying attention. It tracks who falls for them and reports back to you. (who opened the message, who clicked the (harmless) links, who opened the "virus laden attatchment", etc. Pretty sure that if they fail, you can auto enroll the user in remedial training automatically.

    https://www.knowbe4.com/
     

    Cameramonkey

    www.thechosen.tv
    Staff member
    Moderator
    Site Supporter
    Rating - 100%
    35   0   0
    May 12, 2013
    31,683
    77
    Camby area
    Check out this company. We use them and they are good. End user CBTs, as well as proactive probing of your users to track how effective the training is. Part of the system is them sending your users fake attack emails to see who is paying attention. It tracks who falls for them and reports back to you. (who opened the message, who clicked the (harmless) links, who opened the "virus laden attatchment", etc. Pretty sure that if they fail, you can auto enroll the user in remedial training automatically.

    https://www.knowbe4.com/

    Oh, and one other handy feature; they are now emailing me about possibly compromised accounts found online. (inside dark web password lists, etc), they have a weak password checker that inspects the hashes of your AD users and locates which accounts have weak passwords, how many passwords are shared between accounts, etc. As well as Doppelganger domain reports to report to you similar looking domains that have been registered that could be used to fool your users into logging into them and leaking passwords to them.

    I was able to change 10 accounts proactively because we found their passwords online.

    Edit: they also show what accounts show up in lists that can be used for social engineering so you can advise those users to be on the lookout for spearphishing attacks. (Oh, look. I am going to email the CEO, so I will impersonate Bill, one of his subordinates in accounting. )
     
    Last edited:

    bigretic

    Master
    Rating - 100%
    71   0   0
    Jan 14, 2011
    2,179
    83
    NWI
    Check out this company. We use them and they are good. End user CBTs, as well as proactive probing of your users to track how effective the training is. Part of the system is them sending your users fake attack emails to see who is paying attention. It tracks who falls for them and reports back to you. (who opened the message, who clicked the (harmless) links, who opened the "virus laden attatchment", etc. Pretty sure that if they fail, you can auto enroll the user in remedial training automatically.

    https://www.knowbe4.com/
    Yes, i'm aware of them and on the mailing list. I have yet to actually demo a product from them. I have seen some feedback that the service is pretty pricey per user. AV and security costs seem to grow by 30% or more every year for the past 3 years here. For me it was money well spent, but sometimes hard to get the owner to realize. Told him I want a new firewall last month and the annual costs vs. the existing one are 5 times more... ouch. Cost of growth though. lol. Thanks for the recommendation on knowbe4.
     

    IndyTom

    Expert
    Rating - 87.5%
    7   1   0
    Oct 3, 2013
    1,336
    63
    Fishers
    The corporate overlords decided to send out a phishing e-mail to everyone and see who reported it to the help desk. Since it got through our filters, I sent it to our old support group who sent out a notification to our business unit saying to not click and delete. I also forwarded it to the help desk and got a, 'Congratulations, you successfully reported a test phishing e-mail to us,' response.
     

    WebSnyper

    Maximum Effort
    Rating - 100%
    56   0   0
    Jul 3, 2010
    15,417
    113
    127.0.0.1
    Anything of importance needs to offer multi factor authentication (and preferably something besides SMS based text 2 factor)... password spray attacks (among other things) are making passwords no matter how often changed and how complex, an archaic security mechanism that offers no real security (mostly due to the human factor, but for other reasons as well).
     
    Last edited:
    Top Bottom