EMAIL FROM HACKER - ADVICE NEEDED

The #1 community for Gun Owners in Indiana

Member Benefits:

  • Fewer Ads!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    I hope some of you can help with this. I received this email. Ordinarily I wouldn't be too worried, but the password shown is one that I used frequently in the past. It is not the password on the email account.

    It might be the same password that was exposed when the old USPSA web site got hacked.

    HELP!

    ==============================================
    Received: (qmail 19034 invoked from network); 10 Nov 2018 12:38:52 -0000
    Received: from unknown (HELO inbound2.hw.buf.ny.localnet.com) ([10.30.204.16])
    (envelope-sender <josephviray@localnet.com>)
    by maildrop4.localnet.sys (qmail-ldap-1.03) with SMTP
    for <josephviray@localnet.com>; 10 Nov 2018 12:38:52 -0000
    Received: from 96-66-252-30-static.hfc.comcastbusiness.net (96-66-252-30-static.hfc.comcastbusiness.net [96.66.252.30])
    by inbound2.hw.buf.ny.localnet.com (Postfix) with ESMTP id 7658CC80B9
    for <josephviray@localnet.com>; Sat, 10 Nov 2018 07:38:52 -0500 (EST)
    Message-ID: <5BE660D8.6000202@localnet.com>
    Date: Sat, 10 Nov 2018 -5:38:48 -0900
    From: <josephviray@localnet.com>
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
    MIME-Version: 1.0
    To: "PASSWORD" <josephviray@localnet.com>
    Subject: Security Alert. You account has been hacked. Password PASSWORD must be need changed.
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit



    Hello!

    I'm a programmer who cracked your email account and device about half year ago.
    You entered a password on one of the insecure site you visited, and I catched it.
    Your password from josephviray@localnet.com on moment of crack: PASSWORD

    Of course you can will change your password, or already made it.
    But it doesn't matter, my rat software update it every time.

    Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.

    Through your e-mail, I uploaded malicious code to your Operation System.
    I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
    A

    Hello!

    I'm a programmer who cracked your email account and device about half year ago.
    You entered a password on one of the insecure site you visited, and I catched it.
    Your password from josephviray@localnet.com on moment of crack: PASSWORD SHOWN HERE

    Of course you can will change your password, or already made it.
    But it doesn't matter, my rat software update it every time.

    Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.

    Through your e-mail, I uploaded malicious code to your Operation System.
    I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
    Also I installed a rat software on your device and long tome spying for you.

    You are not my only victim, I usually lock devices and ask for a ransom.
    But I was struck by the sites of intimate content that you very often visit.

    I am in shock of your reach fantasies! Wow! I've never seen anything like this!
    I did not even know that SUCH content could be so exciting!

    So, when you had fun on intime sites (you know what I mean!)
    I made screenshot with using my program from your camera of yours device.
    After that, I jointed them to the content of the currently viewed site.

    Will be funny when I send these photos to your contacts! And if your relatives see it?
    BUT I'm sure you don't want it. I definitely would not want to ...

    I will not do this if you pay me a little amount.
    I think $873 is a nice price for it!

    I accept only Bitcoins.
    My BTC wallet: 1PcFYw7PQKUnj6RxqVwZ4TFuwWUPTyECKQ

    If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy.
    After receiving the above amount, all your data will be immediately removed automatically.
    My virus will also will be destroy itself from your operating system.

    My Trojan have auto alert, after this email is looked, I will be know it!

    You have 2 days (48 hours) for make a payment.
    If this does not happen - all your contacts will get crazy shots with your dirty life!
    And so that you do not obstruct me, your device will be locked (also after 48 hours)

    Do not take this frivolously! This is the last warning!
    Various security services or antiviruses won't help you for sure (I have already collected all your data).

    Here are the recommendations of a professional:
    Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

    I hope you will be prudent.
    Bye.
     

    Mgderf

    Grandmaster
    Site Supporter
    Rating - 100%
    43   0   0
    May 30, 2009
    17,877
    113
    Lafayette
    Grammar is atrocious.
    Almost unintelligible.
    Are you worried about his/her threats?

    You alone know your search history.
    Sounds like phishing to me.
    I would just ignore it.
     

    wakproductions

    Sharpshooter
    Rating - 0%
    0   0   0
    Aug 19, 2012
    441
    18
    Indianapolis
    I've received an email a few months ago that had almost the exact same language. It happened after my tax accountant's email got hacked and he sent me a link to a malicious website in which I accidentally entered one of my passwords. This is just a money scam. They are using that compromised password to establish credibility, but that whole thing about the trojan software on your computer is a bunch of bull****. https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

    Just change the password on any accounts that use it as they will likely try that email/password combo to log into some of your social media accounts. Don't respond. They might send you more emails like this but will go away eventually.
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    Grammar is atrocious.
    Almost unintelligible.
    Are you worried about his/her threats?

    You alone know your search history.
    Sounds like phishing to me.
    I would just ignore it.

    The threats? Not so much. I just got concerned since I saw an older password I used to use. I just spoke with a friend and he thinks it's phishing too. They buy an old hacked password from someone, then use it to scare people.

    As he reminded me, it's a good time to change my passwords and not reuse any.

    Let the advice continue to flow . . .
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    I've received an email a few months ago that had almost the exact same language. It happened after my tax accountant's email got hacked and he sent me a link to a malicious website in which I accidentally entered one of my passwords. This is just a money scam. They are using that compromised password to establish credibility, but that whole thing about the trojan software on your computer is a bunch of bull****. https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

    Just change the password on any accounts that use it as they will likely try that email/password combo to log into some of your social media accounts. Don't respond. They might send you more emails like this but will go away eventually.

    Thanks for that!

    Fortunately I don't have any social media accounts unless you count INGO and LinkedIn, neither of which use that password.
     

    DoggyDaddy

    Grandmaster
    Site Supporter
    Rating - 100%
    73   0   1
    Aug 18, 2011
    102,048
    77
    Southside Indy
    Grammar is atrocious.
    Almost unintelligible.
    Are you worried about his/her threats?

    You alone know your search history.
    Sounds like phishing to me.
    I would just ignore it.

    It sounded like the person that came up with "All your base are belong to us".


    Now Rhino, tell us about these "reach fantasies" of yours... To see if we'll be in shock of them too. :):
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    It sounded like the person that came up with "All your base are belong to us".


    Now Rhino, tell us about these "reach fantasies" of yours... To see if we'll be in shock of them too. :):

    If you have to ask . . .

    To me, a "reach fantasy" is when I imagine that my t-rex arms are long enough to reach stuff on the higher shelves, so I don't have to ask SWMBO to help me.
     

    croy

    Master
    Rating - 100%
    24   0   0
    Apr 22, 2012
    1,875
    48
    Indiana
    My mother in law got pretty much the same thing. But also threatening to release any homemade "videos" shes done. She's not too worried about it and I don't think I would be either.
     

    KG1

    Forgotten Man
    Site Supporter
    Rating - 100%
    66   0   0
    Jan 20, 2009
    25,633
    149
    I just checked my spam folder and it looks like I received one too. Needless to say their bitcoin wallet will not get any fatter at my expense.
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    My mother in law got pretty much the same thing. But also threatening to release any homemade "videos" shes done. She's not too worried about it and I don't think I would be either.

    I just checked my spam folder and it looks like I received one too. Needless to say their bitcoin wallet will not get any fatter at my expense.

    Now I'm feeling a little hurt because I was so late to get one. Apparently my reach fantasies and inmate behavior aren't good enough for them.
     

    edporch

    Master
    Site Supporter
    Rating - 100%
    25   0   0
    Oct 19, 2010
    4,664
    149
    Indianapolis
    I run my own mail server and have gotten them almost identical to this on multiple email addresses.
    Every so often i get another with the threat "upped".

    In my case, it's PURE BS.
    They didn't send it from my own email account.
    ALL they did was put my email address in as the return address, and claim this proves they sent it from my own email server.

    YET when I checked my email server logs, the email came from the Internet and not my own email server.

    PLUS they claim they have all this incriminating activity from my computer camera and microphone.
    But I don't have a camera or a microphone on the desktop computer I use exclusively.

    MY ADVISE is DO NOT REPLY TO THESE.
    It will just let them know your email address is valid and active.

    JUST IGNORE THEM.
     

    KG1

    Forgotten Man
    Site Supporter
    Rating - 100%
    66   0   0
    Jan 20, 2009
    25,633
    149
    I run my own mail server and have gotten them almost identical to this on multiple email addresses.
    Every so often i get another with the threat "upped".

    In my case, it's PURE BS.
    They didn't send it from my own email account.
    ALL they did was put my email address in as the return address, and claim this proves they sent it from my own email server.

    YET when I checked my email server logs, the email came from the Internet and not my own email server.

    PLUS they claim they have all this incriminating activity from my computer camera and microphone.
    But I don't have a camera or a microphone on the desktop computer I use exclusively.

    MY ADVISE is DO NOT REPLY TO THESE.
    It will just let them know your email address is valid and active.

    JUST IGNORE THEM.
    I don't have a webcam either. Plus I don't keep a contact list and my Facebook account was deactivated. Not gonna respond and we'll see if their threat to lock my device materializes. Bet it does'nt.
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    I run my own mail server and have gotten them almost identical to this on multiple email addresses.
    Every so often i get another with the threat "upped".

    In my case, it's PURE BS.
    They didn't send it from my own email account.
    ALL they did was put my email address in as the return address, and claim this proves they sent it from my own email server.

    YET when I checked my email server logs, the email came from the Internet and not my own email server.

    PLUS they claim they have all this incriminating activity from my computer camera and microphone.
    But I don't have a camera or a microphone on the desktop computer I use exclusively.

    MY ADVISE is DO NOT REPLY TO THESE.
    It will just let them know your email address is valid and active.

    JUST IGNORE THEM.

    I don't have a webcam either. Plus I don't keep a contact list and my Facebook account was deactivated. Not gonna respond and we'll see if their threat to lock my device materializes. Bet it does'nt.

    Definitely not responding!

    I'm pretty sure they have what was stolen from the USPSA web site a few years ago (the password lookup was sitting there in an unencrypted text file).
     

    NyleRN

    Master
    Rating - 100%
    28   0   0
    Dec 14, 2013
    3,834
    113
    Scottsburg
    Since he says his computer will update everything you do on your email, then load a nasty virus on an old computer usuing your email for him and let his open it. Crash his system. Checkmate
     

    jkaetz

    Master
    Rating - 100%
    3   0   0
    Jan 20, 2009
    1,953
    83
    Indianapolis
    Scam. They got one of the password lists from an old compromise and are trying to sound threatening. If you still use that password on anything change it, if you don't use two factor authentication turn it on, carry on with your business.

    If they really had access to your systems the smart thing for them to do would have been to start mining crypto currency with your electricity. Far more lucrative than trying to ransom your search history.
     

    rhino

    Grandmaster
    Rating - 100%
    24   0   0
    Mar 18, 2008
    30,906
    113
    Indiana
    Since he says his computer will update everything you do on your email, then load a nasty virus on an old computer usuing your email for him and let his open it. Crash his system. Checkmate

    That would be funny.

    What would be funnier is if they tried this on someone who has the knowledge, skills, and resources to end them, either metaphorically or otherwise.
     

    Expat

    Pdub
    Site Supporter
    Rating - 100%
    23   0   0
    Feb 27, 2010
    108,736
    113
    Michiana
    [FONT=&quot]NetRange: 96.66.224.0 - 96.66.255.255[/FONT]
    [FONT=&quot]CIDR: 96.66.224.0/19[/FONT]
    [FONT=&quot]NetName: SEATTLE-CCCS-38[/FONT]
    [FONT=&quot]NetHandle: NET-96-66-224-0-1[/FONT]
    [FONT=&quot]Parent: CABLE-1 (NET-96-64-0-0-1)[/FONT]
    [FONT=&quot]NetType: Reallocated[/FONT]
    [FONT=&quot]OriginAS: [/FONT]
    [FONT=&quot]Organization: Comcast Cable Communications, LLC (CCCS)[/FONT]
    [FONT=&quot]RegDate: 2016-11-29[/FONT]
    [FONT=&quot]Updated: 2016-11-29[/FONT]
    [FONT=&quot]Ref: https://rdap.arin.net/registry/ip/96.66.224.0[/FONT]
    [FONT=&quot]
    [/FONT]

    [FONT=&quot]
    [/FONT]

    [FONT=&quot]Comcast Cable Communications, LLC (CCCS)[/FONT]
    [FONT=&quot]
    [/FONT]

    [FONT=&quot]
    [/FONT]

    [FONT=&quot]OrgTechHandle: IC161-ARIN[/FONT]
    [FONT=&quot]OrgTechName: Comcast Cable Communications Inc[/FONT]
    [FONT=&quot]OrgTechPhone: +1-856-317-7200 [/FONT]
    [FONT=&quot]OrgTechEmail: CNIPEO-Ip-registration@cable.comcast.com[/FONT]
    [FONT=&quot]OrgTechRef: https://rdap.arin.net/registry/entity/IC161-ARIN[/FONT]
    [FONT=&quot]
    [/FONT]

    [FONT=&quot]OrgAbuseHandle: NAPO-ARIN[/FONT]
    [FONT=&quot]OrgAbuseName: Network Abuse and Policy Observance[/FONT]
    [FONT=&quot]OrgAbusePhone: +1-888-565-4329 [/FONT]
    [FONT=&quot]OrgAbuseEmail: abuse@comcast.net[/FONT]
    [FONT=&quot]OrgAbuseRef: https://rdap.arin.net/registry/entity/NAPO-ARIN[/FONT]
     
    Top Bottom