EMAIL FROM HACKER - ADVICE NEEDED

[Expat]

If that is the correct IP address, nmap shows it is a linux box.

 

[rhino]

If that is the correct IP address, nmap shows it is a linux box.

Is it likely to be someone else's computer?

 

[KG1]

I looked back in my spam folder and it looks like I originally got one about 2 weeks ago on the 1st. Same thing as the one I just received on the 8th with the threat to send compromising info to my contacts and or my device will be locked if I don't send payment within 48 hrs. Nothing happened 2 weeks ago and still nothing yet.

 

[rhino]

I looked back in my spam folder and it looks like I originally got one about 2 weeks ago on the 1st. Same thing as the one I just received on the 8th with the threat to send compromising info to my contacts and or my device will be locked if I don't send payment within 48 hrs. Nothing happened 2 weeks ago and still nothing yet.

I wonder how many people will actually pay and remain silent about it? I'll bet they keep asking for more money each time someone pays.

I have a friend who fell for the IRS scam and transferred a LOT of money to the scammer before she realized what was happening. Most people in that position will be too embarrassed to admit that they fell for it, but I wish they would not. As the scams get more sophisticated, more sophisticated users will fall prey. Whenever I am in doubt, I ask for advice!

 

[printcraft]

I've gotten the same type of email before.

I replied with something to the effect of:
"GREAT that will save me so much time sending my contacts my dirty pictures, I don't know how to mass mail, thanks for your help."

 

[rhino]

I've gotten the same type of email before.

I replied with something to the effect of:
"GREAT that will save me so much time sending my contacts my dirty pictures, I don't know how to mass mail, thanks for your help."

I'm shocked by your deviation from expected behavioral patterns!

 

[KG1]

I'm shocked by your deviation from expected behavioral patterns!

In printcraft's case I would be more shocked if there was'nt a deviation.

 

[rhino]

In printcraft's case I would be more shocked if there was'nt a deviation.

His deviation from his normal deviation would be a non-deviation from the normal person's normal deviation!

 

[T.Lex]

... t-rex arms ....

Personal attack reported.

 

[ArcadiaGP]

Lot of these going around. Seeing a few people at work get them.

No real threat as long as you already changed your passwords.

It's rooted in the Yahoo hack

Senders are all over the place, VPN, etc

 

[edporch]

LET ME ADD that over weeks I keep getting these, it's just a spam email with my email address in the reply to.

They have no access to my computer or mail server.
THEY ARE ONLY relying on suckers who fall for their empty threats.

 

[squidvt]

I wonder how many people will actually pay and remain silent about it? I'll bet they keep asking for more money each time someone pays.

I have a friend who fell for the IRS scam and transferred a LOT of money to the scammer before she realized what was happening. Most people in that position will be too embarrassed to admit that they fell for it, but I wish they would not. As the scams get more sophisticated, more sophisticated users will fall prey. Whenever I am in doubt, I ask for advice!

These emails are just attempts to get you to send them money. It's a scam pure an simple.
The big thing to take from this is you should use different passwords for different sites. Use complex passwords.
The email is send from a computer that is infected with some kind of virus. There are hundreds of thousands of those out there. You can safely ignore it as long as a you have your computer updated and behind a firewall.

After the Facebook "Hack" I started getting these emails, with correct password to games that are linked to Facebook. Just goes to show you how little we should trust Facebook.

 

[KG1]

LET ME ADD that over weeks I keep getting these, it's just a spam email with my email address in the reply to.

They have no access to my computer or mail server.
THEY ARE ONLY relying on suckers who fall for their empty threats.

That's pretty much all they have proven to be at this point is empty threats. They keep giving the 48 hr. to respond ultimatum everytime and that deadline comes and goes without issue.

 

[Expat]

Is it likely to be someone else's computer?

I would send a copy of the email with all the headers to the abuse email address in my post. I doubt they will follow up but they might.

 

[edporch]

UPDATE.
I just got another variation of this email a few minutes ago.
I pasted it below.

AGAIN, nothing they claim matches.
It wasn't sent from my email server.
It's complete BS.

For example, I built my own OpenBSD 6.4 based router.
Nothing "Cisco" about , and nobody exploited it.

These emails are just spam emails sent in bulk, hoping that a few suckers fall for it.

"I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence (I sent
you this email from your account).

The hacking was carried out using a hardware vulnerability through which
you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit
there.
When you went online, my exploit downloaded my malicious code (rootkit) to
your device.
This is driver software, I constantly updated it, so your antivirus is
silent all time.

Since then I have been following you (I can connect to your device via the
VNC protocol).
That is, I can see absolutely everything that you do, view and download
your files and any data to yourself.
I also have access to the camera on your device, and I periodically take
photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the
entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update
passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from
everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty
person ...

I took photos and videos of your most passionate funs with adult content,
and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all
your contacts.

Transfer $800 to my Bitcoin cryptocurrency wallet:
19qL8vdRtk5xJcGNVk3WruuSyitVfSAy7f
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be
destroyed from my server, and the rootkit will be automatically removed
from your system.
Do not worry, I really will delete everything, since I am 'working' with
many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in
the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the
disk of your device will be formatted,
and from my server will automatically send email and sms to all your
contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my
server).

Good luck!"

 

[rhino]

Where is Brian Mills and his very special set of skills when we need him?

 

[epeery]

Pretty close to the email I got several weeks ago. Barely English, you're a pervert, 48 hours, bitcoin, e.t.c. just a scam.

Make sure you don't have the stolen password in use anywhere. I recommend using a password manager.

 

[edporch]

Pretty close to the email I got several weeks ago. Barely English, you're a pervert, 48 hours, bitcoin, e.t.c. just a scam.

Make sure you don't have the stolen password in use anywhere. I recommend using a password manager.

In my case, there is no stolen password.
They simply sent me an email, with my own email address as the return address, CLAIMING that means they hacked my password and sent it with my email account.
I built and run my own email server and I know they did nothing of the kind.

 

[Hop]

Chances are if it shows one of your former passwords that it actually came from a site you used that got hacked. Valid email addresses along with passwords get sold in bulk all the time. The "buyer" simply plugged in his list into a giant auto-emailer, spoofing the sender's name and blasted them all out to hundred if not thousands of people waiting for the suckers to reply.

We had a thread here not long ago that would search your email address to see if it had been posted for sale. I forget the website name. [edit, found it => https://haveibeenpwned.com/ ]

You can get some more info about where the email came from by plugging the email header into gmail:
https://toolbox.googleapps.com/apps/messageheader/

You can also manually enter the IP addresses you see in the header and find out what servers they went through:
https://www.ultratools.com/tools/ipWhoisLookupResult

 

[epeery]

In my case, there is no stolen password.
They simply sent me an email, with my own email address as the return address, CLAIMING that means they hacked my password and sent it with my email account.
I built and run my own email server and I know they did nothing of the kind.

Mine didn't have a PW either, I was just referring to the OP.