Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

britbolton1 · ‎21-08-2021

I have just received an email (sent from my email account) quoting my email account and password and demanding a sum of money to stop disseminating my contacts, emails etc. The worrying thing is that it came from my email and quoted the correct password.

Has anyone come across this SQL-INJ vulnerability and is there a work around?

Bogbody · ‎23-02-2020

Change your email password immeadiatly ......
and tell them to Foxtrot Oscar .......

Mook · ‎27-12-2019

It my appear to come from your own account but if you check it the email should be in your own sent folder, is this the case?

How do you know this is a SQL Injection attack and not caused by a lack of security elsewhere?

Den1 · ‎24-10-2013

Change password immediately and on any other account that use the same password also use, https://haveibeenpwned.com/ too see if its been exposed else ware

britbolton · ‎07-03-2019

The email sender was my address but I've checked my Sent emails and it is not there. Re "how do I know it is an SQL-INJ". Only from what the email said "I want to inform you, using a discovered vulnerability sql-inj on the imap.plus.net control of the site was seized by me ".

I've changed my password for the account.

Mook · ‎27-12-2019

@britbolton As it wasn't in your Sent folder then I doubt it was sent from your account. The references to SQL Injection were, I suspect, there to convince you of the legitimacy of the possibility should you search the subject. By far the best proof your account's been compromised would be to send it direct from your account and leave it in the Sent folder.

Anonymous · ‎22-08-2021

@britbolton wrote:

I've changed my password for the account.

Does your email account provider have/use two factor authentication if it has I would set it up.

If not I would change to an email provider who uses two factor authentication as an extra layer of security a pain some times but well worth using.

HD

britbolton · ‎07-03-2019

My email provided is Plusnet. I can't find any info as to whether Plusnet provides TFA. Do you know?

jab1 · ‎24-02-2012

@britbolton I don't think they do - but I could be wrong.

John

Anonymous · ‎22-08-2021

I think John is right and the storage is very low

GMail has 15GB of storage and TFA and if you change provider you don't have to mess about with the email address

I know they look at your account but I do nothing I shouldn't

HD

Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system