on 15-11-2018 9:00 AM - last edited on 15-11-2018 9:25 AM by dvorak
I'm not sure if this is the correct forum. Couldn't find one about security. I received this email this morning. I don't use a CISCO router! Any advice please.
Security Alert. You account has been hacked. Password must be need changed. (your password:charlie) (Contains malware Sanesecurity.Phishing.Fake.Coin.27439.UNOFFICIAL)
Dear user of *********.com!
I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account********@********.com: ******** (on moment of hack).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $833 to my Bitcoin cryptocurrency wallet:********
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Moderator's note by Adie (Dvorak) removed personal info and bitcoin address from scam email copy
Fixed! Go to the fix.
15-11-2018 9:07 AM - edited 15-11-2018 9:09 AM
I am pretty certain (i.e. 99.9% reoccuring) this is a scam. So don't worry about anything.
My advice is to do nothing and don't worry about it, it is a bit more creative than the usual scams and a bit more original.
Adult sites? That could cover absolutely anything.
He got your router wrong but somehow thinks he knows your password? Likely a password from a stolen database (it happens)
He thinks you have a camera on your computer but this is also a sweeping statement as most laptops do have cameras but desktops do not (generally speaking).
The email is trying to play up to its victims fears, it is likely it was sent out to 1000's of emails from a database of stolen data.
Personally, what I would do is firstly check my email address against this website: https://haveibeenpwned.com/ it will tell you if your email address and password has been involved in any security breaches.
Next, I would change all of my passwords using a password manager like lastpass https://www.lastpass.com/ it offers a simple way to managing all of your passwords as these days it is not very secure to use the same password on multiple accounts. Lastpass simplifies this.
I would also completely ignore the email you received, don't even respond and don't like any links.
I hope my advice helps in some way!
100% agree what you said @jaread83
I hardly use a laptop, I use a desktop Mac and a PC, my laptop is a bit broken and I never use that either.
I don't even own a webcam so good luck in finding photos of me on that.
It's good people have posted that (and thanks both on the threads I replied to) and I hope the people aren't too stressed over the scammers.
Also it'll help PlusNet CS, as they'll know this one is doing the rounds so no doubt people will call in and ask the same questions a bit concerned so they'll know.
I get several of those a day to my email address, you account details where probably taken from some website hack in the past.
Best advice ignore them and if you still use that password anywhere change it.
15-11-2018 12:07 PM - edited 15-11-2018 12:19 PM
Yep I use a different password for each site, so for example my PlusNet password is not used anywhere else.
Then you need to spend an hour or so and create an Excel spreadsheet of each one. Yes it is a pain and a bit of admin. Mine is just "Company", "Username" and of course password.
Works for me, and I must have about a dozen different ones.
EDIT: Subject to password policy - if you want a really secure one you could try:
I just got: 3ce914c8-810a-4de9-97f1-d785a1246b28
Note to hackers: Nope it isn't my password, so don't bother trying.
Note to anyone else: Unless your memory is better than mine (which is possible), you would need to keep a record of that
I guess we all have our favourites. Mine is Keypass, which can be installed on a USB memory stick so that not even encrypted passwords are kept on your computer.
See what you mean @Mook
Yes I was being sarcastic about GUID's of course.
Me personally, instead of paying I'd rather do the job myself and keep a simple Excel sheet - I don't know why you'd need to pay a company to do a (reality) easy task.