Blackmail Email from Scammer

Phil the Brit · Apr 16, 2020

So guys, I need the help of anyone technical, I have received a blackmail email from someone to my email address. He wants £2000 in bitcoins to "go away".
The only thing I am concerned about is that he HAS learned one of my popular passwords. He has that correct.
Any suggestions? I am obviously not going to pay him but how did he get it? I only use the password he knows on websites like this one.

This is his email to me .......................

I do know, **, is your pass word.

I require your full attention for the upcoming Twenty-four hrs, or I will make sure you that you live out of shame for the rest of your life....

CatmanV2 · Apr 16, 2020

Yep your passwords have been dropped onto the dark web due to previous data leaks. However unless you've got an ENORMOUS cock the camera angles make the kind of video he's proposing unlikely

I get about 4 or 5 a week.

Delete the email, change the password on any accounts that come up here
https://haveibeenpwned.com/

And move on with your life

C

iainw · Apr 16, 2020

I have had similar in the past. Luckily there was no ‘self pleasure video footage’ . It’s all copy and paste ******** fishing obviously .it is worrying how this scum can find passwords though.
If At the moment all he can do is change your avatar on Sportsmaserati I wouldn’t worry.
I deleted the email and never heard anything back. I would suggest that’s the best option (but others on here may have more expert advice). I would only worry if he/she pushes back with specifics - but my
Hunch is to not engage as this has probably gone out to tens of thousands of email addresses

Felonious Crud · Apr 16, 2020

^^ Broadly in line with my thinking. Also, I'd assume that if he had any good shots of your ****-face then for added authenticity he'd have included a screen-grab of one.

Thoughts from the tech-security brains here on:

Accepting the auto-generated secure passwords instead of using something we have invented ourselves?
What about LastPass as a secure password tool?

Ewan · Apr 16, 2020

As above. We’ve received similar at work. They’ve been ignored and deleted, with passwords changed just as an additional precaution.

EnzoMC · Apr 16, 2020

as Mr C said ignore and delete.
we had a few of these from users however a strange few had the bios pwds. I'm not sure how these got out? clever but a scam.

MarkMas · Apr 16, 2020

Just a scam, using the fact that a low-importance password has been exposed (or guessed) to try to trick you into thinking that your camera has been compromised. Change that password in each place it was used to something new and unique. Also, stick a Post-It note over your camera when doing "your self pleasure act" for peace of mind.

hunta · Apr 16, 2020

I started using LastPass a few years ago after realising my Netflix account was being used by sometime in the Netherlands, and that I was using the same password across too many sites.

You just need to remember one password to access your vault (so make it a good one!) and it'll auto-generate strong passwords for you and populate log in details as you browse, so you never even need to know what they are. It's not perfect and it takes a little effort to maintain but it's free and a good jump up in terms of security.

It helps if you use in conjunction with the LastPass Chrome add-in and Android / iPhone apps.

#1 Password Manager & Vault App with Single-Sign On & MFA Solutions - LastPass

Go beyond saving passwords with the best password manager! Generate strong passwords and store them in a secure vault. Now with single-sign on (SSO) and adaptive MFA solutions that integrate with over 1,200 apps.

www.lastpass.com

empzb · Apr 16, 2020

I get loads. They are welcome to broadcast them for all I care

outrun · Apr 16, 2020

I've had these too. Luckily I have a cover on my laptop camera! And obviously, I have never visited an illicit site. Clearly. Definitely never. I mean, seriously, I haven't.

The clue when I first received one was that the password was one I'd stopped using years ago so the breached data they have accessed is certainly very old.

Upon searching as Catman suggests, my data was likely stolen from either LinkedIn or the MGM Grand hotel in Las Vegas.

lozcb · Apr 16, 2020

empzb said:
I get loads. They are welcome to broadcast them for all I care

Ok flash ................big nob then

IanU · Apr 16, 2020

Yep I've had similar quite a few times. My camera is covered all the time anyway so I knew they were bluffing. Ignore, delete, added address to blocked list. Job done

midlifecrisis · Apr 16, 2020

Just checked the pwned webiste and found that a couple of email accounts have been compromised by Linkedin and dropbox, so I've changed my passwords to Google's 'strong' password suggestion. How secure are they?

empzb · Apr 16, 2020

lozcb said:
Ok flash ................big nob then

Only if you class my wife calling me a 'massive *****' from time to time.

linescanner · Apr 16, 2020

Lastpass with 2FA is a good option. I use Yubikey for the 2nd layer of security. Goole Authenticator is also a decent option for 2nd factor.

lozcb · Apr 16, 2020

linescanner said:
Lastpass with 2FA is a good option. I use Yubikey for the 2nd layer of security. Goole Authenticator is also a decent option for 2nd factor.

There you go lads, another new business enterprise , and a good reason to bring back **** mags .........................just subscribe here with your full name and address and a postal order....................................and i'll come back to haunt you in a year or two

midlifecrisis · Apr 16, 2020

lozcb said:
There you go lads, another new business enterprise , and a good reason to bring back **** mags

Jazz?

Felonious Crud · Apr 16, 2020

midlifecrisis said:
Jazz?

****

CatmanV2 · Apr 16, 2020

EnzoMC said:
as Mr C said ignore and delete.
we had a few of these from users however a strange few had the bios pwds. I'm not sure how these got out? clever but a scam.

Pounds to pence they're shared with other accounts that got leaked

C

CatmanV2 · Apr 16, 2020

Felonious Crud said:
^^ Broadly in line with my thinking. Also, I'd assume that if he had any good shots of your ****-face then for added authenticity he'd have included a screen-grab of one.

Thoughts from the tech-security brains here on:

Accepting the auto-generated secure passwords instead of using something we have invented ourselves?

What about LastPass as a secure password tool?

Autogenerated are typically way more secure. But try to remember them! Not much wrong with LastPass AFAIK I have OneSafe.
There's lots of stuff on google about how to make up easily remembered passwords but, well certain values of 'easy'
The important thing is to make them long and use different types of characters.

C

Blackmail Email from Scammer

Member

Member

Member

Administrator

Member

Member

Chief pedant

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Administrator

Member

Member