Is this ransom Phishing? Malware attack email question Mac OS 10.14
October 29, 2018 9:31 PM Subscribe
So I got an email yesterday that had a header of "You are now my victim" and went on to tell me that a porno website I had visited was infected with malware and they downloaded my contact list and will send it out to everyone if I don't comply with an 850 Euro payment through bitcoin (with a wallet sequence) within 30 hours.
They said that they downloaded my entire contact list and have commandeered my camera and have screen grabs of me watching porn.
The thing is that I have only watched from my phone and not my computer and never click on any link in emails on any devices. They said that I have 30 hours from the time of opening the email (which they say they can see) and that if I need to extend it to 48 hours I can open the calculator and hit +++ I have not done this "open calculator" thing because A. It seems silly and B. It also seems smart to be careful.
Furthermore, the email that it was sent to was my business email and not my mac email. It seems like if they had taken over it would have been my mac email.
This seems not in line with what I do and how I do it on my computer. How seriously should I take this? It seems like the worst they could do is release the browser history unless they really have commandeered my phone's camera, but even then it wouldn't show much - Aside from phone viewing a couple of times a week I'm actually pretty boring.
Is this just a "well, we'll give it a try and see if they bite!" kind of thing? The way I use my computer it seems strange and a little phish-y, but I'd like to know at least what I should prepare myself for in the next couple of days, as I could never come up with the ability to pay that much in Euros through bitcoin in even 2 months, much less two days.
They said that they downloaded my entire contact list and have commandeered my camera and have screen grabs of me watching porn.
The thing is that I have only watched from my phone and not my computer and never click on any link in emails on any devices. They said that I have 30 hours from the time of opening the email (which they say they can see) and that if I need to extend it to 48 hours I can open the calculator and hit +++ I have not done this "open calculator" thing because A. It seems silly and B. It also seems smart to be careful.
Furthermore, the email that it was sent to was my business email and not my mac email. It seems like if they had taken over it would have been my mac email.
This seems not in line with what I do and how I do it on my computer. How seriously should I take this? It seems like the worst they could do is release the browser history unless they really have commandeered my phone's camera, but even then it wouldn't show much - Aside from phone viewing a couple of times a week I'm actually pretty boring.
Is this just a "well, we'll give it a try and see if they bite!" kind of thing? The way I use my computer it seems strange and a little phish-y, but I'd like to know at least what I should prepare myself for in the next couple of days, as I could never come up with the ability to pay that much in Euros through bitcoin in even 2 months, much less two days.
What to do if you get the latest phishing spam demanding Bitcoin. (It's going around.)
posted by wintersweet at 9:35 PM on October 29, 2018 [5 favorites]
posted by wintersweet at 9:35 PM on October 29, 2018 [5 favorites]
For what it’s worth, I got a similar email, and I have a piece of tape over my webcam and don’t watch porn. I think you can safely ignore it.
posted by ArbitraryAndCapricious at 9:36 PM on October 29, 2018 [6 favorites]
posted by ArbitraryAndCapricious at 9:36 PM on October 29, 2018 [6 favorites]
Seems to be going around. I'll bet the wording in these examples sounds familiar:
Reddit
Gizmodo
Hidebox
etc.
posted by mumkin at 9:39 PM on October 29, 2018 [1 favorite]
Gizmodo
Hidebox
etc.
posted by mumkin at 9:39 PM on October 29, 2018 [1 favorite]
I have received this and ignored it without repercussions.
Just phishing.
posted by pompomtom at 9:45 PM on October 29, 2018
Just phishing.
posted by pompomtom at 9:45 PM on October 29, 2018
Yeah, a friend of mine who doesn't use porn websites got this exact message too, ignored it, and nothing bad happened.
posted by centrifugal at 10:05 PM on October 29, 2018 [2 favorites]
posted by centrifugal at 10:05 PM on October 29, 2018 [2 favorites]
Oh my God I get these all the time. My response is always "From what year? Was I still skinny? Because I will 100% pay you to release that footage if so."
There is no footage.
posted by DarlingBri at 3:26 AM on October 30, 2018 [19 favorites]
There is no footage.
posted by DarlingBri at 3:26 AM on October 30, 2018 [19 favorites]
My GMail spam folder has about 50-60 of these emails in it. Just make sure the leaked passwords you may have used are all changed.
posted by JoeZydeco at 4:18 AM on October 30, 2018 [1 favorite]
posted by JoeZydeco at 4:18 AM on October 30, 2018 [1 favorite]
I got that email and I use an old PC running Linux that doesn't have a webcam.
posted by COD at 4:46 AM on October 30, 2018 [1 favorite]
posted by COD at 4:46 AM on October 30, 2018 [1 favorite]
Because I will 100% pay you to release that footage if so."
Ah, the Sukarno defence.
posted by Stoneshop at 5:07 AM on October 30, 2018 [6 favorites]
Ah, the Sukarno defence.
posted by Stoneshop at 5:07 AM on October 30, 2018 [6 favorites]
As everyone else has said - this is a phishing email literally sent to millions of email addresses, and there is no footage. Delete.
posted by Seeking Direction at 5:43 AM on October 30, 2018
posted by Seeking Direction at 5:43 AM on October 30, 2018
We have a generic office email address at work that doesn't belong to anybody in particular, and it's gotten that email 3 times in the last couple of months. Did yours use the word "onanism"? Because I was so impressed the phisher knew that word.
posted by JanetLand at 5:56 AM on October 30, 2018 [1 favorite]
posted by JanetLand at 5:56 AM on October 30, 2018 [1 favorite]
Ignore it; it's a scam, but this is also a teachable moment.
It sounds like you didn't get the even more nefarious one that includes a password you've actually used; that one, I suspect, has been pretty successful, because it's amazingly scary to see in a nefarious phishing mail.
I got one. It freaked me out, too, even though I'm very net-savvy, don't watch porn, and have had duct tape over my cam for years.
But then I realized what was going on. The attempt is actually pretty damn clever.
Over the years, many sites have been caught out as having really shitty security -- first, by having a userlist leaked, and second, by having that userlist include plaintext passwords which never should have been stored in the clear in the first place.
Sure, some folks use a garbage or dummy password for low-value sites (like, to comment at a blog network), but many, many more reuse passwords indiscriminately. (This leads to all kinds of badness; don't do that.)
So now the bad guys have your email ("puffball@well.com") and your password ("foobar"), and they can bet you used that password in a bunch of places. So they send you a mail threatening exposure for your wanking habits, and that email includes a password you've used, which is just enough verisimilitude to send folks around the bend in a panic.
I would bet folding money these folks hooked MANY people with this version of the scam.
The thing is, though, it went so far and wide that it got covered by the tech press, so hopefully folks now understand how dangerous password re-use can be. Before, it was the occasional account hijack at Twitter, or the loss of your domain control because you used that password at GoDaddy, too. But it was single events, not a cultural moment.
The pornspam attempt is big enough that I really hope folks "get it" now.
Anyway, tl;dr is yeah, ignore it. But also: DO NOT REUSE PASSWORDS.
posted by uberchet at 6:07 AM on October 30, 2018 [4 favorites]
It sounds like you didn't get the even more nefarious one that includes a password you've actually used; that one, I suspect, has been pretty successful, because it's amazingly scary to see in a nefarious phishing mail.
I got one. It freaked me out, too, even though I'm very net-savvy, don't watch porn, and have had duct tape over my cam for years.
But then I realized what was going on. The attempt is actually pretty damn clever.
Over the years, many sites have been caught out as having really shitty security -- first, by having a userlist leaked, and second, by having that userlist include plaintext passwords which never should have been stored in the clear in the first place.
Sure, some folks use a garbage or dummy password for low-value sites (like, to comment at a blog network), but many, many more reuse passwords indiscriminately. (This leads to all kinds of badness; don't do that.)
So now the bad guys have your email ("puffball@well.com") and your password ("foobar"), and they can bet you used that password in a bunch of places. So they send you a mail threatening exposure for your wanking habits, and that email includes a password you've used, which is just enough verisimilitude to send folks around the bend in a panic.
I would bet folding money these folks hooked MANY people with this version of the scam.
The thing is, though, it went so far and wide that it got covered by the tech press, so hopefully folks now understand how dangerous password re-use can be. Before, it was the occasional account hijack at Twitter, or the loss of your domain control because you used that password at GoDaddy, too. But it was single events, not a cultural moment.
The pornspam attempt is big enough that I really hope folks "get it" now.
Anyway, tl;dr is yeah, ignore it. But also: DO NOT REUSE PASSWORDS.
posted by uberchet at 6:07 AM on October 30, 2018 [4 favorites]
I got that one at work, as did many of my colleagues. Our IT Department had to send around an email about it because people were freaking out (which kinda makes we wonder WTF some of my colleagues are doing at work, but anyway).
posted by holborne at 6:57 AM on October 30, 2018 [3 favorites]
posted by holborne at 6:57 AM on October 30, 2018 [3 favorites]
I've received several of those, at an address I rarely use. The messages mention as "proof" a password I used to use with that email account, but changed long ago. I don't have a webcam.
I'd like to do something to toy with these scammers, but I have television to watch and naps to take.
posted by Devoidoid at 8:41 AM on October 30, 2018 [1 favorite]
I'd like to do something to toy with these scammers, but I have television to watch and naps to take.
posted by Devoidoid at 8:41 AM on October 30, 2018 [1 favorite]
Got this 2x and ignored it. Wouldn't have even seen it if I didn't review my spam folder before deleting it. Same things being described above. Told me it had a password, but it wasn't a password I have used in ages, and as far as I can tell only used on a Wordpress install. I checked all my passwords and accounts and none used the password.
The 48 hour deadline came and went a week ago and no sign of the world ending.
posted by terrapin at 9:01 AM on October 30, 2018
The 48 hour deadline came and went a week ago and no sign of the world ending.
posted by terrapin at 9:01 AM on October 30, 2018
These emails often include an account password of yours as “proof” you’re been hacked. Hackers often get these from mass dumps of user accounts after a high profile service has been hacked, e.g. Google Plus recently.
If so make sure you change that password. Also check you have not reused that password anywhere and change it elsewhere if so. The Safari “Passwords” pane in its settings window helpfully labels reused passwords with a warning icon.
Also, this is not phishing. It’s extortion under false pretenses. Phishing is impersonation in order to steal your password or get you to install malware.
posted by w0mbat at 10:02 AM on October 30, 2018 [1 favorite]
If so make sure you change that password. Also check you have not reused that password anywhere and change it elsewhere if so. The Safari “Passwords” pane in its settings window helpfully labels reused passwords with a warning icon.
Also, this is not phishing. It’s extortion under false pretenses. Phishing is impersonation in order to steal your password or get you to install malware.
posted by w0mbat at 10:02 AM on October 30, 2018 [1 favorite]
Also, go sign up to Have I been Pwned
This service checks all the big hacker dumps of leaked passwords and warns you if your email address comes up.
It almost certainly will. Don't worry about it, just make sure you change any passwords you care about regularly and preferably don't reuse them.
4
Another trick that this scam used to use (might still use) is to say "Hey your phone number is 0788 XXXXXX 74" (with the X's in usually.) I was pretty creeped out by that. But the thing to remember is that they're not obfuscating your phone number for your benefit. They don't have your phone number. But they've done the first half of an account recovery somewhere and copied the obfuscated number from that.
posted by Just this guy, y'know at 10:21 AM on October 30, 2018 [2 favorites]
This service checks all the big hacker dumps of leaked passwords and warns you if your email address comes up.
It almost certainly will. Don't worry about it, just make sure you change any passwords you care about regularly and preferably don't reuse them.
4
Another trick that this scam used to use (might still use) is to say "Hey your phone number is 0788 XXXXXX 74" (with the X's in usually.) I was pretty creeped out by that. But the thing to remember is that they're not obfuscating your phone number for your benefit. They don't have your phone number. But they've done the first half of an account recovery somewhere and copied the obfuscated number from that.
posted by Just this guy, y'know at 10:21 AM on October 30, 2018 [2 favorites]
It’s definitely phishing, but if you’re feeling extra paranoid tell them you’ll comply only if they send a copy of all the data to you right now. If they’re legitimately trying to blackmail you that does them no harm, but more likely you’ll never hear from them again.
posted by Tell Me No Lies at 4:16 PM on October 30, 2018
posted by Tell Me No Lies at 4:16 PM on October 30, 2018
tell them you’ll comply only
Never reply to a phisher - you have now confirmed you still exist at that email.
posted by jkaczor at 5:55 AM on January 29, 2019 [1 favorite]
Never reply to a phisher - you have now confirmed you still exist at that email.
posted by jkaczor at 5:55 AM on January 29, 2019 [1 favorite]
This thread is closed to new comments.
If the servers were hacked, and you were a member that signed in etc, then maybe. But then how would they control your camera? Or doesn't make sense.
posted by smoke at 9:34 PM on October 29, 2018 [4 favorites]