Solved I just got hacked and they are now trying to extort me

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
I would like to tell you all about it. But I am not sure where I should post that. I'm afraid it's been a long time since I have posted to this forum (before today, that is).

Can anyone tell me where I should post the info about how I got hacked and what how they are trying to extort me now?
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
Here is some info on how I was hacked and the extortion letter they sent me.

I have never used this part of the board before and so I may not be posting this in the best place. Can anyone tell me if this board already has some suggestions for how you can avoid getting hacked or having your identity stolen?

I have learned some very valuable lessons about email hacks today and I will tell you a few of them near the end of this post. But I fear this board may already have a place for these kinds of FAQs or helpful hints. Can anyone tell me that? OK. Here is the text explaining about my hack and extortion attempt.
-------------------------------------------------------------------------------------------------------------------
I have about 20 or 30 different email accounts. I hope it's not important for me to explain just why I have so many. But that seems to have protected me from a serious attempt at extortion that happened to me today.

Briefly, I will say that I used to enter contests where people had to send some email with an answer to some questions and the winner would get something that usually was valued around $50 but the grand prize could be worth as much as $1000.

Anyway, I used one of my email accounts to make an appointment with a professional and then I got an email from this fictitious name saying, words to the effect, "I know the password to some of your email accounts and if you don't send me $1000.00, I will send all the filthy porn videos you have watched to all the people in your Contacts list.

They went on to explain how they got my passwords. They said they used a key logger and ... well ... maybe I should just show you the email they sent me. It does not have any of my personal info on it and I would guess that any of their personal info is just phony. So, I will go copy it and paste it here for you to see what they said.

I have included a personal note from me in between two lines of asterisks.
I'm curious about the odd amount though. $1042? What is that about?

I will paste the actual email they sent (with some sensitive info XXXXXX'd out) at the very end of this post - after the double line of dashes.

I almost never watch any porn or anything like that and the last time I did anything even remotely like that was maybe ten years ago.

So I know they probably just send the same email to everyone they hack and they just pick the most likely activity in which people engage and that would embarrass them if was made known to their contacts.
I would gess they would get lucky - meaning they would send this email to someone who really did watch or download porn and who really would be embarrassed if they sent that stuff to all of their contacts.

But there are several real dangers and lessons that I have learned from this.

1) I must never keep any email lying around in any of my folders - especially if it contains any personal info (like name, address and phone). More especially if it has any banking info like account numbers and passwords.

2) I must never do business with any people or companies that put any of my personal info in the email they send me.
For example, if your bank sends you email that shows you the status of your accounts and your name, address, account numbers, etc. that is just deadly!
Anyone who uses a key logger to hack email accounts can just go into your email account and read the info the bank has sent you.

Banks or any other company or corporation that sends you email containing any of your personal info is doing something terrible and I would tell them why it is so terrible and not to do it anymore. But then I would never accept any more email from them

OK. So, how did having many email accounts protect me today?
Well, they only hacked into one of my email accounts and I had lots of other info in other accounts which I have now deleted.

So, they never got to see any of the info in any of my other accounts. I know this is not some clever technique to recommend people use. It's more like a fluke that just happened to operate in my favour but it could easily have gone the other way.
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
From:
XXX XXX <[email protected]>

I know xxxxxx is one of your password on day of hack..
Lets get directly to the point.
Not one person has paid me to check about you.
You do not know me and you're probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
******************************************************************************************************************************************************************
(NOTE: I have never used FB and I have no web cam) So I think they just send this same email to all the people they have hacked
******************************************************************************************************************************************************************
Best solution would be to pay me $1042.
We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.
My -BTC -address: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[case SeNSiTiVe, copy & paste it]
You could go on your life like this never happened and you will not ever hear back again from me.
You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).
if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.
I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.
if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.
Nevertheless, if i do get paid, i will destroy the recording immediately.
If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.
it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message.
I know XXXXXXXXXX is one of your password on day of hack..
Lets get directly to the point. Not one person has paid me to check about you.
You do not know me and you're probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
 
Joined
Jul 24, 2015
Messages
2,795
I don't think you've been hacked; rather, this is an attempt at a scam. It written deliberately to scare you into complying with them. The fact you don't use FB and don't have a webcam means it is, as you surmised, they are sending this out to multiple people. Nevertheless, multiple people who were not hacked.
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
Lochlomonder.

But they started their email with my real password. They got that correct. I think you may be correct. I really don't know much about hacks and scams. But how would they have gotten my reals PW if they never hacked me? I have never given it to anyone.
 
Joined
Mar 2, 2019
Messages
1,263
But how would they have gotten my reals PW if they never hacked me?
You might have downloaded keylogger via warez software etc. or something similar that sent your PW to them, but otherwise they don't have access to your machine.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,504
It's a total scam. I got one of those phony emails too. It had one of my old passwords listed. How they got it was due to some online sites which I have an account being hacked. That's how they got my password and not from any keylogger or malware injected on my computer. I also know this to be the case as I have a security tool that scrubs my laptop back to a pristine baseline every time I reboot it.

But what little details you posted about your Internet activities with these email contacts is more concerning.
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
You might have downloaded keylogger via warez software etc. or something similar that sent your PW to them, but otherwise they don't have access to your machine.
Thank you for that info. But I can tell you one thing that I think means that is not what happened.
The password they showed me is one that I have not used in at least 4 years. So they must have gotten it some other way.
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
It's a total scam. I got one of those phony emails too. It had one of my old passwords listed. How they got it was due to some online sites which I have an account being hacked. That's how they got my password and not from any keylogger or malware injected on my computer. I also know this to be the case as I have a security tool that scrubs my laptop back to a pristine baseline every time I reboot it.

But what little details you posted about your Internet activities with these email contacts is more concerning.
That sounds exactly right. They must have gotten my pw in the way you said.

But can you tell me what you mean by "more concerning"? Why is this more concerning and what should I do?

You know, when they started talking about the way in which they got it, I smelled a rat because why would they ever tell me all that crap unless they wanted to divert my attention. It's like they say about magic tricks. The magician gets you to look at something and while you are looking there, he does something in a different location so you are not paying attention and you don't see what he really did. I forget the word they use to describe that .... Here is a description. The word I was looking for is "misdirection".
-------------------------------------------------------------------------------------------------------
How do magicians make things disappear?
Misdirection

But how do magicians manage to hide even large objects without being noticed? The secret is called misdirection. For instance, the magician requires the public to look at a blank paper, while using their other hand to hide or make appear another object.Aug 2, 2017
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
It's a total scam. I got one of those phony emails too. It had one of my old passwords listed. How they got it was due to some online sites which I have an account being hacked. That's how they got my password and not from any keylogger or malware injected on my computer. I also know this to be the case as I have a security tool that scrubs my laptop back to a pristine baseline every time I reboot it.

But what little details you posted about your Internet activities with these email contacts is more concerning.
Oh. I see what you mean. That was all a total scam too. I had no email contacts. That is just an element of the scam. They send that email to say 1,000 people and they can expect that ten percent will have all the things they spoke of. So, they have a good chance that 100 people will reply and a percentage of them may pay. I wouldn't pay them anything. I am going to report them to the police.

In Canada we have an Anti-Fraud Centre here:
https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
Zx10guy is correct. They generally get passwords from security breaches on sites that have that information and it could even be financial institutions, government or any other site you log in to. You can find out if it that password has been exposed by a breach by using the following website:

https://haveibeenpwned.com/Passwords
 

Wallenberg

Thread Starter
Joined
Jan 23, 2006
Messages
533
You're welcome.
Well, I am Canadian and we are very polite, you know. I would never rush you like your warning message says:

I have a lot of patience but I don't have any patience for people who are impatient.
Don't ask me to do two things at once. I have enough trouble doing one thing at once.

Just kidding. I hope that is OK.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
It's not a warning message it's a signature. 😉
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top