[GTALUG] blackmail
Karen Lewellen
klewellen at shellworld.net
Sat Aug 4 12:42:32 EDT 2018
Hope this helps you feel better, or gives you a giggle.
I got the same e-mail, referencing an old password. Likewise the claim
that they have video footage from my computer cameras save that I do not
have computer cameras, and I use dos, and I experience blindness so unless
that adult site they claim I visited came with audio descriptions...well.
I promised to pay them after they shared my story with the New York Times.
Kare
On Sat, 4 Aug 2018, Mauro Souza via talk wrote:
> Don't worry about this kind of email. It's a know scam.
>
> It's very easy to get hand of a stolen password database, and as most
> people only have one or two passwords, claim you hacked them and have
> compromising info. But they don't have, don't worry.
>
> On Aug 4, 2018 09:10, "Giles Orr via talk" <talk at gtalug.org> wrote:
>
> On 4 August 2018 at 04:47, D. Hugh Redelmeier via talk <talk at gtalug.org>
> wrote:
>
>> I received a blackmail message by email. It claimed that they hacked my
>> system and had compromising videos from my computer's camera.
>>
>> As proof, they gave me what they claimed was my password. But I only used
>> that password on two sites: canadacomputers.com and
>> xpresscanada.com (a long-dead Canada Computers site).
>>
>> So I'm not worried.
>>
>> I informed CC about three weeks ago. They seemed to ignore the
>> report. I phoned again two weeks ago, and they were interested. I
>> told them if I didn't hear that they'd informed their customers that
>> I'd publicize this security breach.
>>
>> I've heard nothing else. So I presume that they have not announced it
>> to their customers.
>>
>> Today I got another blackmail message with the same password.
>>
>> What do you think that I should do?
>>
>> PS: my password is a random string generated by mkpasswd(1) so it would
>> not have been discovered by an online exhaustive search. They most likely
>> filched the password file from CC.
>>
>> PPS: I'm glad that I don't reuse passwords!
>>
>
> Someone at work got a similar email claiming that the emailer had
> compromising video footage (it was a work account - no cams and very
> improbable anyway). It demanded bitcoin and gave a hash to deliver it to.
> But it didn't show a password, so yours is a somewhat nastier and more
> effective variant. Ours claimed to have footage of the person's
> "senescence." OMG - you caught me aging?! (Okay, not quite what it means.)
>
> As for the password thing ... I really haven't figured out what best
> practice is on time between notification-of-breach to public reveal. (I
> went after the Science Centre about their use of SSL2 on their website -
> where they take people's credit cards - so I have had a peripherally
> related experience with problem/notification/reveal
> https://www.gilesorr.com/blog/science-centre-ssl.html ). I'd say a month?
> But I'd probably start the clock from your three weeks ago email. Although
> if you didn't tell them _when_ you were going to reveal, that's not totally
> fair. But it's also weighed against the public damage that's arguably
> being caused by these emails.
>
> The Canada Computers password database breach could have been years ago.
> But if it was, did they make that known? Did they even know? <sigh>
>
> P.S. And I'm glad I've never purchased from their website, only their
> stores.
>
>
> --
> Giles
> https://www.gilesorr.com/
> gilesorr at gmail.com
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
More information about the talk
mailing list