[GTALUG] blackmail

Karen Lewellen klewellen at shellworld.net
Sat Aug 4 12:42:32 EDT 2018 

Hope this helps you feel better, or gives you a giggle.
I got the same e-mail, referencing an old password.  Likewise the claim 
that they have video footage  from my computer cameras save that I do not 
have computer cameras, and I use dos, and I experience blindness so unless 
that adult site they claim I visited came with audio descriptions...well.
I promised to pay them after they shared my story with the New York Times.
Kare



On Sat, 4 Aug 2018, Mauro Souza via talk wrote:

> Don't worry about this kind of email. It's a know scam.
>
> It's very easy to get hand of a stolen password database, and as most
> people only have one or two passwords, claim you hacked them and have
> compromising info. But they don't have, don't worry.
>
> On Aug 4, 2018 09:10, "Giles Orr via talk" <talk at gtalug.org> wrote:
>
> On 4 August 2018 at 04:47, D. Hugh Redelmeier via talk <talk at gtalug.org>
> wrote:
>
>> I received a blackmail message by email.  It claimed that they hacked my
>> system and had compromising videos from my computer's camera.
>>
>> As proof, they gave me what they claimed was my password.  But I only used
>> that password on two sites: canadacomputers.com and
>> xpresscanada.com (a long-dead Canada Computers site).
>>
>> So I'm not worried.
>>
>> I informed CC about three weeks ago.  They seemed to ignore the
>> report.  I phoned again two weeks ago, and they were interested.  I
>> told them if I didn't hear that they'd informed their customers that
>> I'd publicize this security breach.
>>
>> I've heard nothing else.  So I presume that they have not announced it
>> to their customers.
>>
>> Today I got another blackmail message with the same password.
>>
>> What do you think that I should do?
>>
>> PS: my password is a random string generated by mkpasswd(1) so it would
>> not have been discovered by an online exhaustive search.  They most likely
>> filched the password file from CC.
>>
>> PPS: I'm glad that I don't reuse passwords!
>>
>
> Someone at work got a similar email claiming that the emailer had
> compromising video footage (it was a work account - no cams and very
> improbable anyway).  It demanded bitcoin and gave a hash to deliver it to.
> But it didn't show a password, so yours is a somewhat nastier and more
> effective variant.  Ours claimed to have footage of the person's
> "senescence."  OMG - you caught me aging?!  (Okay, not quite what it means.)
>
> As for the password thing ...  I really haven't figured out what best
> practice is on time between notification-of-breach to public reveal.  (I
> went after the Science Centre about their use of SSL2 on their website -
> where they take people's credit cards - so I have had a peripherally
> related experience with problem/notification/reveal
> https://www.gilesorr.com/blog/science-centre-ssl.html ).  I'd say a month?
> But I'd probably start the clock from your three weeks ago email.  Although
> if you didn't tell them _when_ you were going to reveal, that's not totally
> fair.  But it's also weighed against the public damage that's arguably
> being caused by these emails.
>
> The Canada Computers password database breach could have been years ago.
> But if it was, did they make that known?  Did they even know?  <sigh>
>
> P.S. And I'm glad I've never purchased from their website, only their
> stores.
>
>
> -- 
> Giles
> https://www.gilesorr.com/
> gilesorr at gmail.com
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>

More information about the talk mailing list