Blackmail / Extortion Email...

[Jazz01]

I received an email (went to spam) detailing a password I had for an email account. In this email I was requested to purchase bitcoin to the value of $1900 (which this person thinks is a fair price for not sending the "alleged videos of me" to all my contacts on Facebook / messenger / email and of course, they will delete EVERYTHING once they get payment). I think differently, I'm worth WAY more than 1900 dollars (I assume US $), or maybe my contacts, who the videos will be sent to, would pay more than $1900 to NOT receive them

Anyway, the password is a valid password but to a different email account (yahoo) - but none the less, I'm wondering how the beep, such made it from one email account to another and this request!

General advice welcomed please (no, I won't include you on the distribution list for the alleged video(s), if you do get any vids, then let me know, I'll start charging you!) - should this be reported officially to Gardaí? Should I use that old yahoo account again? Is my machine compromised?

I am VERY security aware in relation to any malware / software installs etc, but this is a bit more than just me getting a few million US Dollars off of someone in Nigeria who is trying to get out of their country and needs me to "hold their money" for them. I know Yahoo have been compromised in the past, and I did change my password after that on the account.

 

[lucky23]

This link could help https://www.eff.org/deeplinks/2018/...ou-get-latest-phishing-spam-demanding-bitcoin

 

[RedOnion]

Was it a password that you previously used on a LinkedIn account for example?

These type of emails are pretty common, where hacked lists are bought, and they send thousands of emails. Having a valid password for one of your accounts gets a lot of attention, especially when so many people reuse passwords across multiple accounts.

In future cover your camera while watching porn, and you'll have nothing to worry about!

 

[elcato]

Can you confirm ? They managed to get the password to your email account. They changed it so you cannot access it now. They want money to allow you to re-access the account or are they saying they will just delete the account when you pay up ?

 

[gipimann]

I got this a few months ago - same deal, password that had been used by me but not for the email account. I updated all my passwords and that was all I did. No videos, no further communication. I found out that the likely source of the email \password combination was the hacking of myfitnesspal.

 

[Jazz01]

They managed to get the password to your email account

It's a password to a current yahoo email account - one that is (very) rarely used. The email that I received was to another email account that I have. I assume my two accounts are linked.

They changed it so you cannot access it now. They want money to allow you to re-access the account or are they saying they will just delete the account when you pay up ?

I have not tried to access that Yahoo account (note they NEVER mentioned the yahoo account - but I recognise the password for that account - my email accounts all have different passwords)

In future cover your camera while watching porn, and you'll have nothing to worry about

Ha ha ha - thanks for that info - some wise words from an experienced person

I got this a few months ago - same deal, password that had been used by me but not for the email account.

thanks for this information. I am planning a full change of passwords across my on line accounts. I'll leave this yahoo to last and I'll try to delete it as it's serving no purpose at this stage.

Just wondering does this need to be reported to Gardai?

 

[EmmDee]

Obviously change all your passwords. Also, if you use same or similar passwords for other services, change them too - especially those linked to either of your emails. You might want to use something like LastPass to generate random passwords and as a password manager

You can use "haveIbeenpwned" to check if your emails have been included in any of the known breaches - it might give an idea of where it has been leaked. You can also set up alerts to notify you if your email does show up

You could inform the Gardaí - but in reality it will be untraceable. It won't do any harm and might keep them informed of what is circulating. But the likelihood, assuming you have any specific knowledge, this is one of those blanket scams like the Nigerian letters. They blast them out to hundreds of thousands and only need a tiny percentage to respond to make it worthwhile.

 

[elcato]

Why don't you just try and login and hit the forgot password if it fails ? They won't know the verification question I'm guessing even if yahoo were that elaborate back in the day.

 

[Jazz01]

Why don't you just try and login and hit the forgot password if it fails

I've now done that as part of changing all passwords across my online persona - password was still accepted & has been changed.

 

[Leo]

Just wondering does this need to be reported to Gardai?

You should report it, they may be unable to do much, but they may also surprise you. Regardless, the more reports they get of this activity the more likely they are to invest more resources.

This case emphasises the importance of using different passwords for every site you use, and not going back and reusing old ones. Yahoo email has been breached a number of times, the email addresses and passwords associated with those breaches and others are available on the dark web.

 

[Alkers86]

Check out this website, where you can see if your account has been breached:


You'd be amazed how often this happens and it highlights the need to change passwords regularly and not use teh same password for multiple accounts.

 

[Boyd]

This happened me last year, reported it to the cops. Never heard anything afterwards but felt a bit better after reporting it. It is very unnerving, even if you know it's total nonsense, especially when they have some password, or part of a phone number.

 

[fidelcastro]

a similar type of scam was detailed at length in an Irish Times article in July 2018 I believe, reltated to Linkedin hack......

 

[Jazz01]

It is very unnerving, even if you know it's total nonsense, especially when they have some password,

Yes, that's exactly it - actually seeing the password in their email was a bit worrying. Not the threat of what they would do etc as it's all crap.
I printed out the email, took screen shots etc with the intention of heading to garda station last night, but it was closed. I'll have to make the trip into one of the larger stations, assuming I can get through the check point - might not be deemed a "necessary journey".
Thanks for all the replies - appreciate, as always, all your input.

 

[fidelcastro]

Yes, that's exactly it - actually seeing the password in their email was a bit worrying. Not the threat of what they would do etc as it's all crap.
I printed out the email, took screen shots etc with the intention of heading to garda station last night, but it was closed. I'll have to make the trip into one of the larger stations, assuming I can get through the check point - might not be deemed a "necessary journey".
Thanks for all the replies - appreciate, as always, all your input.

Good luck with that....there are 1000's of scams going on.

 

[Leo]

Good luck with that....there are 1000's of scams going on.

While equally unlikely to result in a conviction, there is a distinction between your average spam type scam and targeted extortion.

 

[Ciru75]

Yes, that's exactly it - actually seeing the password in their email was a bit worrying. Not the threat of what they would do etc as it's all crap.
I printed out the email, took screen shots etc with the intention of heading to garda station last night, but it was closed. I'll have to make the trip into one of the larger stations, assuming I can get through the check point - might not be deemed a "necessary journey".
Thanks for all the replies - appreciate, as always, all your input.

I wouldn't bother going to the guards, especially in the current situation. This is a very common scam in the last couple of years, your email won't be materially different to thousands of others. All they scammers have is that password and the email address they sent the mail to. Most likely you used that email address and password to sign up to some site that was hacked afterwards. If you use that password anywhere else, change it.

 

[Boyd]

I actually got two of them in the last 4 days.

 

[Jazz01]

I actually got two of them in the last 4 days.

Boyd - Did the emails contain a valid password for one of your accounts ?

I've now got my second one this morning (well arrived last night into spam folder) - from a different email address and they've up'ed the ante, more personal in the language used and the bitcoin request gone up to $2000 USD (they were specific this time around that it was US Dollars - Hmmm wondering if they were reading this thread! Guess the increase in ransom is due to inflation or maybe bitcoin isn't as profitable as it used to be?).

Email password information is the same and the threat of releasing videos to the wider population (hope they caught my good side!) was detailed.

I'll print it, and add to the previous one and if / when I get to a Garda station, I'll report it.

 

[celine]

I got one as well .. a password i used about ten years ago Just ignore it.