Scammer knows an old but genuine password

4k4uNuNu

4k4uNuNu

4k4uNuNu

Associate
Joined
6 Nov 2018
Posts
313
Location
UK
This spooked me a little, good job I keep up to date with scams otherwise I might have fallen for it.

Got a spam email with one of my old passwords in it, a genuine one for a now defunct retailer. They were claiming, with very poor English, that they had control of my PC. Obviously some hacker has got hold of the email/passwords/god only knows what else and sold it to scammers and those scammers are now pretending they have control and are demanding money (in bitcoin, rolleyes) to release it.

I'm guessing this is an old scam, but I've never had it happen to me before. Disturbing to know what other info they have of me.

A nice reminder to always use different passwords for places as so many of them get hacked and have data breaches.

(and no, the password wasn't obvious like 12345, I only use that on my luggage)
 
I've been pwned 5x with @gmail and 1x with @googlemail and never had anything happen.

for gmail address you can use both and your account still gets any emails.

just use different passwords everywhere, your browser if it's storing passwords probably tells you what sites have been hacked
 
I found the same recently in the "bulk mail/spam/scam" folder for one of my email addresses. A password I used years ago for something, I forget what. A bit startling to see it, but the rest of the email proved that it was a scam. It was the classic "you've been watching porn and I've taken control of your computer and used your webcam to make a video of you *******" one. Yeah, right. They used the webcam I don't have to make the video they haven't shown me. They also made the threat too specific - they would send the video to the 22 people linked to my Facebook account. The Facebook account I don't have, but even if I did what's the chance of me having exactly 22 people on my friends list or whatever it is on Facebook? Amateur hour at the scammers - a scammer should only imply they have information they don't have. The more specific a scammer is about it, the more likely they are to be wrong about it and thus tip off their target. Also, I wouldn't care much if they really did have such a video and they did send it to people. I certainly wouldn't care US$6500 worth. But the scammer couldn't know that.

It's a standard tactic - acquire one piece of genuine information on the target and try to use that to manipulate them into believing you have a lot more information on them. Given that it's now routine for companies to have breaches and for data on huge numbers of people to be stolen, obtaining one piece of genuine information for each of a very large number of people is easy. A scammer only needs a very low success rate if they can reach at least tens of thousands of potential targets.
 
I received a few of those emails last year, I was also a bit startled to see a password and as much as I knew it was a scam almost immediately after reading the first line it did give me that push to move over to a password manager.
 
4 times according to that website, had my Hotmail account for 22 years, so not bad I guess
 
I've had the same thing a few times now. The password that was compromised doesn't actually show up on haveibeenpwned but it's been a long time since that password has been used.
 
A database somewhere with an account with that password associated with your email address got hacked/leaked and is on one of the many lists floating about.

So long as that combination doesn’t exist anymore, don’t fret.

As always, double check on https://www.haveibeenpwned.com/
 
I've found the combo list that holds my password. It's all but certainly from the lastfm breach from a long time ago before I used a password manager
 
Angilion said:
I found the same recently in the "bulk mail/spam/scam" folder for one of my email addresses. A password I used years ago for something, I forget what. A bit startling to see it, but the rest of the email proved that it was a scam. It was the classic "you've been watching porn and I've taken control of your computer and used your webcam to make a video of you *******" one. Yeah, right. They used the webcam I don't have to make the video they haven't shown me. They also made the threat too specific - they would send the video to the 22 people linked to my Facebook account. The Facebook account I don't have, but even if I did what's the chance of me having exactly 22 people on my friends list or whatever it is on Facebook? Amateur hour at the scammers - a scammer should only imply they have information they don't have. The more specific a scammer is about it, the more likely they are to be wrong about it and thus tip off their target. Also, I wouldn't care much if they really did have such a video and they did send it to people. I certainly wouldn't care US$6500 worth. But the scammer couldn't know that.

It's a standard tactic - acquire one piece of genuine information on the target and try to use that to manipulate them into believing you have a lot more information on them. Given that it's now routine for companies to have breaches and for data on huge numbers of people to be stolen, obtaining one piece of genuine information for each of a very large number of people is easy. A scammer only needs a very low success rate if they can reach at least tens of thousands of potential targets.
Click to expand...

It's funny that they seem to word it like they've been put out by knowing the password and need to be "compensated" for it
 
4k4uNuNu said:
It's funny that they seem to word it like they've been put out by knowing the password and need to be "compensated" for it
Click to expand...
They only do that in an attempt to add some legitimacy to the claims that they have control of your computer, but all their claims are complete and utter bull along with whatever video content they have of you doing unmentionable things whilst watching adult videos and that they have a list of all your contacts.
 
You must log in or register to reply here.
Back
Top Bottom