Clever attempt to extort me :)

[Salty_Aus]

I redacted my password from the message below, but yes he knew my password. Which will surely get peoples attention.
Knew this password was compromised several years ago when a big online entity was hacked and all their passwords associated with emails were shared on the dark web. It was always one of those passwords I use when I don't really trust the site I'm joining anyway, and I've updated them since.
I've had similar emails like this a few times, but thought the password angle was kinda neat.

------------------

Hi, I know one of your passwords is: XXXXXXX - but not only that!

Your computer was infected with my private malware, because your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam!

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces and this email was sent from some hacked server.

I can publish the video of you and all your private data on the whole web, social networks, over email of all your contacts and everywhere else.

But you can stop me and only I can help you out in this situation.

The only way to stop me, is to pay exactly 900$ in bitcoin (BTC).

It's a very good offer, compared to all that HORRIBLE SHIT that will happen if you don't pay!

You can easily buy bitcoin here: www.paxful.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin wallet is: 1GLJa8dMq9XBaiMhXNJSQjVoNzh2xRanzD

Copy and paste my wallet, it's (cAsE-sEnSEtiVE)

I give you 3 days time to pay.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I remove all your data and you can life your live in peace like before.

Next time update your browser before browsing the web!

[Forum Wars]

Tell him you know all about these scams and how he got your password on the dark web.

Then counter offer with an amount of $1 if he writes you an apology and admits the whole thing is a farce BEFORE you send the dollar.

Follow it up by calling him scum and not paying the dollar. Post apology letter here.

[Salty_Aus]

Tell him you know all about these scams and how he got your password on the dark web.

Then counter offer with an amount of $1 if he writes you an apology and admits the whole thing is a farce BEFORE you send the dollar.

Follow it up by calling him scum and not paying the dollar. Post apology letter here.

----

I know my password was compromised years ago, I used this weak password on sites I thought were suspect anyway, and know you can get these details on the dark web associated with this email account easily when these sites were hacked. Changed this password years ago!

Also, I don't have a webcam.

But I like the cut of your jib, and think this was a clever attempt to extort me.

Apologize to me and admit this was all a scam and I'll send you $10 worth of BTC to your wallet.

Best of luck.

On 7/07/2019 9:37 pm, Save Yourself wrote:
> Hi, I know one of your passwords is: --- but not only that!
>
> Your computer was infected with my private malware, because your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".
>
> My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam!
>
> I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!
>
> After that I removed my malware to not leave any traces and this email was sent from some hacked server.
>
> I can publish the video of you and all your private data on the whole web, social networks, over email of all your contacts and everywhere else.
>
> But you can stop me and only I can help you out in this situation.
>
> The only way to stop me, is to pay exactly 900$ in bitcoin (BTC).
>
> It's a very good offer, compared to all that HORRIBLE SHIT that will happen if you don't pay!
>
> You can easily buy bitcoin here: www.paxful.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
> You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.
>
> My bitcoin wallet is: 1GLJa8dMq9XBaiMhXNJSQjVoNzh2xRanzD
>
> Copy and paste my wallet, it's (cAsE-sEnSEtiVE)
>
> I give you 3 days time to pay.
>
> As I got access to this email account, I will know if this email has already been read.
> If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
> After receiving the payment, I remove all your data and you can life your live in peace like before.
>
> Next time update your browser before browsing the web!

[Gordman]

Funny, I was just about to post the one I got recently. I rarely ever check the spam folder unless I want a good laugh...and there it was, right next to the Nigerian princes who are desperate for my help.














Related article:

https://blog.malwarebytes.com/cyberc...elcome-return/

[Gordman]

Also, that link i posted with the article contains a link to this website which I never knew existed until now:

https://haveibeenpwned.com

(Direct link for checking passwords you've used:
https://haveibeenpwned.com/passwords)

It seems pretty useful; it looks like you can check both email addresses as well as passwords to see if they have been exposed and possibly exploited

[Forum Wars]

OK but I'll make it $10

Yeah, $10 is probably better (it'd be funny if you did $1 and he apologized). Interested in seeing the response to $10.

[simpdog]

Also, that link i posted with the article contains a link to this website which I never knew existed until now:

https://haveibeenpwned.com

(Direct link for checking passwords you've used:
https://haveibeenpwned.com/passwords)

It seems pretty useful; it looks like you can check both email addresses as well as passwords to see if they have been exposed and possibly exploited

I don't mind putting in my email to see if I have been owned, but sending them your email + passwords you use can't possibly be a good idea

[gut]

You should have told the guy: I'm sorry you had to witness me satisfying myself on the cam. It was a long day at work, and I really planned on just eating 1 piece of cherry pie while watching netflix, but then I just gorged and ate the entire pie. It's shameful that others were subjected to this obscene behavior. I was satisfied though.

[sah_24]

Just amazes me how anyone can fall for this shit lol …

[Tellafriend]

Just amazes me how anyone can fall for this shit lol …

Prob around 2004 when these things started I had a client send $100k or so overseas. It was a scam also involving fraudulent checks from a US business. Anyway, he sent like 35k of his money and then 65k from the other business before it could clear yet his bank honored it prematurely and then sued him; hence my involvement. Anyway, was certainly interesting and at the time sad to see how he genuinely believed he was going to retire from this. Not so much.

[Dan Druff]

I get this shit constantly.

It has nothing to do with you using a weak password.

This scam comes from passwords that were bought in mass system hackings.

Because I use a lot of custom e-mail addresses, I can pinpoint which businesses fucked up. The one which caused the most scam e-mails to come to me was Front Gate Tickets, which did the ticketing for Coachella for a long time. They got hacked but won't admit it.

FYI, regarding passwords, it is VERY rare that hackings come from brute-force attacks on your password. That's why it's foolish to have overly complex passwords. Almost all password hackings come from back-end theft and cracking of large business password databases, and some are also simply stolen by employees. Then they're sold on the black market.

[Salty_Aus]

I get this shit constantly.

It has nothing to do with you using a weak password.

This scam comes from passwords that were bought in mass system hackings.

Because I use a lot of custom e-mail addresses, I can pinpoint which businesses fucked up. The one which caused the most scam e-mails to come to me was Front Gate Tickets, which did the ticketing for Coachella for a long time. They got hacked but won't admit it.

FYI, regarding passwords, it is VERY rare that hackings come from brute-force attacks on your password. That's why it's foolish to have overly complex passwords. Almost all password hackings come from back-end theft and cracking of large business password databases, and some are also simply stolen by employees. Then they're sold on the black market.

What I meant was. When I need to join a questionable site, or site that doesnt pertain to financial or confidential details I use the same simple password and consider that this password will be compromised at some time.
Important stuff I use complex passwords, and specifically different ones for different sites.
But when I say simple it's a combination of words and number and unlikely to be brute forced, just simple to remember. The password he knew dated back over ten years, and by todays standards was weak.

[Gordman]

Also, that link i posted with the article contains a link to this website which I never knew existed until now:

https://haveibeenpwned.com

(Direct link for checking passwords you've used:
https://haveibeenpwned.com/passwords)

It seems pretty useful; it looks like you can check both email addresses as well as passwords to see if they have been exposed and possibly exploited

WARNING: at this point, I want to advise you to NOT plug your email in this website.

Now I know Simpdog made a post after mine saying it wasnt a good idea to plug in email addresses and passwords like the site lets you do. He is probably right here (i really cant professionally advise one way or the other to be honest), but this isn't the reason for my warning post.

If you plug your email in, be prepared for the possibility of an onslaught of spam emails in your spam box. If you don’t care about additional spam emails, then ignore this post.

Approximately within a few hours of my original post and me plugging in 2 different email addresses on that search feature, I was bombarded by a ton more spam mail than normal.

Just thought i would put it out there to let people know. I will also edit this in my op.

Edit: ok, i guess i cant edit this in my op

[alpha1243]

The only way to stop me, is to pay exactly 900$ in bitcoin (BTC).

They're clearly incompetent as they typed $900 incorrectly.