Waldo   96 #1 Posted November 5, 2018 Hi, I received one of these in my email inbox...  https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam  They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...  Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).  How did they get password?  I normally use a Mac or Linux Mint, any security software I should install? Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #2 Posted November 5, 2018 (edited) Hi, I received one of these in my email inbox... https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam  They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...  Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).  How did they get password?  I normally use a Mac or Linux Mint, any security software I should install?  There has been a good few websites that have been compromised over the last couple of years, both large big names and smaller ones, some of these had user details, (some, including email addresses and passwords), and databases of these were sold on the DarkWeb and black market, some were made available online, and some to hacker groups...  You can check the website http://www.haveibeenpwned.com - enter your email address, and it will check it against some (not all however) of the compromised databases, It will show you which site(s) database it found your address in, then you can go to said site(s) and change your password(s)  I would also change any sites that use that same password any way...  It is also relatively easy, to spoof an email address, and make it look like it came from somewhere else (including your own address) - Unless you used the same password for your email, you shouldn't have anything to worry about, but I would probably change it just in case... Edited November 5, 2018 by Ghozer Share this post Link to post Share on other sites Share this content via...
Waldo   96 #3 Posted November 5, 2018 Thanks Ghozer mate.  Yeah, don't think they spoofed the from field in the email, but they did send to my email address and indicate the correct password.  Most passwords I have are randomised 20 to 30 chars, this was much shorter, and a single dictionary word. Think i only ever used it on sites like forums (not this one). Still, need to take seriously and review where I used it... Share this post Link to post Share on other sites Share this content via...
alchresearch   214 #4 Posted November 6, 2018 Barely a week goes by without a report of some company being hacked - British Airways, PC World, Ticketmaster.  Some are not as bad as others, such as this IT supplier:  Details exposed in the infection on Kitronik's website included customers' names, email addresses, card numbers, expiry dates, CVV (verification) codes and cardholders' postal addresses – everything a fraudster would need to start making online purchases.  https://www.theregister.co.uk/2018/10/09/magecart_payment_card_malware/ Share this post Link to post Share on other sites Share this content via...
tinfoilhat   11 #5 Posted November 6, 2018 Hi, I received one of these in my email inbox... https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam  They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...  Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).  How did they get password?  I normally use a Mac or Linux Mint, any security software I should install?  I had that one yesterday, and the password looked like a really really old one I might have used. Just goes to show you should change them every so often, but it's a faff! Share this post Link to post Share on other sites Share this content via...
Guest   #6 Posted November 8, 2018 I had that one yesterday, and the password looked like a really really old one I might have used. Just goes to show you should change them every so often, but it's a faff!  Just make sure you don't user the same username/password combination on more than one site. If you do then they can try those credentials across many sites to see if they can get in.  Get a password manager and none of this is faff Share this post Link to post Share on other sites Share this content via...
tinfoilhat   11 #7 Posted November 9, 2018 Just make sure you don't user the same username/password combination on more than one site. If you do then they can try those credentials across many sites to see if they can get in. Get a password manager and none of this is faff  They're all different, all random and most are changed quite regularly. The password they associated with that particular account was well over a decade old. But it goes to show - change passwords! Share this post Link to post Share on other sites Share this content via...