Jump to content
Join Sheffield Forum for FREE and join in the discussion! ×
Join Sheffield Forum for FREE and join in the discussion!
Sign in to follow this  
Followers 0

Got a scam email, any security steps I should take?

By Waldo in Computer & Tech Chat

Recommended Posts

Waldo    96

Waldo
Posted

Hi, I received one of these in my email inbox...

 

https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam

 

They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...

 

Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).

 

How did they get password?

 

I normally use a Mac or Linux Mint, any security software I should install?

Share this post

Link to post
Share on other sites

Ghozer    112

Ghozer
Posted (edited)
Hi, I received one of these in my email inbox...

 

https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam

 

They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...

 

Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).

 

How did they get password?

 

I normally use a Mac or Linux Mint, any security software I should install?

 

There has been a good few websites that have been compromised over the last couple of years, both large big names and smaller ones, some of these had user details, (some, including email addresses and passwords), and databases of these were sold on the DarkWeb and black market, some were made available online, and some to hacker groups...

 

You can check the website http://www.haveibeenpwned.com - enter your email address, and it will check it against some (not all however) of the compromised databases, It will show you which site(s) database it found your address in, then you can go to said site(s) and change your password(s)

 

I would also change any sites that use that same password any way...

 

It is also relatively easy, to spoof an email address, and make it look like it came from somewhere else (including your own address) - Unless you used the same password for your email, you shouldn't have anything to worry about, but I would probably change it just in case...

Edited by Ghozer

Share this post

Link to post
Share on other sites

Waldo    96

Waldo
Posted

Thanks Ghozer mate.

 

Yeah, don't think they spoofed the from field in the email, but they did send to my email address and indicate the correct password.

 

Most passwords I have are randomised 20 to 30 chars, this was much shorter, and a single dictionary word. Think i only ever used it on sites like forums (not this one). Still, need to take seriously and review where I used it...

Share this post

Link to post
Share on other sites

alchresearch    213

alchresearch
Posted

Barely a week goes by without a report of some company being hacked - British Airways, PC World, Ticketmaster.

 

Some are not as bad as others, such as this IT supplier:

 

Details exposed in the infection on Kitronik's website included customers' names, email addresses, card numbers, expiry dates, CVV (verification) codes and cardholders' postal addresses – everything a fraudster would need to start making online purchases.

 

https://www.theregister.co.uk/2018/10/09/magecart_payment_card_malware/

Share this post

Link to post
Share on other sites

tinfoilhat    11

tinfoilhat
Posted
Hi, I received one of these in my email inbox...

 

https://www.pcrisk.com/removal-guides/13959-so-im-the-hacker-who-broke-your-email-scam

 

They're asking for $867 worth of BTC. Thinking of replying asking them to confirm receipt of 867 bitcoins!...

 

Or maybe not. They did get my email address though, and a password I often use for insecure unimportant sites. Not good practice I know (using same password on multiple sites).

 

How did they get password?

 

I normally use a Mac or Linux Mint, any security software I should install?

 

I had that one yesterday, and the password looked like a really really old one I might have used. Just goes to show you should change them every so often, but it's a faff!

Share this post

Link to post
Share on other sites

Guest   

Guest
Posted
I had that one yesterday, and the password looked like a really really old one I might have used. Just goes to show you should change them every so often, but it's a faff!

 

Just make sure you don't user the same username/password combination on more than one site. If you do then they can try those credentials across many sites to see if they can get in.

 

Get a password manager and none of this is faff ;)

Share this post

Link to post
Share on other sites

tinfoilhat    11

tinfoilhat
Posted
Just make sure you don't user the same username/password combination on more than one site. If you do then they can try those credentials across many sites to see if they can get in.

 

Get a password manager and none of this is faff ;)

 

They're all different, all random and most are changed quite regularly. The password they associated with that particular account was well over a decade old. But it goes to show - change passwords!

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Close   I accept