Hi all merry Christmas
I received an email from supposedly myself saying if I don't pay them a lot of money in bitcoin within 48 hours they would put a video of me they had taken of me and wife through the computer camera online, they had my email address and password. I have deleted the email and I will not be paying anyone anything.
Is it possible for some sleaze bag to get access to my camera
That 'fear' or thought has been around awhile and some folks will put a sticker, masking tape or spot band-aid over the built-in camera to prevent such use. But Yes, there are ways for a hacker to access the computer and in turn activate the camera unbeknown to the user to acquire video.
It's a scam I get 3 or 4 of these a day and I never have my camera connected unless it's being used.
A few samples.
and another...Hello!
I have bad news for you.
19/09/2018 - on this day I hacked your OS and got full access to your account [removed] On this day your account [removed] has password: [removed]
So, you can change the password, yes.. But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $750 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1J5SXcupgaq2tUas5S7wVtf7evJp6YC3LJ
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Good luck.
and another...Hello,
I am a spyware software developer. Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!
So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $965 to my Bitcoin cryptocurrency wallet: 1DyDnmFR8KPMdWocDobtYMxSKTNBKsZZdV
My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!
Just delete and forget about it.Good day...
Dont pay attention on my English,I am from China.I uploaded our malicious program onto your OS.At present I thiefted all private information from your device.Additionally I received some more evidence.The most entertaining compromising that I received- its a video with your masturbation.I put deleterious soft on a porn web page and then you loaded it. As soon as you picked the video and pressed play,my malicious software immediately loaded on your OS.
After adjusting,your front-camera shoot the videotape with you self-abusing,furthermore malware saved precisely the video you selected. In next few days my malware grabbed all your social and email contacts.
If you need to destroy the records- send me 700 usd in Bitcoins.
Its my Btc number - 1A456aQUaA91arMaTW8vk4wrBzHRwRzWNZ
You have 30 h. to go from this moment. When I get transfer I will eliminate the videotape permanently. Otherwise I will forward the video to all your contacts.
Can confirm what z3r010 mentioned above. I did some research and this is basically what I discovered:
1. the email addresses are being spoofed
2. change all your email passwords
3. either disable your webcam or cover it
4. I attempted to track the source down using the email headers. Yes, I know, a waste of time. But what I did discover is that there is no pattern. One time the email comes from Vietnam, then Italy, then Netherlands...you get the picture
5. So, what did I try next? I downloaded the free version of Mailwasher and the next time one of these came in I used the program to bounce the email back, essentially saying nobody home.
Did it work?
Well, that remains to be seen but I have not had another spoofed email for more than 10 days so I am keeping my fingers crossed.
One thing I can say is that if I knew how I would love to find a way to stop these people doing what they do.
On another note, if this is happening with a work email, not personal, you might want to ask whoever is in charge of these matters to check what the SPF record is set to do and to consider adding a DMARC record if none exists. Apparently, these can help reduce this type of spoofing.
As far as I know, it is not possible with personal email unless you want to go through your ISP and explain what is happening but am not sure how helpful that might be.
In any event, do not freak out and do NOT pay anything.
Good luck and happy holidays!
Thanks for reply's
Most of the time I use mac but I have windows 10 on my iMac and I also use android tablet.
But thanks for putting my mind at rest.
Dell
Had a message like that a month ago. and even that was from a junk account I haven't used for years and didn't contain any real personal info. I just laughed him away and never heard about it any more. Spoofing an address is well known for ever and was used even to spoof analog phone numbers, that's how old it is.
Finding a valid e-maul address is no problem either, they use same SW for cracking passwords, a dictionary trying all combinations of words, letters and signs, sooner or later it will make a hit and find valid address.
PS.
Accounts like that I access only via live Linux on a USB or CD some time ago, no way anything can stick to it.
Bouncing back is never a good idea. You only end up bouncing back to the people in the mailing list (other spoofed users) not the spammers.
Hi
If a spammer is using a hacked/spoofed email account to send out emails, then all you do is send a bounceback to the original hacked account, not the hacker/Spammer "he does not include his email in the list". The hacker/Spammer does not know it has been bounced back and you continue to recieve emails from them. However, all that has happened is that genuine people who have been hacked and have sent out these mass emails recieved bounce back emails that you or they can do noting about. "Apart from the obvious alert to change passwords"
To be honest, there is no real way to fight back unless you have specialised hardware or an exchange account so that spam is auto filtered before it is sent on to you.
If you are using online emails such as outlook, you can add emails to the blocked user or domain list, but spammers change so regularly and they still have your email address, so you cannot keep up.
Until email providers spend some money and provide realtime protection in there servers, we can do very little.
However, what you state in your post "2. change all your email passwords" is a great solution but everyone person needs to change their passwords and complexity on a regular basis to minimise / prevent email account hacking, but what % of the population do you think does that on a regular basis? This is where the weak link lies, even if password duration policies are set, they are mostly simple to remember passwords because we have so many password in our heads these days that we need a hard drive installed to remeber them all.
This said though, if it is junk email from companies etc, then you can bounce them back but most of the send email accounts are not monitored for email returns. "Please do not reply to this email"
Thanks
Quote