jrw666

Level 2
Hi, I got the following email in my junk mail....

"This is important information for you!

Some months ago I hacked your OS and got full access to your account xxxxxx@hotmail.co.uk
On day of hack your account xxxxxxx@hotmail.co.uk has password: xxxxxxxxx

So, you can change the password, yes.. Or already changed... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability. I used it...
If you interested you can read about it: CVE-2019-1663 - a vulnerability in the web-based management interface of the Cisco routers.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full backup of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts)."

They then go on about me viewing shocking porn, blah blah blah.

My only concern is the password they mention is one I would have used, although I cannot recall which site I would have logged in with it. It's not my Windows password.

My security setup it Emsisoft AM & browser security, OSArmour and adwcleaner on demand.

Scans report clean. I guess they got my details from the site, not my system as they claim?
 

Anon2406

New Member
I got exactly the same mail on Tuesday. Normally I easily spot phishing scams from a mile off but this one got me for a second! Never seen anything with my password on it before...however a quick google led me to realise the passwords retrieved from data leaks from large companies. I used this website : Have I Been Pwned: Check if your email has been compromised in a data breach , to double check that my password had been leaked and sure enough it had, ironically giving me some relief. Would recommend using it as found it very interestesting. You can search using your email and also any passwords you may have used.
 

Anon011

New Member
I got the same email last night. It honestly scared the sh*t out of me. I have an Anxiety Disorder and it ties in with Paranoia. Now I’m anxious to see if anything happens tomorrow night- as that’s when the supposed 48 hours runs out.

The bit that worried me was when they said they hacked into the Camera and have taken the photos of me and stuck them all together.

Trying to reassure myself that it’s nothing...
 
  • Like
Reactions: shmu26

Gandalf_The_Grey

Level 19
Verified
I got the same email last night. It honestly scared the sh*t out of me. I have an Anxiety Disorder and it ties in with Paranoia. Now I’m anxious to see if anything happens tomorrow night- as that’s when the supposed 48 hours runs out.

The bit that worried me was when they said they hacked into the Camera and have taken the photos of me and stuck them all together.

Trying to reassure myself that it’s nothing...
Follow the advice of @Anon2406 just above you. It is a scam and try to relax.
 

Kogurre

New Member
My mother got the same email, she was obviously quite distressed. Actually she got two. One with the password empty, other with her old password. Someone was trying to access her Instagram account a couple months back, and she changed the passwords. So the scam doesn't have the new one months after the change, which I suspect is related. Though her e-mail address is NOT on haveIbeenpwned. Which is a little worrying, because I was hoping the password was just leaked in one of the big hacks.

A small giveaway about this being fake is that she uses her phone very often, but is rarely on the PC. The e-mail specifically mentions adult sites and recording the camera. Well, none of our PC's have cameras anyway. Even if one might have adult history, but let's not talk about that.

The part with the router vulnerability got me worried, especially since some sites talk about this email as if it was an actual trojan, but no PC's of ours seem to be infected. I'm pretty sure that if they wanted a ransom and had a trojan installed, I would find out about that in a way far more obvious than an email in the spam inbox. Also, neither I nor my father got these e-mails, and we are the ones with PC's she might have used at some point. We would be the obvious targets if someone accessed these PC's.

So yeah. Bit worried, but there are a lot of holes in the story. I'm guessing it's safe to ignore?
 

blackice

Level 7
My mother got the same email, she was obviously quite distressed. Actually she got two. One with the password empty, other with her old password. Someone was trying to access her Instagram account a couple months back, and she changed the passwords. So the scam doesn't have the new one months after the change, which I suspect is related. Though her e-mail address is NOT on haveIbeenpwned. Which is a little worrying, because I was hoping the password was just leaked in one of the big hacks.

A small giveaway about this being fake is that she uses her phone very often, but is rarely on the PC. The e-mail specifically mentions adult sites and recording the camera. Well, none of our PC's have cameras anyway. Even if one might have adult history, but let's not talk about that.

The part with the router vulnerability got me worried, especially since some sites talk about this email as if it was an actual trojan, but no PC's of ours seem to be infected. I'm pretty sure that if they wanted a ransom and had a trojan installed, I would find out about that in a way far more obvious than an email in the spam inbox. Also, neither I nor my father got these e-mails, and we are the ones with PC's she might have used at some point. We would be the obvious targets if someone accessed these PC's.

So yeah. Bit worried, but there are a lot of holes in the story. I'm guessing it's safe to ignore?
Seems like you worked out the relevant concerns. They said they have camera access when there are no cameras (this is the best way to protect yourself anyway, always cover your camera when not in use). Also the password is old. Haveineenpwned is a great resource, but there are constant breaches that haven’t been documented. She could have fallen for a phishing email or something at some point, which doesn’t seem to matter if it’s an old password no longer in use. They feed on planting the seed of doubt. I’d say you’ve done a good job keeping it cool.

The part with the router vulnerability got me worried
Did you research the exploit they reference? Is your router even one that is vulnerable to this exploit?
 

Kogurre

New Member
Did you research the exploit they reference? Is your router even one that is vulnerable to this exploit?
Yeah. These appear to be a couple of hardware firewalls and a router. The thing is, I have a fancy router with the branding of my ISP, which could be rebranded. But I don't think it's that specific Cisco one anyway.

The thing is, when you Google the vulnerability, there are "security" sites that claim it's used to install a dangerous trojan, and you should install/buy their software to get rid of it. These people are no better than the scammers sending out these e-mails.

Also, I looked up the bitcoin address used in the spam e-mails. Already been flagged for fraud. Though it does have 7 transactions for around $600-$800. Unfortunately.
 
  • Like
Reactions: blackice