Email received from supposed darknet hacker?

oleO

New Member
Oct 15, 2018
1
Can you send me a PM with the e-mail header? (Just scrub out your own/friends e-mail address by replacing it with <THISWASMYEMAIL> so I know).

I'll be able to tell you from the e-mail header if it is a hoax or not. The likelihood is that it is a hoax though. The e-mail looks like a hoax scam, and people who are really on the dark web doing illegal things have more important things to be doing like selling illegal drugs and stolen gift cards than trying to hoax people who are on the surface web (that is just how it is).

The chance of it not being a hoax is incredibly small. It is probably some moron in a poor country doing a mass-spam campaign to try and get people scared who will fall for it and pay the money.

Even if you check your Sent folder, it may still show up even if it is a hoax, there's a trick to spoofing that can cause services like Gmail to show the e-mail as having been sent from your own account, even though it wasn't.


I hope it's ok I respond to the thread, I also got the email, and can see that an email from my webmail account has been sent in the same timeframe (but no content in outgoing mail) there has not been sent mail from my smartphone or pc and I have have run a macscan without anything found:

Vendula Kubová can I send u a PM with the header?
Ole
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Seems that the guy already made some profits with his scam

Totally forgetting about anything computer related (like Spam filters), this one was different in one respect- unlike that regular Spam emails that rely on Fear (we have infected your computer and will encrypt your files if you don't pay us), or Greed (the Nigerian Prince scam), this one relies on Guilt.

The implication with this email is that the sender is aware that a person visits Porn Sites and the reaction to viewing that Porn site has been recorded via the camera of the computer. Too precious!

I just wonder how many Schmucks without cameras think that they can be recorded by the computer screen itself...
 
F

ForgottenSeer 69673

Totally forgetting about anything computer related (like Spam filters), this one was different in one respect- unlike that regular Spam emails that rely on Fear (we have infected your computer and will encrypt your files if you don't pay us), or Greed (the Nigerian Prince scam), this one relies on Guilt.

The implication with this email is that the sender is aware that a person visits Porn Sites and the reaction to viewing that Porn site has been recorded via the camera of the computer. Too precious!

I just wonder how many Schmucks without cameras think that they can be recorded by the computer screen itself...

This person got the same e-mail. Only the dark net nickname changed and this person said they do not have a computer video cam lol
Is this a common scam email? He says I have 48 hours? And has screenshots but my computer doesn't have a camera?
It appears only the nickname changes with all these but the bitcoin account numbers remain the same.
 

AnnieZ

New Member
Oct 16, 2018
1
I got the same email through multiple email accounts of mine. I checked my sent folder and nothing's been sent from those accounts. You're quite right about the guilt factor: I read the email and laughed. They won't find anything salacious on my PC. And, how are they gonna take photos of me when I don't have a cam hooked up. Makes me mad to see another scam going around though.
 

Maverick87

New Member
Oct 18, 2018
1
I've received numerous versions of this email, but in today's there was a legitimate password of mine included.

I ran a scan which came up clean, but they did reveal a full password that I do use. So as much as I've ignored other emails like this in the past, this one does actually concern me... not because of the ludicrous blackmail threat (knock your socks off dude, my life ain't that exciting), but because I'm wondering if my other passwords on more critical accounts are compromised.

Has anyone else had an actual full password revealed in one of these emails?

I had a similar one a week or so back that had only the first 2 characters... a week later, they showed them all.
 
  • Like
Reactions: JB007

ChemicalB

Level 8
Verified
Sep 14, 2018
360
I've received numerous versions of this email, but in today's there was a legitimate password of mine included.

I ran a scan which came up clean, but they did reveal a full password that I do use. So as much as I've ignored other emails like this in the past, this one does actually concern me... not because of the ludicrous blackmail threat (knock your socks off dude, my life ain't that exciting), but because I'm wondering if my other passwords on more critical accounts are compromised.

Has anyone else had an actual full password revealed in one of these emails?

I had a similar one a week or so back that had only the first 2 characters... a week later, they showed them all.
The most likely explanation is that this criminal has access to one of the many repositories of stolen accounts (user name and password) and then using them as blackmail for this scam.
If the password you mention is still in use, I advise you to change it as soon as possible, otherwise it may be an old non-working password that you've used in the past but then you've changed, so in this case, it should not be a problem.
 

zut72

New Member
Oct 19, 2018
1
The most likely explanation is that this criminal has access to one of the many repositories of stolen accounts (user name and password) and then using them as blackmail for this scam.
If the password you mention is still in use, I advise you to change it as soon as possible, otherwise it may be an old non-working password that you've used in the past but then you've changed, so in this case, it should not be a problem.

This happened to me this morning, I recieved the exact same mail from my own account with an actual OLD password that I used many years ago.
 
E

Eddie Morra

The most likely explanation is that this criminal has access to one of the many repositories of stolen accounts (user name and password) and then using them as blackmail for this scam.
If the password you mention is still in use, I advise you to change it as soon as possible, otherwise it may be an old non-working password that you've used in the past but then you've changed, so in this case, it should not be a problem.
Your advice is absolutely spot on.

There's online dumps of leaked credentials from past service breaches and attackers can use these to convince you that they have access to your accounts - and it is possible that they do have access to your account/s through using leaked dumps of credentials if you have not changed your credentials or have re-used the same ones for other services.

However... once you update those credentials, the credentials from the leaked dumps now become useless to the attackers.

There's a good service which you may want to check with: Have I Been Pwned: Check if your email has been compromised in a data breach
 

playwithfire

Level 1
Oct 20, 2018
3
I received the same email earlier today. I got something similar a few months ago which worried me a little at first but I soon realised it was a load of rubbish. One of the funny things is that I do have a camera on my laptop but I have no drivers installed for it and it has a hardware lock on it which I haven't opened, so even if they had hacked me they'd just get a black screen.

The only thing that worried me a little about this one was that it had a previous password in it that I used to use for a long time. Luckily I don't still use that password for anything important. So that has made me cautious to never use that password or anything similar to it again. It obviously means they've gotten hold of some old data of mine and have access to _something_ but hopefully nothing important. And they clearly haven't actually hacked our computers or have a trojan installed else they would have been using keyloggers etc to get more important or updated passwords (especially considering they allude they've had full access of the computer for six months).

It's just a reminder that no matter how annoying it might be, you really should change all your passwords to something completely new every so often (at the very least once a year) rather than waiting until you're forced to change it when something like this has already happened.

A tip is that even if you're no good at remembering a different password for every site/account that might need one, a good thing to do is have at least 2-3 passwords you can easily remember that vary in strength. Use the strongest ones for your important accounts like bank account passwords or any accounts that hold personal information about you and if you struggle to remember stronger passwords, use a different slightly weaker one for things like random forums that don't hold any personal information of yours other than your email address. That's safer than using the same password for absolutely everything but also more practical than making up a different password for every single site and trying to remember them all. This email is a sign of how that works because the old password the potential hacker got hold of was one of my weaker ones that I didn't use for anything important.
 

playwithfire

Level 1
Oct 20, 2018
3
A couple of other things I'll add... Out of curiosity I just checked my email account's activity log from the provider. There have been several "unsuccessful sync"s attempted over the last 19 days, from Iran, China (most of them), Singapore and Malaysia. Seeing as these were unsuccessful, all recent but on random days (no pattern to the attempts) and all from quite random locations, it could be that the data that's been taken here is quite wide-spread by now.

This also reminded me that I had received an email from Currys PC World towards the end of August about their data breach. Their email said some personal information may have been lifted such as name, email address etc but that card details hadn't been taken - which could explain how this person/group has email addresses and old passwords.

It could be a red herring, but did anyone else who is getting these emails also get the Currys PC World data breach warning in August?
 
  • Like
Reactions: JB007

longroad

New Member
Oct 20, 2018
1
I've received numerous versions of this email, but in today's there was a legitimate password of mine included.

I ran a scan which came up clean, but they did reveal a full password that I do use. So as much as I've ignored other emails like this in the past, this one does actually concern me... not because of the ludicrous blackmail threat (knock your socks off dude, my life ain't that exciting), but because I'm wondering if my other passwords on more critical accounts are compromised.

Has anyone else had an actual full password revealed in one of these emails?

I had a similar one a week or so back that had only the first 2 characters... a week later, they showed them all.


Same here. I received a version of this email today - exactly the same but with a different darknet name, and bitcoin address.
The email did actually contain a password that ive used in the past- but not for anything that important.

It sounds like a hoax yes, but when they have your password it does cause concern.
I ran a virus scan and yes there were some things there, but nothing serious looking.

Going to change all passwords now as its about time anyway!
 

JiSingh12

Level 3
Verified
Sep 1, 2018
136
Out of curiosity I just checked my email account's activity log from the provider. There have been several "unsuccessful sync"s attempted over the last 19 days, from Iran, China (most of them), Singapore and Malaysia.

I agree.
My Gearbest account was actually accessed last night though, received an email about it, and showed a DE and CZ IP address. So, damn.
My bank card was also used even though it was a new account in branch that i opened a few weeks prior. Need to change banks soon.
My two main hotmail accounts (the same email apart from one is '.com', while the other is 'co.uk'.), but the '.com' one was accessed earlier this year, as i was told by a text message alert luckily, they both also had loads of successful and unsuccessful syncs.

I Also been pwned for a total of 16 times across the two main accounts.
 
  • Like
Reactions: JB007

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@JiSingh12 If i understand you correct your email accounts have been compromised 16 times? When you used long "random" passwords and didin't reuse the password for any other login site my best guess would be you got some other security problems.
Maybe do a viruscheck with Emisoft Emergency Kit Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal
Anyway you found the right forum for help/question :)
 

LOCKEDuptight

New Member
Oct 21, 2018
1
I`ve recived one of these scam emails as well, curiously mine quoted a password that is familiar to me and claiming to be the password for my device, it is not, but it is the password I used for a site I was once subscribed to (definitely non sexual), so I presume it is that site that has been hacked, not me.
 

mellowtones242

Level 2
Thread author
Verified
Aug 11, 2018
95
@JiSingh12 If i understand you correct your email accounts have been compromised 16 times? When you used long "random" passwords and didin't reuse the password for any other login site my best guess would be you got some other security problems.
Maybe do a viruscheck with Emisoft Emergency Kit Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal
Anyway you found the right forum for help/question :)


I would back up and go with a clean install.
Install and configure Comodo CIS (@cruelsister settings)
I'm looking into OSAmor and SysHardener I don't know if it's really needed as yet.
Reset all passwords.
Password Manager - I'm using LastPass (you guys can chime in if there is a better option)
DNS - I'm using Comodo Dome with encryption.
Browser - I'm testing MS Edge currently with Nano ad blocker
VPN - IPVanish (you guys can chime in on this option also)
 
  • Like
Reactions: Handsome Recluse

JiSingh12

Level 3
Verified
Sep 1, 2018
136
If i understand you correct your email accounts have been compromised 16 times?

Well according to the haveibeenpwned site, i have 16 breaches, but these are mainly data breaches, however, my hotmail has been compromised along with my bank, i wonder if my WiFi has been compromised but not sure how to check this. My passwords were mostly quite simple, and i have had the email account way too long, for like 13 years, therefore there is a lot of stuff i signed up to, used simple passwords on, etc.

My hotmail was done from remote locations outside of U.K, not sure how they got my password but i enabled 2FA & changed the password to something that does not include my first name now :p.

@mellowtones242 - After the extensive breaching, i have begun to use OSA and Syshardener, along with avast in hardened mode. I use the cloudflare DNS but its not really security based, more speed and privacy than anything else. Using Chrome with Nano and a few other extensions, check my config. (SECURE: Complete - JiSingh12's Desktop Security Config)

I will be testing EEK, never tried it but heard good things. I use MBAM and ADWCleaner mainly as they are not too powerful and wont mess up my system to be fair. i also would use HMP and NPE when needed, i also have Avira Rescue System as a bootable AV.
 

Odre

New Member
Oct 21, 2018
1
I also got the same exact email from a guy called zack47 who put down my email address and my password, although i have forgotten if i ever used that password before and have changed it about 3 weeks ago.

Actually i received 2 emails. One on the 19th and the last one today.
 

Attachments

  • 721A4ED5-4AC0-474E-830A-6829E585FE81.jpeg
    721A4ED5-4AC0-474E-830A-6829E585FE81.jpeg
    684.2 KB · Views: 936
  • 0589CFFD-B11A-4D1F-9DD6-EE035525A101.jpeg
    0589CFFD-B11A-4D1F-9DD6-EE035525A101.jpeg
    724.3 KB · Views: 966

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top