You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
My mum was asking about a slew of emails she has been receiving at my dad’s old email address, wherein some spammer tries to blackmail my dad into sending money to cover the fact that he has ‘visited porn sites’.
The spammer claims to have installed malware via one of the sites my dad ‘visited’, and has thereby been able to capture his password.
Now, I know I have seen almost this exact text used elsewhere, so it doesn’t worry me in the least - especially since my dad died a number of years ago. HOWEVER, my mum points out that the password the spammer includes in the email is actually one my dad used to use.
My question is: how has it been possible for a password to have been extracted and used? And what should my mum do about these emails? I know she has been deleting them all prior to today, but because she is with me right, she showed me the most recent.
I've had the same one and so has my mum. Both with valid, genuine but very weak passwords of the sort I use on throwaway accounts I don't really care about.
It'll be the result of some site or other being hacked and user data being leaked.
I wouldn't worry about it too much, though you'd want to change the password on any other sites that have used the same one.
You may also want to check: https://haveibeenpwned.com/
My question is: how has it been possible for a password to have been extracted and used?
A site was hacked most likely.
And what should my mum do about these emails?
Nothing
The password will most likely have been sourced from a hack of a reputable website.
Look at the email client settings and see if you can just block the emails, and/or report them to your ISP.
Linkedin had a hack where un-encrypted passwords were stolen together with email addresses. Theyre not the only site.
I get loads of these, it's just the latest scam. Just ignore them.
I did start a thread about it on here a while back.
Some have correct passwords / phone numbers and some are just gibberish passwords. All scraped from the 100s of sites which have had their user accounts stolen over the last 10 years or so.
And what should my mum do about these emails?
Given the don't seem to stop and I get loads from different people about the same password, I've just set up a custom spam filter on that old password, so any email containing it gets binned straight away.
It’s annoying receiving SPAM of this nature, but that’s all it is.
Eventually the SPAM ceases, but it will take a little while.
Just make sure your Parent doesn’t click on nor send a reply to the SPAM because this has the potential to spike the sender into knowing that the email account is “live”
Sky via Yahoo have been pretty effective at stopping this kind of stuff recently.. I suspect other mail providers will follow suit.
I thought this would be a thread about crap spam, I got an sms this morning from hsbc about my account being blocked, they asked me to go to the ip address in the message to un-lock it, not even a registered domain, that's not even trying!
Obviously I followed the link and entered all my bank details, I'm sure it'll be ok.
My question is: how has it been possible for a password to have been extracted and used?
For a while various tables existed online for shorter passwords that allowed hackers to 'reverse' the encrypted password via a lookup. I fairly sure that is no longer possible on a properly setup website using 'salted' passwords but most of this stuff comes from a while ago when everyone used the same email address and password everywhere.
I get them on a work email account that’s just set up for wholesale queries that I monitor. I think just delete and forget about it. How’s your back doing?
Obviously I followed the link and entered all my bank details, I’m sure it’ll be ok.
I can check for you if you like? I'll just need your card number, expiry date and those funny little numbers off the back.
This kind of spam / phishing has been doing the rounds recently all over the place.
First - don't worry, it's basically spam and you haven't been personally hacked, malware installed etc.
Second - the spammer's have a massive database from web sites that got hacked many years ago and as well as emails, where the password hashes were easy to crack (weak passwords usually) they have those as well. Some bright spammer/hacker decided it would be a good idea to chuck the password into the spam and scare people because it contains a password that is valid or was once used by the recipient.
Third - if you're still using that password somewhere, probably best to change it.
In my case as I use specific email addresses for each sign-up, I've traced one of these I got down to an old forum I used years ago with a crap password (didn't care really for forums as I knew they were likely to have unpatched software and get hacked, so used things I wouldn't use anywhere else).
Also was discussed related to Superstar, but doesn't mean it was Superstar that were hacked. Email could be on the list and paired up with something else that has your password. Or maybe Superstar were hacked. I used to get spam at my old SS address, so I blocked it and used a new one.
https://singletrackmag.com/forum/topic/superstar-components-customer-database-potential-leak/