• Welcome to the new Mac-Forums. See News and Community Announcements for more details.

Ransom message

Joined
Mar 31, 2011
Messages
158
Reaction score
2
Points
18
Your Mac's Specs
2017 27" iMac, iPod Touch, iPhone 6s
I have a MacOS Sierra on an iMac Retina 2017. I have received an email message sent to my Gmail account from "kahy@kmbibxqyb.com" telling me “I do know ***** is your passphrases [at ***** the message displays an old, OBE, out of use password]. Give me USD 869 at Bitcoin B*T*C* ad*dre*ss: 14cxPepKjJ8XR5k4u7jskJiqMH2vGFV5WY”

There is a warning that if I do not send the money “i most certainly will send your video clip to each one of your personal contacts” The video clip is described as related to a visit I have presumably made to a pornographic website.

The whole thing is phony. I have never been to a pornographic website, the “passphrase” the message claims to have is OBE and has been for a long time. I have no idea where they got the password, but it is no longer active anywhere.

Just in case, I ran Malware Bytes Premium, Clam XAV, and SmartReporter. Everything is clean.

Do I simply delete this message, or is there some cyber security website that likes to see these kinds of messages regardless of what they look like?

If I have posted this in the wrong section, please say so. Of all the choices, this seemed the most logical.
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
12,660
Reaction score
304
Points
83
Location
MA
Your Mac's Specs
2018 Mac-Mini macOS Catalina 10.15.5, 32 GB
You can forward that message to the FBI if you want, and their Cyber division may look into it.

In your case, you should PROMPTLY change all of your passwords on ALL of your sites (important or not) and also delete accounts on sites you do not use anymore.

My guess is that your old password was probably leaked from some site and they are using scare tactics to get you to pay for it. Since this password WAS legitimate at one point in time, people will assume the rest of the threat is also valid and pay up.
 
Joined
Nov 28, 2007
Messages
25,294
Reaction score
402
Points
83
Location
Nambucca Heads Australia
Your Mac's Specs
iMac, i7 4GHz, 32GB memory, 1TB blade drive, OS X.15.5.
Just a scam and ignore.

Get these slime bags threatening this all the time. Guess they work on the 1`% rule and this returns good money.
 

IWT


Joined
Jan 23, 2009
Messages
6,544
Reaction score
232
Points
63
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
iMac 5K Retina 27", August 2019, 3.6GHz Intel Core i9, Memory 32GB, 2TB SSD, macOS Mojave 10.14.6
This is becoming more commonplace and there are several threads in our Forums along the same lines.

Don’t reply. Don’t negotiate. Ignore. In the process, you may need to clear your web browser caches.

In addition, just as a precaution, download, install and run Malwarebytes app. Don’t pay anything for this. Take the 30 trial at the end of which it becomes free as an on-demand app.

Clam XAV and the other AV products won’t help in the least and are best uninstalled.

A quick search of our Forums will bring up similar threads and advice.

Ian
 
Joined
Mar 31, 2011
Messages
158
Reaction score
2
Points
18
Your Mac's Specs
2017 27" iMac, iPod Touch, iPhone 6s
Thank you all. I have followed your advice. As IWT suggests, I did find other, similar reports at this Forum. Thanks for suggesting that. I am pretty sure I used this password at Anthem whose database of 80 million people was hacked in 2015. It has since been changed, but presumably it would have appeared in the hacked data. Maybe that's where "these slime bags" (in harryb2448's charming phrase!) got it. Anyway, again, thank you being here.

For those interested, the email editor displays this in the message source information: (171-100-242-122.static.asianet.co.th. [171.100.242.122])
 

Rod


Joined
Jun 12, 2011
Messages
5,920
Reaction score
176
Points
63
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOSX 10.15.1
As suggested it's probably time to do a bit of a security update especially for important sites. You might also like to consider getting a Password Manager, 1Password has been highly recommended, it will make using, managing and creating passwords a breeze.
It also has a new feature called Watchtower" which allows you to audit and check passwords against email addesses for recent hacking events.
 
Joined
Mar 31, 2011
Messages
158
Reaction score
2
Points
18
Your Mac's Specs
2017 27" iMac, iPod Touch, iPhone 6s
Reading 1Password's website, as suggested by Rod Sprague, led me to "have i been pwned?" at https://haveibeenpwned.com/ where I read "Mac Forums: In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form. Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames"

I don't recall writing about that here, although I may have.
 

Rod


Joined
Jun 12, 2011
Messages
5,920
Reaction score
176
Points
63
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOSX 10.15.1
Yes we were all made aware of that at the time. We are prompted to change our password every 6 months but I do that a little more frequently myself. There have been more serious breaches recently as you probably read. My primary email came up on the Have I Been Pawnd site over a year ago as I am a subscriber to the site. That was as it turns out how I found out about 1Password's new features.
I have over 100 sites associated with that email account so I'm not about to ditch it but many are out of date or redundant. I will slowly work my way through the important ones in my password manager and change passwords as I go. There really is no other way. The most important sites have 2SV or 2FA anyway and rest have little or no personal information anyway. Mind you I would be annoyed if someone locked me out of Mac Forums. [emoji6]


Sent from my iPad using Mac-Forums
 
Joined
Mar 31, 2011
Messages
158
Reaction score
2
Points
18
Your Mac's Specs
2017 27" iMac, iPod Touch, iPhone 6s
I will slowly work my way through the important ones
I have done that too. Yesterday's "ransom message" has prompted me to do some of it again. It's a nuisance, but clearly necessary.

The "have i been pwned?" website is very nice in specifying which email address has been compromised and where. I thank you again for alerting me to 1Password which in turn alerted me to "have i been pwned?" (Incidentally, what is "pwned"? At first, I took it to be "passworded" but then why the n?)
 

IWT


Joined
Jan 23, 2009
Messages
6,544
Reaction score
232
Points
63
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
iMac 5K Retina 27", August 2019, 3.6GHz Intel Core i9, Memory 32GB, 2TB SSD, macOS Mojave 10.14.6
Well, Jake, I never knew that. I subscribe to Troy Hunt”s blog and podcasts so I am very familiar with the term.

But I’m too embarrassed to admit what I thought it meant. I was assuming it was his Australian accent that appeared to mispronounce the word. O:)

Ian
 

Rod


Joined
Jun 12, 2011
Messages
5,920
Reaction score
176
Points
63
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOSX 10.15.1
I have posted this seperatly but just FYI stefanmaine and those who contributed to this thread:

Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt on his web site "Have I Been Pawned"
This topic came up recently in another post and I mentioned that 1Password allows this via a new addition called Watchtower.
I'm pleased to announce that my default password manager Enpass also has this facility. https://www.enpass.io/docs/manual-desktop/pwned.html
Call me stupid but until today I was not aware of this so I cannot say how long this feature has been included. I found out purely by accident while reading the long list of "bug" fixes in the iOS update notes re a wrong message that may occur during the process of checking your passwords against the breached list (only for the iOS version).
So I immediately checked my desktop version using the instructions in the above site and voila! A list of 29 passwords out of a total of 241 have been Pawned.
Now to the time consuming job of changing them but a big thank you to Troy and Enpass.
 
Joined
Mar 31, 2011
Messages
158
Reaction score
2
Points
18
Your Mac's Specs
2017 27" iMac, iPod Touch, iPhone 6s
Rod Sprague, Thank you for that post. I have used a password manager for many years, on PCs and now on Macs. As a result, it's got several categories and lots, really lots, of individual cards (apps, sites, credit cards, etc.) and, of course, a lot of passwords. Over the years, much of the data has become OBE, but the stuff sits there, rusting. Since reading your post this morning, I have downloaded the free version of enpass, and I am exploring and comparing it ... AND, while doing so, I am taking the opportunity to delete and discard where appropriate on my current manager. So, while I haven't decided yet whether I will shift to enpass or not, either way this exercise has prompted me to clean house, and I am grateful to you for that.

Also, I have tested some of my passwords at pwned, with mixed results. I am glad to be doing that!
 

Rod


Joined
Jun 12, 2011
Messages
5,920
Reaction score
176
Points
63
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOSX 10.15.1
Thats great, I'm doing much the same. Starting with the most important ones, things like financial institutions, social security etc. There is only one drawback I can see with Enpass, initially you have to enter each item manually. Some have complained that you cannot import passwords from another password manager but considering the options under Categories and tags I can't see how that would work anyway. Seems to me you would have to do a lot of editing afterwards.
Once done it's a breeze to use.
 
Last edited:
Top