Ransom message

[stefanmaine]

I have a MacOS Sierra on an iMac Retina 2017. I have received an email message sent to my Gmail account from "[email protected]" telling me “I do know ***** is your passphrases [at ***** the message displays an old, OBE, out of use password]. Give me USD 869 at Bitcoin B*T*C* ad*dre*ss: 14cxPepKjJ8XR5k4u7jskJiqMH2vGFV5WY”

There is a warning that if I do not send the money “i most certainly will send your video clip to each one of your personal contacts” The video clip is described as related to a visit I have presumably made to a pornographic website.

The whole thing is phony. I have never been to a pornographic website, the “passphrase” the message claims to have is OBE and has been for a long time. I have no idea where they got the password, but it is no longer active anywhere.

Just in case, I ran Malware Bytes Premium, Clam XAV, and SmartReporter. Everything is clean.

Do I simply delete this message, or is there some cyber security website that likes to see these kinds of messages regardless of what they look like?

If I have posted this in the wrong section, please say so. Of all the choices, this seemed the most logical.

 

[Raz0rEdge]

You can forward that message to the FBI if you want, and their Cyber division may look into it.

In your case, you should PROMPTLY change all of your passwords on ALL of your sites (important or not) and also delete accounts on sites you do not use anymore.

My guess is that your old password was probably leaked from some site and they are using scare tactics to get you to pay for it. Since this password WAS legitimate at one point in time, people will assume the rest of the threat is also valid and pay up.

 

[harryb2448]

Just a scam and ignore.

Get these slime bags threatening this all the time. Guess they work on the 1`% rule and this returns good money.

 

[IWT]

This is becoming more commonplace and there are several threads in our Forums along the same lines.

Don’t reply. Don’t negotiate. Ignore. In the process, you may need to clear your web browser caches.

In addition, just as a precaution, download, install and run Malwarebytes app. Don’t pay anything for this. Take the 30 trial at the end of which it becomes free as an on-demand app.

Clam XAV and the other AV products won’t help in the least and are best uninstalled.

A quick search of our Forums will bring up similar threads and advice.

Ian

 

[stefanmaine]

Thank you all. I have followed your advice. As IWT suggests, I did find other, similar reports at this Forum. Thanks for suggesting that. I am pretty sure I used this password at Anthem whose database of 80 million people was hacked in 2015. It has since been changed, but presumably it would have appeared in the hacked data. Maybe that's where "these slime bags" (in harryb2448's charming phrase!) got it. Anyway, again, thank you being here.

For those interested, the email editor displays this in the message source information: (171-100-242-122.static.asianet.co.th. [171.100.242.122])

 

[Rod]

As suggested it's probably time to do a bit of a security update especially for important sites. You might also like to consider getting a Password Manager, 1Password has been highly recommended, it will make using, managing and creating passwords a breeze.
It also has a new feature called Watchtower" which allows you to audit and check passwords against email addesses for recent hacking events.

 

[stefanmaine]

Reading 1Password's website, as suggested by Rod Sprague, led me to "have i been pwned?" at https://haveibeenpwned.com/ where I read "Mac Forums: In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form. Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames"

I don't recall writing about that here, although I may have.

 

[Rod]

Yes we were all made aware of that at the time. We are prompted to change our password every 6 months but I do that a little more frequently myself. There have been more serious breaches recently as you probably read. My primary email came up on the Have I Been Pawnd site over a year ago as I am a subscriber to the site. That was as it turns out how I found out about 1Password's new features.
I have over 100 sites associated with that email account so I'm not about to ditch it but many are out of date or redundant. I will slowly work my way through the important ones in my password manager and change passwords as I go. There really is no other way. The most important sites have 2SV or 2FA anyway and rest have little or no personal information anyway. Mind you I would be annoyed if someone locked me out of Mac Forums.


Sent from my iPad using Mac-Forums

 

[stefanmaine]

I will slowly work my way through the important ones

I have done that too. Yesterday's "ransom message" has prompted me to do some of it again. It's a nuisance, but clearly necessary.

The "have i been pwned?" website is very nice in specifying which email address has been compromised and where. I thank you again for alerting me to 1Password which in turn alerted me to "have i been pwned?" (Incidentally, what is "pwned"? At first, I took it to be "passworded" but then why the n?)

 

[MacInWin]

pwned https://www.urbandictionary.com/define.php?term=pwned

 

[IWT]

Well, Jake, I never knew that. I subscribe to Troy Hunt”s blog and podcasts so I am very familiar with the term.

But I’m too embarrassed to admit what I thought it meant. I was assuming it was his Australian accent that appeared to mispronounce the word.

Ian

 

[Rod]

Thanks from me too Jake, I thought it meant pawned as in sold or traded. So now we know.


Sent from my iPhone

 

[Rod]

I have posted this seperatly but just FYI stefanmaine and those who contributed to this thread:

Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt on his web site "Have I Been Pawned"
This topic came up recently in another post and I mentioned that 1Password allows this via a new addition called Watchtower.
I'm pleased to announce that my default password manager Enpass also has this facility. https://www.enpass.io/docs/manual-desktop/pwned.html
Call me stupid but until today I was not aware of this so I cannot say how long this feature has been included. I found out purely by accident while reading the long list of "bug" fixes in the iOS update notes re a wrong message that may occur during the process of checking your passwords against the breached list (only for the iOS version).
So I immediately checked my desktop version using the instructions in the above site and voila! A list of 29 passwords out of a total of 241 have been Pawned.
Now to the time consuming job of changing them but a big thank you to Troy and Enpass.

 

[stefanmaine]

Rod Sprague, Thank you for that post. I have used a password manager for many years, on PCs and now on Macs. As a result, it's got several categories and lots, really lots, of individual cards (apps, sites, credit cards, etc.) and, of course, a lot of passwords. Over the years, much of the data has become OBE, but the stuff sits there, rusting. Since reading your post this morning, I have downloaded the free version of enpass, and I am exploring and comparing it ... AND, while doing so, I am taking the opportunity to delete and discard where appropriate on my current manager. So, while I haven't decided yet whether I will shift to enpass or not, either way this exercise has prompted me to clean house, and I am grateful to you for that.

Also, I have tested some of my passwords at pwned, with mixed results. I am glad to be doing that!

 

[Rod]

Thats great, I'm doing much the same. Starting with the most important ones, things like financial institutions, social security etc. There is only one drawback I can see with Enpass, initially you have to enter each item manually. Some have complained that you cannot import passwords from another password manager but considering the options under Categories and tags I can't see how that would work anyway. Seems to me you would have to do a lot of editing afterwards.
Once done it's a breeze to use.