Personal computing discussed

Moderators: askfranklin, renee, emkubed, Captain Ned

 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53483
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Stupid Bitcoin extortion scams

Sat Nov 03, 2018 1:46 pm

Anyone else been getting these? Scammer claims to have hacked your computer, and as "proof" offers an old password (which was likely obtained from any one of a number of past security breaches of sites with weak password encryption). Claims to have installed a RAT on your PC, and obtained compromising info and your contact list; they will "out" you if you don't pay several hundred $ in Bitcoin.

I guess they're counting on people who rarely change their password, use the same password across multiple sites/accounts, and have incriminating info on their PC and/or in their browsing history to get tricked into believing something's really going on, and pay up.

:roll:

If you spew that crap out to millions of people, maybe a few here and there will actually believe it and pay up...?

I've received maybe a half dozen or so of these in the past couple of weeks. They've been making it through Google's spam filter, though I suppose that will end as the filter gets "trained" to recognize them as spam/scam e-mails.
Nostalgia isn't what it used to be.
 
meerkt
Graphmaster Gerbil
Posts: 1438
Joined: Sun Aug 25, 2013 2:55 am

Re: Stupid Bitcoin extortion scams

Sat Nov 03, 2018 2:20 pm

Is the password correct?

They may send it to millions, a few might bite, but I do wonder how many of these would be actual crypto users.
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53483
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Stupid Bitcoin extortion scams

Sat Nov 03, 2018 2:25 pm

It's a password I used on a few non-critical (otherwise I wouldn't have re-used it) sites several years ago. I'm sure they're counting on some people re-using the same password everywhere to convince their victims that their PC has actually been hacked.

At least one of the scam e-mails even copy-pasted the old password wrong (cut off the first letter). :lol:
Nostalgia isn't what it used to be.
 
qmacpoint
Gerbil Team Leader
Posts: 263
Joined: Wed Mar 14, 2018 12:56 pm

Re: Stupid Bitcoin extortion scams

Sat Nov 03, 2018 2:33 pm

just brew it! wrote:
It's a password I used on a few non-critical (otherwise I wouldn't have re-used it) sites several years ago. I'm sure they're counting on some people re-using the same password everywhere to convince their victims that their PC has actually been hacked.

At least one of the scam e-mails even copy-pasted the old password wrong (cut off the first letter). :lol:

I've been getting these emails too even through Google, there may be some randomness to the titles that allows them to go through anti-spam filters.

Some background info for other people: This is from numerous sites that get hacked and the credential information gets compiled into massive user/password lists. Nothing to worry about really (unless you actively use that password... shame on you people if you do this), just some scammers scraping these lists and sending phishing emails to people. You can check what sites have been compromised for sure if you look up your email in https://haveibeenpwned.com/
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Stupid Bitcoin extortion scams

Sat Nov 03, 2018 7:20 pm

I get them all the time, even at my .gov work email address. It's usually fairly entertaining to screw with them though.
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
NovusBogus
Silver subscriber
Graphmaster Gerbil
Posts: 1408
Joined: Sun Jan 06, 2013 12:37 am

Re: Stupid Bitcoin extortion scams

Sat Nov 03, 2018 10:13 pm

I haven't run into this one yet. But the vast majority of my poorly secured accounts also use a crappy free email address that I never check, so I likely won't notice if they do try to come after me.
 
Krogoth
Gerbil Elder
Posts: 5835
Joined: Tue Apr 15, 2003 3:20 pm
Location: somewhere on Core Prime
Contact:

Re: Stupid Bitcoin extortion scams

Wed Nov 07, 2018 10:41 am

This is the next wave of ransomware. The scammers are trying to play into "whales" who got "rich" on the last crypto-currency craze.
Gigabyte Z390 AORUS-PRO Coffee Lake R 9700K, 2x8GiB of G.Skill DDR4-3600, Sapphire RX Vega 64, Corsair CX-750M V2 and Fractal Define R4 (W)
Ivy Bridge 3570K, 2x4GiB of G.Skill RIPSAW DDR3-1600, Gigabyte Z77X-UD3H, Corsair CX-750M V2, and PC-7B
 
The Egg
Gold subscriber
Minister of Gerbil Affairs
Posts: 2924
Joined: Sun Apr 06, 2008 4:46 pm

Re: Stupid Bitcoin extortion scams

Wed Nov 07, 2018 1:08 pm

An ex-coworker's address has been getting a multitude of "I hacked your webcam and recorded you having fun at an adult website" extortion attempts lately. Most of them say "I know your password is ____", but it's always just randomized nonsense that incorporates the username. I've seen prices range from $400 - $6,000 so far :roll:
 
Dposcorp
Silver subscriber
Minister of Gerbil Affairs
Posts: 2757
Joined: Thu Dec 27, 2001 7:00 pm
Location: Detroit, Michigan

Re: Stupid Bitcoin extortion scams

Wed Nov 07, 2018 4:06 pm

just brew it! wrote:
It's a password I used on a few non-critical (otherwise I wouldn't have re-used it) sites several years ago.


Seem with me.......an old password from years ago. I dont even respond.
 
bthylafh
Maximum Gerbil
Posts: 4270
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Stupid Bitcoin extortion scams

Wed Nov 07, 2018 4:27 pm

A couple of my users started getting these a few months ago.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2675
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Stupid Bitcoin extortion scams

Thu Nov 08, 2018 1:33 am

I haven't gotten one yet, but I did get an email from the IT dept letting everyone know that there was a large number of these messages coming in and to be aware if one made it through all the spam traps.

--SS
 
RuiFig
Silver subscriber
Gerbil
Posts: 31
Joined: Tue May 19, 2015 4:46 am
Location: Edinburgh, Scotland
Contact:

Re: Stupid Bitcoin extortion scams

Thu Nov 08, 2018 7:07 am

I got one of those a few days ago too.
In my case it was the password of a website I haven't used in years (RentACoder / Freelancer / whatever).
The password was correct and not used in any other websites, so the only explanation is they got hacked.
I did some quick googling for breaches on that website, and nothing. I wouldn't be surprised they never bothered telling their users they got hacked.

Anyway, I change the password, ignored the email, and moved on.
Code Monkey at Cloudgine Ltd. Personal blog on coding: http://www.crazygaze.com
 
Aphasia
Grand Gerbil Poohbah
Posts: 3694
Joined: Tue Jan 01, 2002 7:00 pm
Location: Solna/Sweden
Contact:

Re: Stupid Bitcoin extortion scams

Thu Nov 08, 2018 9:17 pm

Some of the passwords dumps they use are know, I have a thing where I used a couple of chars so I could identify which site something came from...
One of the dumps is the adobe dump, another is Fred Miranda, but if you go look at Troy Hunt's site Haveibeenowned you can assume all the big freely available dumps are used.

The latest batch have even started omitting the passwords entirely just basically doing a lazy ass copycat scam of a scam version if the whole thing...
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53483
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Stupid Bitcoin extortion scams

Fri Nov 09, 2018 6:47 am

Yeah, I'm pretty sure mine came from the Adobe dump. That was one of the sites I used that password on.
Nostalgia isn't what it used to be.
 
danny e.
Maximum Gerbil
Posts: 4444
Joined: Thu Apr 25, 2002 3:09 pm
Location: Indonesia/Nebraska/Wisconsin

Re: Stupid Bitcoin extortion scams

Mon Nov 19, 2018 1:18 pm

i feel left out.
You don't have to feel safe to feel unafraid.
 
The Egg
Gold subscriber
Minister of Gerbil Affairs
Posts: 2924
Joined: Sun Apr 06, 2008 4:46 pm

Re: Stupid Bitcoin extortion scams

Mon Nov 19, 2018 4:00 pm

Got one this morning to the same work address demanding 9,000 :lol:
 
biffzinker
Gerbil Jedi
Posts: 1998
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Stupid Bitcoin extortion scams

Mon Nov 19, 2018 5:50 pm

I've been getting text messages wanting me to claim x amount of bitcoin in exchange for certain details. Had one yesterday show up while I was at work.
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 27963
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Stupid Bitcoin extortion scams

Mon Nov 19, 2018 6:27 pm

biffzinker wrote:
I've been getting text messages wanting me to claim x amount of bitcoin in exchange for certain details. Had one yesterday show up while I was at work.

I've long wondered (day job) when the age-old 419 scam would move to dangling Bitcoins in front of people. I need wonder no longer. Betcha the weblink/email comes complete with some ransomware as well, just to keep the Bitcoin books balanced.
What we have today is way too much pluribus and not enough unum.
 
derFunkenstein
Gerbil God
Posts: 25232
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Stupid Bitcoin extortion scams

Fri Nov 30, 2018 11:31 am

I got one of these today. I'm almost certain it was tied to the Adobe breach. The password included in the email is so old that if I'm still using it on a website, that account deserves to be hacked. LOL
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
Twittering away the day at @TVsBen
 
drfish
Gold subscriber
Gerbil Elder
Posts: 5545
Joined: Wed Jan 22, 2003 7:53 pm
Location: Zeeland, MI

Re: Stupid Bitcoin extortion scams

Fri Nov 30, 2018 11:58 am

A couple of my users have gotten these, snuck through Office 365. Both of them had legit old passwords. One of my users in particular was legit freaked out by it, but I was so decisively dismissive that I think they felt better quickly. I just told them to make sure they aren't using that password anywhere anymore.
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Stupid Bitcoin extortion scams

Fri Nov 30, 2018 12:52 pm

I just got a few of them in the past few days - none had a password I recognized. Weird.
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53483
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Stupid Bitcoin extortion scams

Fri Nov 30, 2018 8:15 pm

Yeah, the first few I got had a password which I'm pretty sure leaked in the Adobe breach. Since then the passwords have been random (and not something I've ever used). They're still coming, but Google is doing a better job of sending them to the Spam folder without manual intervention.
Nostalgia isn't what it used to be.
 
The Egg
Gold subscriber
Minister of Gerbil Affairs
Posts: 2924
Joined: Sun Apr 06, 2008 4:46 pm

Re: Stupid Bitcoin extortion scams

Fri Dec 14, 2018 8:42 am

Mass Email Hoax Causes Closures Across US And Canada - Ars

Looks like the spammers have taken things to the next level. Wow. Certainly hope it's not a sign of things to come, but unfortunately I suspect it will be. I disagree with the article somewhat, as he alludes towards it being something state-sponsored. While entirely possible, I'm generally more pragmatic when someone suggests conspiracy. To me, it seems like a natural (though insane) escalation of what they were already trying to pull. Criminals aren't known for their clear, logical thinking.
 
liquidsquid
Minister of Gerbil Affairs
Posts: 2660
Joined: Wed May 29, 2002 10:49 am
Location: New York
Contact:

Re: Stupid Bitcoin extortion scams

Fri Dec 14, 2018 9:46 am

For me it was the Weather Underground password (I mostly use unique ones on every site just for this reason) but boy, when that Email came in, was I ever livid.
My kiddo shared my E-mail for a while for Cub Scouts until he was old enough to have his own. I had some 'splainin to do about web security, privacy, what most people use the internet for... it was an "interesting" discussion. Of course he is getting to "that age" when he will be testing the limits of my bandwidth soon. Ugh.

You have to admire the cleverness of this "hack" and I am sure it was very successful. Sometimes I wish the mob were still powerful, and a hacker would mess with the wrong dude.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 760
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: Stupid Bitcoin extortion scams

Tue Dec 18, 2018 1:21 pm

Yup, my company got hit with the latest bomb threat extortion.
Glad our users were smart enough to just report it to I.T. and carry on.
 
anotherengineer
Gerbil Jedi
Posts: 1675
Joined: Fri Sep 25, 2009 1:53 pm
Location: Northern, ON Canada, Yes I know, Up in the sticks

Re: Stupid Bitcoin extortion scams

Tue Dec 18, 2018 8:10 pm

Nothing of the sort here, I only have a hotmail and my university email account though.
Life doesn't change after marriage, it changes after children!
 
anotherengineer
Gerbil Jedi
Posts: 1675
Joined: Fri Sep 25, 2009 1:53 pm
Location: Northern, ON Canada, Yes I know, Up in the sticks

Re: Stupid Bitcoin extortion scams

Tue Dec 18, 2018 8:11 pm

Arvald wrote:
Yup, my company got hit with the latest bomb threat extortion.
Glad our users were smart enough to just report it to I.T. and carry on.


Ya our company has integrated a "phishing scam" button into outlook. Some days I feel like clicking it for meeting requests :)
Life doesn't change after marriage, it changes after children!
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 760
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: Stupid Bitcoin extortion scams

Wed Dec 19, 2018 9:58 am

anotherengineer wrote:
Arvald wrote:
Yup, my company got hit with the latest bomb threat extortion.
Glad our users were smart enough to just report it to I.T. and carry on.


Ya our company has integrated a "phishing scam" button into outlook. Some days I feel like clicking it for meeting requests :)

Just make sure that it the meeting is scheduled somewhere warm and I'll accept.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 760
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: Stupid Bitcoin extortion scams

Wed Dec 19, 2018 10:00 am

anotherengineer wrote:
Arvald wrote:
Yup, my company got hit with the latest bomb threat extortion.
Glad our users were smart enough to just report it to I.T. and carry on.


Ya our company has integrated a "phishing scam" button into outlook. Some days I feel like clicking it for meeting requests :)

oh if anyone is wondering the current wording of the scam

Objet : Use your time wisely

Good day. There is a bomb (Tetryl) in the building where your business is located. My recruited person built the explosive device according to my guide. It can be hidden anywhere because of its small size, it is impossible to damage the supporting building structure by this bomb, but if it detonates you will get many wounded people.
My mercenary keeps the building under the control. If he notices any unusual activity, panic or emergency he will blow up the bomb.
I want to suggest you a deal. 20'000 usd is the price for your life and business. Pay it to me in BTC and I assure that I have to withdraw my man and the bomb will not explode. But do not try to deceive me- my guarantee will become actual only after 3 confirms in blockchain network.

My payment details (BTC address)- 15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM

You have to solve problems with the transaction by the end of the working day. If the working day is over and people start leaving the building the device will detonate.
This is just a business, if I do not see the bitcoins and a bomb detonates, next time other companies will send me more bitcoins, because it isnt a one-time action.
To stay anonimous I wont visit this email. I monitor my wallet every 20 min and if I see the payment I will order my man to get away.

If an explosion occurred and the authorities see this email-
We are not terrorists and do not take liability for acts of terrorism in other buildings.
 
SuperSpy
Gold subscriber
Minister of Gerbil Affairs
Posts: 2402
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Stupid Bitcoin extortion scams

Wed Dec 19, 2018 10:55 am

I love the little blurb at the end, as if that's going to prevent the FBI or whoever from knocking their door in.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560

Who is online

Users browsing this forum: Heiwashin and 4 guests
GZIP: On