You know the e-mails I’m talking about. Yes you know exactly what i mean, that shit that goes into your spam folder and you wish you could respond to it. i must admit, since they became all the rage they are becoming somewhat less sophisticated.
Lets have a laugh at the latest one that dropped into my inbox.
SUBJECT: High level of danger. Your account was under attack. Hello! I have very bad news for you. 27/12/2019 - on this day I hacked your OS and got full access to your account So, you can change the password, yes.. But my malware intercepts it every time. How I made it: In the software of the router, through which you went online, was a vulnerability. I just hacked this router and placed my malicious code on it. When you went online, my trojan was installed on the OS of your device. After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). You can check it - I sent this message from your account firstname.lastname@example.org A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock. But I looked at the sites that you regularly visit, and I was shocked by what I saw!!! I'm talk you about sites for adults. I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course! And I got an idea…. I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular! I'm know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $774 is a very, very small amount for my silence. Besides, I have been spying on you for so long, having spent a lot of time! Pay ONLY in Bitcoins! My BTC wallet: 1SWATeAmcr9wuCbFGdAkPZi4KoXBjjMFe (yes this is ours not the one in the actual email) You do not know how to use bitcoins? Enter a query in any search engine: "how to replenish btc wallet". It's extremely easy For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work. After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys". I hope you understand your situation. Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server) Do not try to contact me (you yourself will see that this is impossible, I sent you an email from your account) Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server. P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker. I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation. Do not hold evil! I just do my job. Good luck.
I mean seriously? this guy doesn’t even have a grasp of the English language and he expects me to send him bitcoin? in all fairness the level of English shown; shows someone that simple that i very much doubt they can grasp the concept of bitcoin.
Yes we all know this dipshit probably has English as his 3rd language or something (given the depths of serious grammatical errors – which is saying something given the original releases of SWAT Magazine – arr, 1998 was a shit year for the English language), but i mean seriously, if you want to try and scam some fucker at least put in some effort.
Don’t go trawling the darknet for hacked databases, extract all of the email addresses, throw together some weak effort of a spam mail and fire it off using some dubious SMTP server you bough for $3 from some kid in Romania only to have it delivered directly into the junk folder, all of that effort wasted. Note that the actual bitcoin address that was listed in the email received a total of 0 transactions many days after the fact.
Skids these days are just lazy.
Actually, if I’m honest it was after these e-mails became a bit of a fad that i started taking note of things, the interesting and unnerving ones that i received where the ones that had old passwords in them, chances are you’ve had one too.
Now don’t get me wrong, I’ve been known to have various permutations of several passwords, but once that shit starts getting decrypted out of databases, or even worse pulled plaintext from one SQL dump, shit starts getting worrying.
To make matters worse, every site on the net these days requires that you sign up and give them details of some description, i feel really sorry for all of the identities that I’ve been using over the years, god knows how much junk mail those poor buggers are getting.
Anyhow its actually what got me looking into password managers, personally I’ve never trusted the things, hell, back in the day the USA’s third biggest domain registrar couldn’t stop SWAT from owning all of its domain names, what chance do we have of some fucker looking after all of your passwords?
Well technology has moved on and i doubt very much they keep all of the login and passwords available in plaintext in a publicly readable directory, but nonetheless I’m always sceptical.
Upon further looking into things it’s quiet clever, despite the usual gimmicks of easily generating a 52 character password using the usual upper, lower, numbers and symbols, your password database is essentially encrypted using your “master password” so as long as you don’t go using shit like “p4ssw0rd” or or “letmein” then it should be reasonably secure.
So keep your 52 character passwords all nice and secure, auto fill them where you need to, update them on a whim and all that usual bollocks.
If you’re interested then check out LastPass, I’ve been using it for the last couple of years and had no issues, plus I’ve found you can use it to track down what databases have been hacked, the next time you get some skid emailing you with your password, tie it up to what site you’ve used it with.
Assuming that the database was plaintext of course, nobody is going to waste the CPU or even multiple GPU power decrypting some of the shit you can generate from the browser plugin.
Use it or don’t, i couldn’t care less, but its your accounts, not mine.