Question Has anyone else experienced this?

Jul 22, 2019
1
0
10
0
I'm hoping someone can help me with two emails I've received, Both are from 'Save Yourself' but are different email addresses and sent on different dates?

The first initial email highlights:

On Saturday the 20th of July at 12:52PM
I received the FIRST email from SaveYourself28@1318.com 'Save Yourself' with the subject field 'Your Chance' stating they know one of my passwords as my computer was infected with their private malware. This claim is true and I can confirm they know my password to one of my website log ins. they have indicated QUOTE:

*your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

*My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.

*I collected all your private data and I RECORDED YOU (through your webcam).

*After that I removed my malware to not leave any traces and this email was sent from some hacked server.

*I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts.

*But you can stop me and only I can help you out in this situation.

The only way to stop me, is to pay exactly 800$ in bitcoin (BTC).

It's a very good offer, compared to all that horrible shit that will happen if I publish everything!

***

They then proceed to go on and tell me how I can buy bitcoin at these websites that they have listed.

They have also now provided me with their bitcoin wallet-

***
* My bitcoin wallet is: 1MnUgqSkToq3j7ozwjSh54m1WxWZ3Xqym6

Copy and paste my wallet, it's (cAsE-sEnSEtiVE)

*You got 3 days time to pay.

*As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I remove all your data and you can life your live in peace like before.

*Next time update your browser before browsing the web!





*Mail-Client-ID: 8382423811

[End of email]
 

britechguy

Prominent
Jul 2, 2019
834
110
640
20
I will simply note that you need to change your password(s) only if the one they report they have (and quoted) is current.

There have been many, many, many incidents over the years where password information was obtained and resold on the black market that has formed the basis of these sextortion scams (among others) ever since.

Those who never (or almost never - and I include myself in this group) change passwords have reason to feel uneasy if still using the same one and it has been leaked. However, if it's a password that was yours, and hasn't been in use for quite a while, there's virtually zero to worry about.

Rushing around changing passwords that have already been changed or passwords that were different than the ones used in these sorts of scams is a huge waste of energy. It would take me literally days to change each and every password I have given the number of sites that use them.

You also need to look at where you may have used that password. If someone sent me a scam letter with the password I use on my local newspaper's website, I would not be particularly worried at all. If it contained the password I use when doing online banking or dealing with credit cards I would.

One way you can create really secure passwords that are easy for you to remember and that allows you to create same on a site by site basis and still remember them, which I call the Portmanteau Method, which I'll include now:
----------------------------------------------
The Portmanteau Method of Creating Passwords

There seems to be a belief that creating passwords that are relatively short, say 8 characters, that are a mis-mash of digits, upper and lower case characters, and special characters is the best way to ensure security. It isn’t, since most password cracking is done via computer brute force. It’s also not helpful to you if you cannot recall a password for love nor money.

Password length is a far better way of increasing security than anything else. I have often discussed what I dub "The Portmanteau Method" of coming up with very secure passwords that, if you choose your elements carefully, and apply them consistently, will be simple for you to remember, become simple for you to type, and be nearly unbreakable.

Let’s say the following information is accurate for you (some random you):

Your childhood address was: 1653 Rockport Ln
Your first (or favorite) pet was named Admiral
Your preferred special character is an exclamation point

If you create a password (pass phrase, really, but I never use embedded spaces) on a site by site basis, using something about the site, be it part of the URL or something else memorable to you about it and only it, you can create some really secure passwords. Some examples:

For the Discover Card website: Discover1653Admiral! or 1653DiscoverAdmiral! or !1653DiscoverAdmiral

For First Bank & Trust: FirstBank1653Admiral! or 1653FirstBankAdmiral! or !1653FirstBankAdmiral

Using a site such as https://howsecureismypassword.net/ if you enter any one of the above passwords you'll see that by brute force cracking it would take approximately 3 sextillion years to break any one of them.

Provided you keep whatever "fixed elements" you choose in a fixed position, like address house number first, site specific info (which changes) second, pet name third, and single character 4th, you can generate a password that would be virtually impossible to crack unless you were to give someone else all of those details about your life and they know which things you've chosen. You could easily have chosen "Rockport" instead of "1653" but the result would be equally unbreakable because it's not a dictionary word and it's long.

My own portmanteau is not quite that long. Most of the results of it would take approximately 200 years of brute force computing to crack, yet I instantly know when I land on a website or similar what the fixed elements of mine are, and where they're located, and the password rolls quickly off my fingers.

Presuming a portmanteau, and not a string of dictionary words, via brute force 8 character passwords take 2 Hours to crack, 9 character passwords take 4 days to crack, 10 character passwords take 8 months to crack. So as you can see just increasing a password length by a few characters makes a huge difference in how long it would take to crack them via brute force.

If you use a 3-digit house number, a 5-character pet name, and a single special character you've already got 9 characters. Add in the site specific component and, well . . .
 

digitalgriffin

Distinguished
Jan 29, 2008
735
136
19,190
10
I'm hoping someone can help me with two emails I've received, Both are from 'Save Yourself' but are different email addresses and sent on different dates?

The first initial email highlights:

On Saturday the 20th of July at 12:52PM
I received the FIRST email from SaveYourself28@1318.com 'Save Yourself' with the subject field 'Your Chance' stating they know one of my passwords as my computer was infected with their private malware. This claim is true and I can confirm they know my password to one of my website log ins. they have indicated QUOTE:

*your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

*My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.

*I collected all your private data and I RECORDED YOU (through your webcam).

*After that I removed my malware to not leave any traces and this email was sent from some hacked server.

*I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts.

*But you can stop me and only I can help you out in this situation.

The only way to stop me, is to pay exactly 800$ in bitcoin (BTC).

It's a very good offer, compared to all that horrible shit that will happen if I publish everything!

***

They then proceed to go on and tell me how I can buy bitcoin at these websites that they have listed.

They have also now provided me with their bitcoin wallet-

***
* My bitcoin wallet is: 1MnUgqSkToq3j7ozwjSh54m1WxWZ3Xqym6

Copy and paste my wallet, it's (cAsE-sEnSEtiVE)

*You got 3 days time to pay.

*As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I remove all your data and you can life your live in peace like before.

*Next time update your browser before browsing the web!





*Mail-Client-ID: 8382423811

[End of email]
Go to "Have I been p@wned" and type in all your email addresses. Those are your compromised accounts. They collect the addresses from the dark web to see which accounts have been hacked. That said, change the passwords on all your critical accounts including the security questions.



It happens to a lot of people. Don't feel bad. Yahoo compromised one of my accounts. NewEgg was another that was compromised. Equifax, Target, the list goes on and on.

Now if you did anything illegal, and the hacker is malicious, then I would worry,. Otherwise what they are doing is a felony is most countries. They themselves are breaking the law.

You likely don't have anything to worry about. But you can put a credit freeze on all your accounts. This is a good idea any way given the equifax hack.

Most modern webcams do not have the ability to turn on without the camera light. You would know if you were recorded. AND most anti virus today would alert you the second any program tries to access it.
 

britechguy

Prominent
Jul 2, 2019
834
110
640
20
Also keep in mind with regard to digitalgriffin's excellent advice that you do need to consider when the breaches occurred.

My primary e-mail address was pwned on two occasions, years ago, and the "shelf life" of illegally obtained information tends to be really short because once compromises like the Anthem and Equifax breaches (both of which I was hit by) occur, most folks immediately change their passwords.

Your e-mail address, for any you, is essentially public knowledge for those who want it from the first use. They may not know who it belongs to, but e-mail addresses are plainly visible as part of the actual transport process of e-mail.

Knock wood (and I also have identity theft monitoring, too) none of my information has ever shown up being used by nefarious actors.
 

ASK THE COMMUNITY