You are either not logged in or not registered with our community. Click here to register.
 
July 29, 2021, 10:06:26 am

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Platinum Send us your theme!

Wiki Blogs Dicebot

Author Topic: General Advisory: Spam Email + Possible Password Compromise  (Read 647 times)

0 Members and 1 Guest are viewing this topic.

Online AngieTopic starter

  • Chrono Custodi Agent
  • Liege
  • Addict
  • *
  • Join Date: Aug 2012
  • The Futa Queen
  • View My Rolls
  • Referrals: 1
I keep my employment somewhat secret online, but something has come up at work today that I feel needs to be shared. I work for an ISP that also runs an email service. We have had several customers calling in reporting a spam email with the subject line of "I know everything". The body of the email generally reads that the person on the other end has a password of yours, and asks you to download the attachment to know more. While this is a spam message intending to get you to download something that likely has malicious code (I haven't downloaded or looked at any of the attachments sent because I'm not doing that), the email does actually list the password the scammer claims to have. Some of the customers state they do recognize that as an old password of theirs.

I think an older site somewhere on the internet may have been compromised, giving scammers access to much older passwords. And make no mistake these emails are indeed scams-if we're correct, the emails are originating from a server in China (Hong Kong to be specific) using a VPN to look like they're coming from somewhere in Africa, or vice versa. The sending domain appears to be "8250.com". I do not know if this potential compromise expands out of our customers or if it is relegated to us, but if you see an email like this, follow Angie's easy guide to dealing with scam emails of this nature:

Step 1: Take a deep breath. These scams are designed to scare the ever-loving bejeezus out of you. Don't let it happen. Take a step back, take a deep breath, and don't panic.

Step 2: Delete email. Don't let it hang around in your inbox. Do not download the attachment, or even open it because it is not worth your time or attention.

Step 3: Update old passwords. If you do recognize the claimed password, or you just know you have older passwords laying around out there that might be similar to your current passwords, start changing them. It's an annoying process and time consuming, but it's better to get the shields up now than to pay for it later. In fact, even if you DON'T get this spam email, go change your passwords anyway, no time like the present, eh?

Offline Gremgoblin

  • Lord
  • Enchanted
  • *
  • Join Date: Sep 2018
  • Location: the Hague, Netherlands
  • Gender: Male
  • توانا بود هر که دانا بود
  • View My Rolls
  • Referrals: 2
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #1 on: June 04, 2020, 03:45:01 pm »
Regarding the source of these passwords, it's also just as likely that they are part of the bulk password buying websites that operate. You pay 5 bucks and get access to a list of x amount of passwords and associated accounts. Most of them are out of date. They bank on finding a few that work, and then try and use that to look for other places they can login to. Most likely the excess is used to fire off emails and try and trick people into giving away their current password. Trojan? Keylogger? Who knows. Definitely don't click it to find out, just like Angie says.

Updating old passwords is always a good idea regardless of whether you got spooked into it or not -- using a password vault that can randomly generate passwords does wonders. :-)

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: City of Roses, PA.
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • View My Rolls
  • Referrals: 3
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #2 on: June 04, 2020, 04:11:39 pm »
As someone who used to work in the 'dot-com' industry, this is good practice.  Although I admit a certain guilty pleasure in informing some of them that the 'nudes on my phone/webcam footage' that they are threatening to upload would be a real challenge.  (My phone and computer don't have cameras.)

Online AngieTopic starter

  • Chrono Custodi Agent
  • Liege
  • Addict
  • *
  • Join Date: Aug 2012
  • The Futa Queen
  • View My Rolls
  • Referrals: 1
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #3 on: June 04, 2020, 04:36:21 pm »
As someone who used to work in the 'dot-com' industry, this is good practice.  Although I admit a certain guilty pleasure in informing some of them that the 'nudes on my phone/webcam footage' that they are threatening to upload would be a real challenge.  (My phone and computer don't have cameras.)

Heh. Reminds me that we do have full permission to keep scam callers talking to us at work-cause the more they talk to us, people who aren't going to fall for their scams, the more they aren't talking to someone who could be a customer of ours who might fall for it.

Offline CriminalMindsFan

  • Lord
  • Enchanter
  • *
  • Join Date: Jul 2012
  • Gender: Male
  • View My Rolls
  • Referrals: 0
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #4 on: June 04, 2020, 05:38:24 pm »
I got a email like that claiming to have something I gave Facebook like a phone number. I've never used or given a phone number to Facebook. They were asking me to use bitcoin and send them money or they'd send what they had on me to my Facebook contacts.

Offline Zaphod

  • Mr. Mojo Risin'
  • Lord
  • Addict
  • *
  • Join Date: Apr 2010
  • Location: Milliways
  • Gender: Male
  • Fire... walk with me
  • View My Rolls
  • Referrals: 0
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #5 on: June 04, 2020, 08:24:50 pm »
Post Yahoo and Marriott breach, literally everyone's old password is out there on a list somewhere. Updating passwords regularly or using a password manager is a must these days.

Offline Mellific

  • I'm better off, I'm better lost.
  • Dame
  • Addict
  • *
  • Join Date: Aug 2012
  • Location: Never really gone.
  • Gender: Female
  • Rose from beneath to find my escape.
  • View My Rolls
  • Referrals: 2
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #6 on: June 11, 2020, 06:11:51 am »
Thank you for the tip Angie, I appreciate knowing about these scams before they start to circulate. I've also heard about one that looks like it comes from Amazon. It claims that your subscription service is going to expire soon and directs you to a link where you must update your password. In so doing, you give the password to the malicious ones that sent the email. I told those I know with an Amazon membership about this in advance. Apparently, the logos and everything look very true to Amazon's actual logo and font.

Offline CharlieGirl2020

  • Submissive
  • Lady
  • Bacchae
  • *
  • Join Date: Jun 2020
  • Gender: Female
  • Hello??
  • View My Rolls
  • Referrals: 0
Re: General Advisory: Spam Email + Possible Password Compromise
« Reply #7 on: June 13, 2020, 04:18:19 pm »
Hi... I’m not sure if this is allowed. But I feel it should be spread around, as it’s important people don’t fall for it... Imgot an email (the password one’ and I have the email account it came from, I am NOT a going to post it until Staff or someone has told me it is okay to. Since an email is considered someone’s personal Information.