BLACKMAIL

[Howard LewisParticipant @howardlewis46836]

Today have recieved some very strange E mails.

Someone has hacked into my E mails.

One threatens to publish that I have been viewing porn videios, unless payment of $600 is made.

Consequently have had to spend a lot of time upgrading security and changing passwords.

If you see anything of this nature, please ignore it and delete, if possible, lest they hack into you!

Howard

[Michael GilliganParticipant @michaelgilligan61133]

Probably mere coincidence, but I was in Morrison’s supermarket today when their entire check-out system failed … cue much scurrying-about by Management.

We were assured that the Internet had gone-down, but I did en-passant mention the Russians.

MichaelG.

[mike TParticipant @miket56243]

Ha ha. So, the Russians tracked you down to your local Morrison’s supermarket and took out the entire check out system.

Impressive…. but don’t get paranoid about it, it may have been a mere coincidence.

 

Mike

[Michael GilliganParticipant @michaelgilligan61133]

🙂

[Ian PParticipant @ianp]

Howard I dont think anybody has ‘hacked into your emails’, more likely that you have just received an email.

In the past I have been a recipient of that type of email (several over a two year period) and whilst having nothing to hide I was initially concerned because the sender was so persistent, ‘he’ said had secretly recorded image and video files of me despite the fact that my PC has no camera.

I think this type of ransomware email are sent out in bulk by web-bots to any email address they can scavenge whilst trawling the web.

Best just to delete.

Ian P

 

 

[Howard Lewis]

On 21 November 2024 at 19:22 Howard Lewis Said:

…

Someone has hacked into my E mails.

…

Consequently have had to spend a lot of time upgrading security and changing passwords.

…

Don’t worry too much, it’s unlikely the email system or your good self have been hacked in the sense of this being an actual security breach.  Probably isn’t a crook inside Howard’s computer, busy mining his web/email history, bank & personal details.

More likely some ne’er do well has got hold of Howard’s email address and is simply posting accusations on the off chance he has a guilty conscience and will pay up without thinking.

Harvesting and selling valid email addresses for criminal and legitimate purposes is big business. Happened to me ten years ago because a friend of a friend enjoyed exploring porn and off-colour websites.  These websites allow users to forward jokes to their mates by email,  the booby trap being that the email is blind copied to the bad guys, who collected all the email addresses.  Text added by the baddies to the email invited recipients to forward the email to their friends, an electronic pyramid scheme.

So my friend blew my cover by sending me one of these nasties and soon after I got several blackmail attempts.  Knowing how, I was able to identify the source as Hanoi, and that the leak was my friend, who couldn’t understand he’d caused a problem – “Just a bit of fun Dave”. Had to close my email account and open another…

No harm in keeping security up-to-date and changing passwords.

Dave

[FulmenParticipant @fulmen]

My advice is to use unique machine generated passwords for all sites and a good password manager like Bitwarden.

[Howard LewisParticipant @howardlewis46836]

Thanks for the help.

The low life DID hack in, somehow, as I found “Any Desk” in DOWNLOADS.

This is one of the favourites for scammers, according to BBC Scam Interceptors.

Needless to say, it is no longer in place. Deleted and then deleted from the Recycle bin. So no more demands, remote acess, or operation!

Have spent HOURS buying different security, and changing passwords. So much so, that despite having noted the passwords, I now have difficulty getting in.  Seems to need a password for every change of page!

Hopefully this will be the last that will be heard of it, and no attempts will be made blacken my name!

Just goes to show how careful we have to be!

Certainly wasn’t going to pay up, since this would have been an admission of guilt, and probably produced further demands.

Ar least, my address book has been pruned, as part of the checks, which might speed things up a bit!

Howard

[peak4Participant @peak4]

Might be worth a read for others, discussing where to forward dodgy emails

https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email

Bill

[Michael GilliganParticipant @michaelgilligan61133]

Exploring that site a little further, the News page is always worth a look

… for example, this from 10-October:

https://www.ncsc.gov.uk/news/russian-foreign-intelligence-poses-global-threat-with-cyber-campaign-exploiting-established-vulnerabilities

MichaelG.

[DellParticipant @dell]

I had the same thing Howard & had to change passwords luckily I use a different email for anything financial.

Dell

[peak4Participant @peak4]

Windows 10 users have a potential problem, as support ends next year.
Personally I’ve no great desire for a new PC, as this one does all I ask of it, but W11 isn’t suitable for hardware reasons.
I think there may be a way round that, but I’ve not explored it so  far.

Apparently Microsoft is planning to offer paid-for security upgrades for a further year

https://www.theverge.com/2024/10/31/24284398/microsoft-windows-10-extended-security-updates-consumer-pricing

Bill

[Howard Lewis]

On Howard Lewis Said:

 

The low life DID hack in, somehow, as I found “Any Desk” in DOWNLOADS.

This is one of the favourites for scammers, according to BBC Scam Interceptors.

Needless to say, it is no longer in place. Deleted and then deleted from the Recycle bin. So no more demands, remote acess, or operation!

I wouldn’t have thought AnyDesk was responsible for the scam email. It’s a legitimate remote access software packags AFAIK, although it can be abused for malicious activity. The download may have been initiated unwittingly by clicking a link, but should be harmless unless it was then installed. Have you checked  the installed programmes list, if it’s there then delete via “Control Panel”. Recycle Bin is not involved.

As said, I think the email was because a scammer got hold of your address.

[Howard LewisParticipant @howardlewis46836]

Someone  DID manage to get in, and downloaded AnyDesk (A favourite of Indian scammers according to Scam Intercepters, to take remote control of a computer) and sent me an E mail as me!

It was hidden in a folder marked Videos. However, both now deleted from the recycle bin, and new security in place.

It is now so tight that it can cause me problems, whilst still on the learning curve.

Hopefully, this is the last to be heard of it.

A friend who is into computers, says that it is not unusual, and it is possible to circumvent even good security.

Good security, presumably, will make it not their while to expend a lot of time and effort, when easier chances are there.

Very upsetting and took a lot of time.

Howard

[Chris CrewParticipant @chriscrew66644]

I can’t be the only one that has noticed that the recent fraud re-imbursement policy agreed by the banks and other financial institutions is being implemented with an excess of £100. Clearly, this means that if someone is scammed out of anything up to £99 they will not be reimbursed or if they, for example, are scammed out of £300 they will only reimbursed £200 if it is accepted that they are a genuine victim of fraud.

[Grindstone CowboyParticipant @grindstonecowboy]

I’m reminded of a very old scam (if that’s what they were called in Victorian times) that involved scouring the obituaries columns for a recently deceased clergyman, and then sending an invoice to their address for some salacious books. The grieving relatives, or his legal representatives, would invariably pay up in order to protect the reputation of the late Reverend, and not bother to question that the items had never been delivered.

Nothing new under the sun.

Rob

[Howard LewisParticipant @howardlewis46836]

The problem with ransomware is that anyone who pays up, leaves their card and bank details for the scammers to use to take even more money.

Would you believe that having paid for better security, and having it up and running, they say that they have no record of the order, or payment, so that additional devices cannot be added!

Life is never simple

Howard

[Howard Lewis]

On Howard Lewis Said:

[…] Would you believe that having paid for better security, and having it up and running, they say that they have no record of the order, or payment, so that additional devices cannot be added! […]

In these troubled times, Howard … Yes, I would believe that ^^^

MichaelG.

[Neil WyattModerator @neilwyatt]

My advice is to ensure you have two-factor authentication in place for everything important.

Neil

[Nicholas FarrParticipant @nicholasfarr14254]

Hi, some companies are stepping up to the mark better than others. A couple of days ago, I decided to put my Sat-Nav update service on my 11 inch Windows 10 S laptop, but before I could do that, I had to log into my Microsoft account to get a licence for changing it, the S you may know is a safe laptop that can be used on the internet, but will only allow Microsoft apps to be downloaded onto it. My Sat-Nav service isn’t one that is approved, and thus I had to forgo the S status, but boy the hoops I had to jump through to get through the process, which meant several emails to my registered email address with codes, that I had to put in, plus some “I’m not a robot” puzzles to solve, and then more emails to confirm things. Then there was the same type of thing with my Sat-Nav service, although not quite so bad, but getting my other emails registered, was also a bit long winded, but at least I was sure everything was secure.

Regards Nick.

[Howard LewisParticipant @howardlewis46836]

Yes, even having typed in the first password, then multiple “I’m not a robot” tests, until final entry.

A bit of a pain, but after my recent experience, am prepared to suffer more than one password / check to gain entry, and phone calls to the bank to check /safegaurd the credit card.

Even the call needed several security checks to confirm identity. At least they are trying to keep us and our money safe

Another scam phone call this morning, saying from “Bank Security” (And the Moon is made of green cheese!) From a mobile?

Howard

[Chris Crew]

On Chris Crew Said:

I can’t be the only one that has noticed that the recent fraud re-imbursement policy agreed by the banks and other financial institutions is being implemented with an excess of £100. Clearly, this means that if someone is scammed out of anything up to £99 they will not be reimbursed or if they, for example, are scammed out of £300 they will only reimbursed £200 if it is accepted that they are a genuine victim of fraud.

And my bank has added a series of extra steps, in each of which I have to confirm that I know what I’m doing and am sure I’m not paying out to a scammer.  This is good if it causes me to engage brain before coughing up, but bad for me if the payment is made and then proves to be a scam.  The bank will say, ‘we asked you three times to confirm this wasn’t a scam, and you said no.’  Now the bank can show they did their best to protect a customer who chose to ignore the warnings, and thereby accepted responsibility.

Beware if you’re of the type who might be panicked into making a knee-jerk payment, is of the TL;DR persuasion,  or thinks it’s all a bureaucratic time-waster, or believes “it can’t happen to me”.  That’s all of us.  Amazing but true that these scams often catch people who should know better – including accountants and solicitors! Many scams work when, by chance, they seem to align with a reality in the victims life.  So if the scam happens to arrive whilst we are expecting a call from the bank, then…

Dave

[Howard Lewis]

On Howard Lewis Said:

…

The low life DID hack in, somehow, as I found “Any Desk” in DOWNLOADS.

This is one of the favourites for scammers, according to BBC Scam Interceptors.

…
Howard

Pedantic maybe, but it’s unlikely Howard was hacked in the sense a criminal did something technically clever that penetrated his system.   That type of hack is very dangerous because the attacker can then copy everything off the machine,  monitor how it is used thereafter (including password changes!), or host further attacks on others, or steal the owners identity.

Rare because this type of hack is technically difficult.   Instead, most intrusions exploit the weak link in the chain, which is the human!  Rather than attack the computer’s fairly solid security layer, they persuade the owner to do it for them.  They try to fool the owner into bypassing the normal security system.  If persuaded, he knows all the passwords, and – on a Microsoft system – might well login to do ordinary work with admin privileges.  (Bad practice because a hacked admin account can explore the whole machine, not just the files belonging to a single ordinary user.)

Here, I expect Howard was sent an email containing a link to AnyDesk, the link may have been in an attachment.  The criminal hopes that something in the email text, or maybe idle curiosity, will lead Howard into installing it.

AnyDesk allows remote users to access your computer; it’s a legitimate tool, but very bad news indeed if installed and activated to give an unknown criminal admin access to your computer!  Never install AnyDesk it if arrives from an untrusted source:  it will probably be scripted to open the firewalls in the computer and internet router to allow access from the internet.   This is not normally allowed, instead security is strengthened by only supporting communications started by the user.  AnyDesk is benign if downloaded and installed by the user to meet his local requirements.  When AnyDesk is used legitimately, it too is dial-out only, except it may allow admin access from inside the local network.  Only in an exceptional case would a legit AnyDesk be set up to allow admin access from the internet!

AnyDesk isn’t the only tool that allows remote access.  I often use ssh on linux, and RDP on Windows.   RDP is a standard fit on Windows, but safe enough provided it’s configured with Microsoft’s interface which makes it hard for ordinary users to open the door to the internet.

Howard did it right though.  Although AnyDesk got as far as his downloads folder, probably delivered by an email,  Howard didn’t do the foolish thing and install it.  People do though.  A friend had endless trouble with his dad’s computer, which was persistently reinfected with a browser banner that sprayed unwanted adverts to porn sites and other nasties at every opportunity.   Dad vehemently denied installing it, and got extremely cross when told it was probably him.  ‘They’ were to blame.  Anyway, friend happened to be behind dad one day when the “Please install our Browser extension” dialog popped up.  He then watched dad select and click the OK button.   His answer to “why did you do that?” was a confused, defensive denial.  Didn’t work!  Having been caught red-handed dad was disciplined.  His reason?  Not understanding the question, dad thought it best to agree to whatever the computer suggested.   Don’t!

By the way, dad wasn’t an ancient; he was in his mid-fifties prime, did a difficult job successfully, and had been given computer training at work.   We all have odd weaknesses!  Believing oneself cleverer than others is one of them!

🙂

Dave

[Andy StopfordParticipant @andystopford50521]

Interestingly, banks can detect remote desktop-type applications – recently I got a phone call from Triodos saying they were holding on a transfer I’d requested. After the usual identity-establishing stuff the bank man explained that their system had identified a possible security problem with my computer, did I have any form of remote desktop installed? No, I said, except could KDE Connect (a service for exchanging file between computers which I had recently installed) be the culprit? He reckoned that was likely to be the case.

Later, I had difficulty logging on to my Santander account. There was no phone call this time, but exiting KDE Connect allowed me to login as usual.

However, if you want a new security scare, You and Yours on Radio 4 yesterday had an item on voice recognition login IDs – they demonstrated an AI generated voice clone of the presenter gaining access to her Santander bank account. Personally, I would never dream of using voice recognition ID, but there you go, it would seem some do.

[egaParticipant @ega]

You mentioned Santander. I believe they recommend, but do not require, users to install security software (browser extension) called Trusteer Rapport.

Opinions vary as to the value of this.

[Author]

Posts