[RedTerrano]

I use Gmail, and one of the features I like a lot is the automatic "Spam" marking of emails. By default, Gmail permanently deletes all mails in the Spam folder after 30 days. However, sometimes it makes sense to monitor the Spam folder to keep an eye out on who is spamming you.
Here is why:

Today I found an email in my Spam folder, with the subject "Password - actual_correct_password"
(Note: actual_correct_password is just a placeholder I have used.)
This woke me up in a hurry, because the password was one of the passwords I use (or rather used to use now)
Another thing which struck me, was the sender.
Usually you would expect a name. This one had a series of numbers which looked like an IP address.
The email contents were as follows:

I am aware, actual_correct_password, is your pass word. you may not know me and you’re most likely thinking why you are getting this e-mail, right?

Let me tell you, I placed a malware on the adult videos (pornography) and you know what, you visited this web site to experience fun (you know what I mean). When you were watching videos, your internet browser began working as a Rdp (Remote desktop) having a keylogger which gave me access to your display and also webcam. After that, my software obtained your complete contacts from messenger, fb, as well as email.

What did I do?
I created a double-screen video. 1st part displays the video you were viewing (you’ve got a nice taste rofl), and second part displays the recording of your cam.

Exactly what should you do?
Well, honestly, $1900 is a fair price for our little secret. You’ll make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in google).

BTC ADDRESS: _____________________________
(It is CASE sensitive, so copy and paste it)

Note:
You now have one day in order to make the payment. (I have a special pixel within this email message, and now I know that you have read through this message). If I do not get the BitCoin, I definitely will send out your video recording to all of your contacts including members of your family, colleagues, and many others. nonetheless, if I receive the payment, I’ll erase the video immediately. If you want to have evidence, reply with “yes!” and I will send your video recording to your 8 contacts. It is a non negotiable offer, thus don’t waste my personal time & yours by responding to this email.

So there was this dude/dudette who was claiming to have documented proof of my "leisurely activities" and had sent a real password to coerce me to purchase silence.

Cute!
I had a nice laugh in the morning. Here is why:

1. internet browser began working as a Rdp (Remote desktop) Fact: I use a Mac where everything needs my permission. There is now way RDP is going to work.
2. a keylogger which gave me access to your display and also webcam. Same as above for Keylogger and display. As for the webcam part, I literally have a pice of tape covering my webcam lens!
3. complete contacts from messenger, fb, as well as email. I have not setup any mail on my Mac. Ergo. No contacts to “hack”.And to top it all, I don’t even have a FB account!!
4. I have a special pixel within this email message. Anyone who uses gmail knows, the pics in emails show up separately at the bottom. No such “pics” visible in the email.

So this guy is just shooting in the dark.
So far so good.
But how did he get access to my password? (It was a real password I have used in the past)
Fortunately, this turned out to be a no brainer as well.
I have this habit of using certain characters in my passwords, which tell me which tell me which site/app this password is for.
e.g. TBt0psecretpwHP
I know this is my TBHP password.

It turned out to be my old twitter password.
Fortunately I had changed it the day twitter announced a leak in they system which left millions of passwords in readable text form, in the logs.
And just to be safe, I went and changed it, one more time.

Moral of the story:

• Don't panic
• Change passwords regularly
• Don't get coerced by these hackers. Always remember, our cops have cyber cells and those guys are very efficient. Cops are your friends. If required, seek their help

[Dry Ice]

This sounds like the Black Mirror episode "Shut up and Dance".

The biggest mistake we do is often reusing passwords. But then having a unique password for every account you have soon becomes a nightmare!

[GTO]

I do, I do. I check my spam folder every time I check my emails (usually thrice a day - morning, afternoon & evening). Gmail's spam filtering is top class, but I still spot a useful email in the spam folder every 3 - 4 days.

Quote:

Change passwords regularly

Other than really important ones like banking (where the financial institution forces you to set a new password periodically), I don't do this anymore. Most of my passwords are 30 characters long with a lot of numbers and *(&*@(#@# thrown in, so I don't think it'll be feasible for anyone to hack them.

But yes, always keep a unique password for every website .

[Jeroen]

Quote:

Originally Posted by GTO

I I check my spam folder every time I check my emails (usually thrice a day - morning, afternoon & evening). Gmail's spam filtering is top class, but I still spot a useful email in the spam folder every 3 - 4 days.
.

Me too. The odd thing is though, that every now and then, people that have been mailing me for years, all of sudden up in the spam folder. Does not happen very often, but occasionally it does. And when I check, it is not as if they have added some odd attachment or any particular text. Happens to very simple mails.

But in general I would say gmail does a very good job of filtering.

Jeroen

[pkulkarni.2106]

Whoa man!
Looking at this thread, I checked the Spam folder in my Gmail. Guess what? I have received same email 5 days ago!
Though I had a twitter account many years ago, and it has been deactivated, the password this person has put seems to be correct!

What should be done in such case?

[deathwalkr]

Happened to me as well. The fact that they got the password was worrying but all the other stuff was mostly a hoax. But did make me sweat a while :P

Obviously changed all the passwords.

[RedTerrano]

Quote:

Originally Posted by pkulkarni.2106

Though I had a twitter account many years ago, and it has been deactivated, the password this person has put seems to be correct!

What should be done in such case?

If you dont use that password anywhere else, do nothing.
If you use that password somewhere else, change it. No further action required.

[libranof1987]

Quote:

Originally Posted by GTO

Gmail's spam filtering is top class, but I still spot a useful email in the spam folder every 3 - 4 days.

True; although, that is also a problem. It has now become too aggressive.

Eg. HDFC sends out an email (and SMS) every week with my closing weekly balance. And also, an email (and SMS) for every transaction that requires an OTP, which happens far too happen of late.

Other institutions I bank with also often send out promotional emails, along the regular ones with the OTP.

Since I use the OTP I receive by SMS, I tend to delete almost all the emails the banks send me.

What this has done is: Gmail thinks these banks are sending spam so all emails start going directly to the Spam folder.

So now, I make sure I open each email from every bank and then delete. Since then, I haven't had an important email go to Spam.