Hello, got the email pasted below in my spam box x3. I am assuming a website I am registered on has been hacked as the password given is one I’ve used elsewhere but is not my laptop one so had to have come from somewhere accurate.
Not worried about them having access to my computer as I know it’s wrong password.
Obviously am going change all passwords, can anyone recommend a decent app / vault please and anything else need consider
Thanks, Niall
( Not concerned about alleged recording as have tape over Camera 😁)

Hello, I know your password is: XXXXXXXXX

Your computer was infected with my RAT (Remote Administration Tool), your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.

My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces and this email was sent from some hacked server.

I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts and send it to your friends.

But you can stop me and only I can help you out in this situation.

Transfer exactly 800$ in bitcoin (BTC).

It’s a very good offer, compared to all that horrible shit that will happen if I publish everything!

You can easily buy bitcoin here: http://www.paxful.com , http://www.coingate.com , http://www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: http://www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin wallet is: 1CSDpCjyVHsuTb6i7zZ8dr81iUGL5ff7vM

Copy and paste my wallet, it’s (cAsE-sEnSEtiVE)

You got 2 days time to pay.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it’s to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web!

Mail-Client-ID: 4573224833

It security advice

Don’t talk to clowns in the sewers

But I likes clowns

Waste of time so just ignore it (scam).

But I likes clowns

That’s how they suck you in.

Not going completely ignore as is an accurate password from somewhere, just looking advice re: password generation and vault things as lots in app store. Android phone.

If clowns are doing that perchy I suspect I have more problems

“Not going completely ignore as is an accurate password from somewhere”

have a look at https://haveibeenpwned.com/ it’s a site run by an aussie who has collected username password breaches, stick your email address in and it’ll tell you which site lost the credentials on your behalf

the emailer got the data from the same place.

use a password manager: lastpass, 1pass something like that. the above site has good advice on this.

Thanks Ed, turns out myfitnesspal and 1 other breached my details.
Will look at recommendations thanks for help.

When you get one of these do a Google. E.g. “I infected you with my private malware (RAT)” returns this link Malwaretips so yes, it’s a scam.

Use a password manager (LastPass works for me), 2FA where you can, register your email addresses with haveibeenpwnd, keep your OS and software patched and up to date then put a sticker over your webcam and get back to SATISFYING YOURSELF!

That’s what I do anyway.

I’ve had about ten of these in the last week, there was a thread discussing it a few days ago.

Fundamentally, passwords are not fit for purpose in 2019. Use 2FA wherever you can, and long unique passwords on anything you care about. A good password manager will generate secure passwords and auto-fill website logins, half of my accounts now even I don’t know the password for.

half of my accounts now even I don’t know the password for

I maybe know 3 or 4 of the 100 or so logins I have. Luckily one of the 3 or 4 is for my password manager. Anyone who can remember all of their unique passwords is either a rare freak of nature or mistaken about how secure their passwords are.

As an absolute minimum secure a password manager with 2FA, and enable 2FA on primary email. You know, that email where they send all the “reset password” links for every other important account you have…

This ^^

I did a presentation at work the other day around security (the thrust was “who do you trust?”). One of the questions I asked was, “what’s your most important password?”

Bank? Good answer. Wrong. If your primary email is compromised, so is everything else (that doesn’t have 2FA).

The next best answer is your phone’s lock screen, with all your cached logins for web sites and applications (and the other half of your 2FA).

God I feel old – cos I am!! This is all very scary. Just had to look up what 2FA meant! So just to recap, we all need to download the Lastpass app and ensure that all password required sites including personal banking is accessed via this app? I briefly read an article in a PC mag about this, but have yet to take it any further. Is there a good link which explains all this, or will this all become clear once app is downloaded? Thanks for the paranoia; probably what I needed to kick my curiosity and arse into gear!!

Lastpass App – “This app may not be optimised for your device” wtf! I thought it could be used across all platforms/devices?? God I hate tech sometimes!

+1 for LastPass here. With 2FA across the board. It works for me on a variety of Windows, MacOS and iOS devices of varying vintages and is better than a couple of competitors I recently trialled for work (Password Boss, 1Password)

ensure that all password required sites including personal banking is accessed via this app

I use LastPass almost everywhere now which is great – the only place I don’t use it is for banking.  For that it is still 2FA and a password that is in my head.  The problem is that the backup on 2FA is usually a text to your phone (yes you can use an authenticator but the backup on that is usually your phone).  I’ve got a new sim for my phone before without showing ID so that just isn’t secure enough for me yet.  Once LastPass supports security keys I might consider it but it is still all of my eggs in one basket for the sake of remembering a few passwords.