I’ve had the same email address and online pseudonym since 1999…

The last few months have seen increasing spam, worryingly starting to use my username as entered when creating a pseudonym.

Yesterday saw an attempted blackmail email using an old, low level password of mine (used back in the day only on forums) in the title of the email. I’m thinking some forum or other has been compromised. I spent last night changing passwords I have to much tougher ones, a few more needed to be changed this morning.

I’ve made sure two-factor is authorised and old app permissions are revoked.

I’m just thinking it may be time for a fresh start…but then it will still not remove all the security risks or possible spam in future…?

It is pretty much guaranteed to be a forum compromise. You can have a look on Have I Been Pawned to see if your email crops up.
You will never get rid all security risk but can get it relatively low. So long as you have unique passwords and dont randomly click through on links on email you should be okay.

Change your user name and passwords. Email me the new ones with your personal details and I will keep them safe with my friend Prince Unkobi who has a fortune stuck off shore which he wants to share with me

You can check here.

https://haveibeenpwned.com

Yesterday saw an attempted blackmail email

Pictures of a badly manicured lawn and valves not aligned with tyre logos?

Pictures of a badly manicured lawn and valves not aligned with tyre logos?

Worse. Someone has a picture of me on a road bike. With mis-matching kit.

I wouldn’t worry, if it’s Hotmail the spam filter seems to be off, I’m getting at least 3 scam emails a day at the moment.

Matt_stuckinthehoose

I know its a touchy subject around here, but running an ad blocker is one of the best security enhancements you can make for browsing the web.

You can always disable it on specific sites.

i use an email specifically for Forum/non sensistive website signups – and keep my passwords for that different to anything sensitive.

I use another email just for paypal.

and another email for actual emails/sensitive stuff

seemed the best compromise to me.

With the advent of multiple inboxes to one app its very easy to keep tabs on them all. not like its 1999 again where webmail was a pain in the arse to use.

FWIW i saw a similar scam email come through as well as a rise in spam getting through my filter in my forum email last night , suggests its a forum or website that we both use

if its the typical spam blackmail thing that usually shows you and old password to make it seem like they actually know who you are and pretend that they actually have something to blackmail you with…. apart from the haveibeenpwnd site to check for services you should change passwords for…. simply set your email filter to send any mail that has ‘bitcoin’ in the contents straight to spam.

I don’t know if changing long-used usernames or email addresses in itself is necessary – it’ll give you a brief respite from spam generally – but its only brief. I’ve created one-off email addresses for projects and sometimes without having been published anywhere they’ve started to attract spam in just a few weeks.

If its  a long term, much used email address then you’re never really that sure if you’ve gone far enough to inform all the people who you do want to be able to contact you  so you end up keeping and at least monitoring the old address for years anyway. I’m letting an old domain lapse this week –  its an address I retired 2006 and set up so it receives mail but doesn’t send – nobody I know and contact has received an email address from me using that address for 14 years but occasionally people I’m in regular contact with will inadvertently email to that address simply because their mail client auto-completes the address. Even with much-used services …. like one of my banks –  occasional important mail has been going to the old address even though everything I can see in my user settings is updated to the new one.

i use an email specifically for Forum/non sensistive website signups – and keep my passwords for that different to anything sensitive.

And that is how I know that yesterdays blackmail email was for real…

I received three of those type of emails yesterday, all mentioning a previously used password stem in the message and suggesting that I might want to send some Bitcoin to them to prevent rude videos of me being sent to all of my contacts.

Haven’t had one of those type of spam emails for a few months, so it was a nice treat to receive three in a day.

With the advent of multiple inboxes to one app its very easy to keep tabs on them all. not like its 1999 again where webmail was a pain in the arse to use.

Hmmm I had proceeded in that direction but one of my accounts decided to make it harder (for me, not worthwhile) to access through my mail app.

I’ve stopped really using it but there’s still the odd reminder or email from people I’ve known for a while that comes in there.

Lockdown boredom among the spam-bots?

I look forward to reading about Matt_inandaround’s adventures.

perchypanther
Member

Matt_stuckinthehoose

Criminal for this to be overlooked!

gloss_backinthecloset

I wouldn’t bother changing email address unless the spam is unmanagable. Always use unique passwords (some browsers will auto-suggest a very complex password and cache it for you, but I just use a ‘scheme’ to generate unique passwords from the address). Unless a blackmail attempt does more than show you a password, username or some other trivial information that could have been harvested from a forum, it’s just someone mass-mailing a breach.

OP are you on LinkedIn?

I had a similar although not threatening email from a stolen password list that was several years out of date earlier in the year.

An alert went out at work asking us to check the password in the subject wasn’t current.

It must have been about 5 passwords out of date for me.

With respect OP, you do offer up quite a lot of detail about your life online. I’m not criticising you for it, but I imagine it wouldn’t be too hard for a scammer to build up a decent profile of you and use it in a less than honest manner.

Worse. Someone has a picture of me on a road bike. With mis-matching kit.

Ouch! I wouldn’t want that to get around! 😉

Yesterday saw an attempted blackmail email using an old, low level password of mine (used back in the day only on forums

“Dear matt_outandabout. Your password is ‘password’, I’m an orsum hacker and I’ve got video from your webcam of you watching porn and relaxing in a gentleman’s way. Pay up or else.”

Very common spam email, I’ve had shitloads of them all citing the same breached password. Change passwords anywhere you’ve used ‘password,’ don’t reuse passwords on important sites, consider a password manager, enable 2FA where practical. The last is the most important, passwords are shit and not to be trusted.

Bitwarden is great as a password manager.
Don’t know whether changing email addresses and/or pseudonym is the answer. But using pass phrases instead of passwords is very helpful. EG RogerMellyStandsInAWelly2 = easy to remember, long, and the words don’t commonly appear together.

Not all 2FA is 2FA. Quite a bit is just 2 password. Still more secure but a bit illusory.

Also if you do change, don’t reference previous you to new you so there is no tie.

On here you can run both and argue with yourself…

What’s spam?

I bring all my addresses into Gmail and that appears to filter out all the spam very nicely, thank you.

It can do POP3 on existing email accounts too.

Seems a small price to pay for Google knowing more about me that I do.

(I first did this after coming home from a weekend away to 3500 emails)

Drac
You can check here.

https://haveibeenpwned.com

So I did this on my ‘main’ email address – 2 hits. One for a website/online service I still use, and the other for an app I haven’t used for several years, neither had been pasted, whatever that means. The former I accessed and changed to a unique passphrase. The latter I accessed and deleted my account. Neither had similar passwords to my email.

That’s about all I can do, isn’t it?!

You’ll need to change anywhere else you’ve used those same credentials also. The problem isn’t just that someone has breached that specific account, rather that that particular email address & password pair are now in the public domain.