gutui Posted October 8, 2018 Report Posted October 8, 2018 (edited) Am primit pe contul de gmail, un mesaj : " Hello! I'm a member of an international hacker group. As you could probably have guessed, your account xxxx@gmail.com was hacked, because I sent message you from your account. Now I have access to all your accounts! For example, your password for xxxx@gmail.com: yyyyyy Within a period from July 31, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we've gotten full damps of these data. We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know.. But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one... Transfer $800 to our Bitcoin wallet: 1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf If you don't know about Bitcoin please input in Google "buy BTC". It's really easy. I guarantee that after that, we'll erase all your "data" A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself." Parola ce apare in mesaj nu este parola contului de gmail. Mi se pare interesant ca singurele locuri unde am folosit parola indicata in mesaj, sint profilele de client de pe pcgarage.ro si emag.ro , unde am utilizat-o impreuna cu adresa de gmail . In perioada iulie-octombrie nu m-am logat pe siteurile amintite. Parola nu a fost salvata pe deviceurile pe care le folosesc. ... cred ca ori pcgarage, ori emag au o problema ... p.s. Received: from [154.124.19.85] ([154.124.19.85]) by mx.google.com with ESMTP id d40-v6si12396077pla.217.2018.10.06.06.45.29 ... Senegal Dakar Edited October 8, 2018 by gutui am omis IP-ul scammerului 3 Quote
u0m3 Posted October 8, 2018 Report Posted October 8, 2018 Eu am cont pe eMag si (inca) nu am primit asa ceva... Ca atare votez pcgarage.ro Quote
Active Members dancezar Posted October 8, 2018 Active Members Report Posted October 8, 2018 Hai sa nu ne primim cu conluziile. Esti 100% sigur ca nu esti infectat, sau ai fost? In cazul incare ai fost, poate nu stii exact intervalul de timp in care s-a intamplat asta si te-ai logat pe respectivele site-uri. Daca nu, foloseste haveibeenpwned sa vezi in ce leak-uri apari. Daca vrei si rezultate concrete poti folosii http://weleakinfo.com/ in schimbul al unei sume modice. Daca o parola de genul "rstforums" este leaked, nu este foarte greu sa se ajunga la "Rstforums123!", just saying. Quote
gutui Posted October 8, 2018 Author Report Posted October 8, 2018 57 minutes ago, dancezar said: Hai sa nu ne primim cu conluziile. Esti 100% sigur ca nu esti infectat, sau ai fost? In cazul incare ai fost, poate nu stii exact intervalul de timp in care s-a intamplat asta si te-ai logat pe respectivele site-uri. Daca nu, foloseste haveibeenpwned sa vezi in ce leak-uri apari. Daca vrei si rezultate concrete poti folosii http://weleakinfo.com/ in schimbul al unei sume modice. Daca o parola de genul "rstforums" este leaked, nu este foarte greu sa se ajunga la "Rstforums123!", just saying. - nu cred ca as fi/fost infectat; -pe http://weleakinfo.com/ , Found 1 result in LinkedIn.com. -pe https://haveibeenpwned.com/ , Pwned on 1 breached site and found no pastes -parola mailului este total diferita de cea folosita pe cele 2 conturi de client la emag si pcgarage :D , reiterez nu parola contului de email a fost leaked, parola de client a magazinelor virtuale a fost.... iar parolele sint total diferite. sincer, crezi ca trag o concluzie pripita? Quote
Active Members dancezar Posted October 8, 2018 Active Members Report Posted October 8, 2018 6 minutes ago, gutui said: - nu cred ca as fi/fost infectat; -pe http://weleakinfo.com/ , Found 1 result in LinkedIn.com. -pe https://haveibeenpwned.com/ , Pwned on 1 breached site and found no pastes -parola mailului este total diferita de cea folosita pe cele 2 conturi de client la emag si pcgarage , reiterez nu parola contului de email a fost leaked, parola de client a magazinelor virtuale a fost.... iar parolele sint total diferite. sincer, crezi ca trag o concluzie pripita? Nu intelegeam toate datele problemei si de asta am intrebat. Si eu am conturi pe ambele magazine dar nu am primit nimic inca. Totusi nu pare sa fii singurul care a primit mesajul. Din ce inteleg parolele sunt obtinute din leakuri publice dar daca zici ca nu corespunde parola deloc, inseamna ca exista totusi posibilitatea sa fi fost obtinuta de la acele magazine, asta daca cineva mai confirma acelasi lucru. Este interesant de vazut criteriul dupa care alege emailurile catre care sa trimita, un singur email poate aparea si in zeci de leakuri, cum stie care dintre acele parole sa le trimita. https://www.bitcoinabuse.com/reports/1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf 1 Quote
gutui Posted October 9, 2018 Author Report Posted October 9, 2018 @dancezar Foarte buna intrebarea. posibil pe criterii de virsta si sex... legat de povestea asta eu nu am certitudini, am nelamuriri :) Si mai cred ca ar fi trebuit sa postez de la bun inceput urmatoarea asertiune: Este posibil sa ma insel, la fel de bine este posibil sa nu ma insel iar in acest caz, situatia devine "inconfortabila" pentru macar unul dintre cele 2 magazine virtuale, daca apare o sesizare insotita de probe, adresata catre Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal. Am postat mizindca in cazul ambelor siteuri, vor fi personaje care sa verifice daca au avut sau nu "scurgeriri" in bazele de date ale clientilor. Nu am nimic de dovedit, nimanui, nimic de reprosat. 1 Quote
yoyois Posted October 9, 2018 Report Posted October 9, 2018 Decat bazata pe sex si varsta, presupun ca emailurile sunt bazate pe cat de usor e sa spargi hashul parolei. Doar pcgarage/emag nu le tine in plaintext. Leak != hash crack 2 Quote
u0m3 Posted October 9, 2018 Report Posted October 9, 2018 7 hours ago, yoyois said: Doar pcgarage/emag nu le tine in plaintext. One can only hope... Quote
thorvenger Posted October 9, 2018 Report Posted October 9, 2018 (edited) Eu am primit in folderul de spam, fara sa-mi scrie vreo parola: Original Message Message ID <EF15556FF6220D5E8287CE794D3774FB@ailepansiyonu.com> Created at: Tue, Oct 2, 2018 at 4:21 AM (Delivered after -14 seconds) From: fdpgqf <Frank@ailepansiyonu.com> Subject: I've collected some very interesting content about you. SPF: PASS with IP 193.124.16.149 DKIM: 'PASS' with domain ailepansiyonu.com DMARC: 'PASS' Hi, viсtim. This is my last wаrning . I write yоu beсаuse I рut a malwаre on thе web раgе with porn which yоu hаvе visited. My virus grаbbed all yоur pеrsоnаl infо аnd turnеd on yоur сamеra which сaрturеd the рrocеss оf your оnаnism. Just аfter that thе sоft sаvеd your соntасt list. I will dеlеte thе comprоmising vidеo аnd info if yоu раy me 600 USD in bitcoin. This is аddress for раyment: 1AP6kj7zzoKTMi5ToMonoDQzEzArHy2mTH I give you 24 hours аftеr yоu open my messаge fоr mаking thе trаnsactiоn. As soon аs you rеad thе messаgе I'll sее it right awаy. It is nоt nеcеssary to tеll me that you have sеnt mоney to mе. This аddrеss is connесted tо you, my system will delеtе еverything automatically aftеr trаnsfer сonfirmаtiоn. If you need 48 h just reрly on this lettеr with +. Yоu саn visit thе police stаtiоn but nobody сan hеlp yоu. I dоnt live in your country. Sо they cаn not traсk my lосatiоn еvеn for 8 months. Goodbyе. Dоnt fоrgеt аbоut the shаmе аnd tо ignоre, Yоur lifе саn bе ruinеd. Textul este codat pentru a ocoli filtrele de spam: Hi, vi=D1=81tim. This is my last w=D0=B0rning . I write y=D0=BEu be=D1=81=D0=B0use I =D1=80ut a malw=D0=B0re on th=D0=B5 we= b =D1=80=D0=B0g=D0=B5 with porn which y=D0=BEu h=D0=B0v=D0=B5 visited. My virus gr=D0=B0bbed all y=D0=BEur p=D0=B5rs=D0=BEn=D0=B0l inf=D0=BE =D0= =B0nd turn=D0=B5d on y=D0=BEur =D1=81am=D0=B5ra which =D1=81a=D1=80tur=D0= =B5d the =D1=80roc=D0=B5ss =D0=BEf your =D0=BEn=D0=B0nism. Adresa de email respectiva a fost folosita pe mai multe site-uri, printre care si emag. Din pacate, se pare sa sunt destui fraieri care au trimis btc la adresa din postul initial, https://www.blockchain.com/btc/address/1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf Edited October 9, 2018 by thorvenger 1 Quote
Active Members SynTAX Posted October 9, 2018 Active Members Report Posted October 9, 2018 (edited) Interesanta discutie, doar acum ce am observat ca se discuta. Tocmai ce vorbeam cu un prieten de la Bitdefender zilele astea, si-mi spunea ca s-au intensificat incercarile de fraudare de acest tip. Mi-a spus ca exista cazuri in care era aceasi parola si la PayPal cu card atasat, insa se pare ca baietii nu se ating de carduri, prefera cea mai safe metoda, si anume Bitcoin. Edited October 9, 2018 by SynTAX 2 Quote
malsploit Posted October 9, 2018 Report Posted October 9, 2018 Pune-ti parola aici si vezi daca a aparut pe undeva. https://haveibeenpwned.com/Passwords 3 Quote
thorvenger Posted October 22, 2018 Report Posted October 22, 2018 Am vazut azi la cineva un mail similar ca cel de la inceput, cu o parola si o adresa de btc in care se stransesera deja peste 2.5 btc. Parola si mailul respectiv nu au fost folosite nici la emag si nici la pcgarage vreodata. (si nici parola respectiva nu este aceeasi cu cea a contului de gmail). Quote
.zife Posted October 22, 2018 Report Posted October 22, 2018 (edited) uitati-va in header Edited October 22, 2018 by .zife Quote