Monday, November 23, 2020

hacked and threatened, but not really worried

I go through a twice- or thrice-daily routine of tossing out spam emails.  Because I've set my filter not to accept any emails that lack "Kevin" or "hairy" in the subject line, 99.99999% of unwanted emails are screened, i.e., shunted into my trash can.  (Fine, I made that percentage up, but it means "almost all.")  Now and again, I quickly skim through the spam before I delete it, partly to make sure I'm not deleting non-spam items, and partly because, truth be told, some of the spam-email subject lines are interesting or even funny.

Today, one email stopped me cold because the subject line contained an old password of mine.  I haven't used this password in well over a year, and Google Chrome has repeatedly warned me for months about how the password has indeed been "compromised."  I decided to risk clicking on this email to see what the malicious party had to say... and it turned out to be a threat of blackmail.  The sender claimed he had found my password by following my online activity and had used my old password to insert malware into my computer, and if I didn't send him over $1000 via Bitcoin within a specific period, he would release my email-contact information.  At first, I was a bit freaked out, but when I calmed down, I realized a few things:  (1) except for a couple sites that I frequent (my US bank's online-banking service, Chicago Manual of Style Online), I don't use that password for anything anymore; (2) the guy (I'm pretty sure it's a guy) never addressed me by name; (3) despite having my old password, the guy never thought to access my bank account and siphon the cash out for himself.  Instead, he's doing the blackmail thing, which is a lot more work, in my opinion.

So here's what I've done:  I've changed my password for my online-banking service; I've chased down any other instances in which my "compromised" password might be an issue (Chrome said I had four such instances, which was news to me), and I've remade the passwords using Chrome's "suggest strong password" function, then used the keychain mode so that my browser has memorized all my passwords (which, I admit, may itself be problematic).  When I go home tonight, I'll re-upload my Norton antivirus software, which got flushed out back when my laptop died and was resurrected a few months ago.  That ought to root out any potential malware, but here's the thing:  I think the guy is full of shit.  Yes, my old password got compromised long ago; it's been floating out in cyberspace for well over a year, and (except for my bank) it's linked to sites that are of no consequence to me.  But how likely is it that this genius—who didn't think to hack my bank account and doesn't seem to know my name—actually managed to install any malware on my laptop?  I'd say very unlikely.  So the last thing I did was delete his email.  If the guy makes good on his threat, I suppose I'll hear from my various email contacts.  "Yo, Kevin—porn spam with your name on it?  What gives?"

I seriously doubt I'm going to hear anything more from this joker.  If I do, though, I'll let you know, and I'll take appropriate measures.

EPILOGUE:  I just received another email with exactly the same content, but this time from someone with a different name.  Conclusion:  this is just a spam scam based on the lazy culling of compromised passwords.  Now that I've gotten two of these in one day, I can expect there to be more of these emails.  This is just a new type of spam, is all.  Yawn.



4 comments:

  1. Wow, I've heard of this scam but you are the first I've known to experience it. Glad there are no apparent repercussions.

    When my laptop was stolen last year I had to go and change all my passwords. That's the downside to that Google remembers system. If that's every hacked, yikes! I have a different log-on/password for my credit union and it requires manual insertion each time to access the account.

    I'll keep my eyes open for that spam porn you promised!

    ReplyDelete
  2. Mr. Needle-Linger. We have proof that you have contact with the known nonentity Geoffrey Horrace Hodges. Give us all your money, or we will make this association public. Remember: Only we can protect you against us.

    Name Withheld

    * * *

    ReplyDelete
  3. John,

    I'd better make sure my laptop never gets stolen.

    Jeff,

    So! You're going to hold my acquaintance with Sir Hotchkiss "El Jefe" Horus against me, eh? Well, give it your best shot!

    ReplyDelete
  4. I believe, Sirrah, that's Houris Chef Hot-Kiss you mean!

    Name Withheld

    * * *

    ReplyDelete

READ THIS BEFORE COMMENTING!

All comments are subject to approval before they are published, so they will not appear immediately. Comments should be civil, relevant, and substantive. Anonymous comments are not allowed and will be unceremoniously deleted. For more on my comments policy, please see this entry on my other blog.

AND A NEW RULE (per this post): comments critical of Trump's lying must include criticism of Biden's lying on a one-for-one basis! Failure to be balanced means your comment will not be published.