Question: Q: Hack - iPhone camera and websites

It is not possible. It is a phishing attempt. Do not respond to, or otherwise act on the email.

Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support

You’re welcome.

Some web-site where you have shown your email has been hacked. The scammer then uses the info stolen from the web-site to attempt to extort money from people.

Hello Andy,

I received the same email ( one hour ago ) with the four digits of my phone and my email.

Probably they hacked a website containing our email and mobile phone but PROBABLY they have not hacked our mobile phones.

This email is spam . You have not to pay anything.

I never been on XXX websites with my mobile phone; they try with all phone numbers they caught hoping that someone will believe and pay .

Don't worry .

Regards

Hi I have just received the same email - the domain is registered to a school in Pittsburgh - I have reported it to the Domain abuse centre which is registered with Go Daddy and also sent a message to the Schools IT Helpdesk advising them of the email that has sent this attempt at Blackmail - so I suspect it's one of their students practicing their IT skills. I have asked them to take action and advise me. Hopefully that will make his or her card.

There is no known exploit in the wild that enables anyone to unknowingly remotely install software/code on an iOS device. This is a scam to extort money from people.

I got this too. It's pretty bad. In fact I got FOUR emails, one like this and 3 others like this:

Hello!

I'm a member of an international hacker group.

As you could probably have guessed, your account XXX@XXX.XXX (removed email for this forum) was hacked, I sent message you from it.

Now I have access to you accounts! You still do not believe it?

So, this is your password: ****** (removed password for this forum) , right?

Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited.

So far, we have access to your messages, social media accounts, and messengers.

Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on **** websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!

I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y

I guarantee that after that, we'll erase all your "data" 😀

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.

If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security. We hope this case will teach you to keep secrets.

Take care of yourself.

The problem is, they actually got my email AND passwords correct! These are passwords I stopped using (I think? It's hard to tell when you've used hundreds of websites) but still... it's a major problem.

Obviously, SOMEONE has done a major hack, of some websites, or at least collected a lot of info and is making good use of them. This is a major operation and SOMETHING SHOULD BE DONE ABOUT THIS.

There is one clue... the time-frame from the email: "July 5, 2018 to September 21 2018".

Whoever is done this, has done this hack in that time-frame, or at least been processing previously collected data during that time-frame.

I am really... really really really really... REALLY glad I switched over to using a unique-password system... for all my major accounts. But it's just sad that ANY websites are storing (or ever HAVE STORED) passwords in plain-text or even encrypted-form.

ALL passwords should ALWAYS BE STORED IN HASHED FORM... IN EVERY WEBSITE/COMPANY/ETC.

IT SHOULD BE ILLEGAL TO STORE A PASSWORD IN PLAINTEXT OR ENCRYPTED FORM!!!! Why do they need it? When a hash is good enough???

It's just asking to be hacked. It's lazy and absolutely irresponsible, saves the the developers 30 minutes of effort (maybe 2 hours effort including debugging), but wastes billions of pounds of money across the world.

It's absolutely criminal and SHOULD BE STOPPED. There seriously needs to be a law OUTLAWING STORING OF PASSWORDS IN ANY FORM THAT THE COMPANY OR HACKERS OF THE COMPANY CAN GAIN ACCESS TO.

I received the same message this morning. Don't ever click on a URL in an email unless you're certain of the origin.

Don't sweat that they have your email and phone number. That stuff is readily available and is the very tip of the iceberg for hackers--only useful for doing stuff like this. (Ironically, the phone number they listed in the email that came to me is for my landline, so I know immediately this had nothing to do with my iPhone.)

As others said, these guys are looking for those who are freaked out and will respond to avoid embarassment. Think about it, if they get even a dozen people to give them money, that's a pretty sweet haul for what probably wasn't much work at all.

You're safe.

Tarlin, in his case they only have a email/phone.

But in my case, they actually have 3 old passwords of mine! One very common one I used to use a lot.

This is really bad.

It's a scam. They have no such recordings. There have been multiple topics on these forums regarding this same stupid email.

This is one of the results of the many hacked servers you've seen in the news where they've stolen millions of customer data records. They're using the data to send out these bogus emails to the addresses harvested in the hacks. It's also where they got your phone number from to make the claims more believable.

It's still just scam. They have nothing, but are hoping you'll give them lots of money for nothing.

DO NOT respond to these emails in any way. Just delete them.

"It's a scam. They have no such recordings". I know that. That's not the point.

The point is... they emailed me (in plaintext)... THREE OLD PASSWORDS OF MINE. That I KNOW TO BE MINE BECAUSE I USED THEM.

THAT IS REALLY BAD.

What would your reaction be if YOU got an email with a correct password (even if an old one) of yours.

It's an old password, but considering I've used hundreds of websites over the years... I can't be sure it's not in use anymore.

Whose to say they haven't ALREADY logged in (to god knows what account of mine) and found MORE information? Maybe even set a backup email for themself.

THAT IS REALLY BAD.

And how is three old, defunct email addresses bad? They're of no use to anyone.

What would your reaction be if YOU got an email with a correct password (even if an old one) of yours.

The same thing you should be doing. Ignore it.

Oh, I just received the same email and I'm living in South Korea.

And I don't ever remember that I approached to a **** site using my phone unless I'm a sleepwalker who's unconsciousness is full of that, (well, happy that I'm not.)

So that was the point I first doubted about the email..

Furthermore, I actually don't give a **** to it and am not quite afraid if everyone in my contact gets to know my private life with photos or video of myself. I got only 40 contacts in my phone anyways. Also, everybody's got dark sides which they try to hide so people will understand and eventually forget about me.

BUT! I'm happy to know clearly that this email is just a scam,

Thanks everyone for sharing ideas.