Hack - iPhone camera and websites

It's a scam. They have no such recordings. There have been multiple topics on these forums regarding this same stupid email.

This is one of the results of the many hacked servers you've seen in the news where they've stolen millions of customer data records. They're using the data to send out these bogus emails to the addresses harvested in the hacks. It's also where they got your phone number from to make the claims more believable.

It's still just scam. They have nothing, but are hoping you'll give them lots of money for nothing.

DO NOT respond to these emails in any way. Just delete them.

Hello Andy,

I received the same email ( one hour ago ) with the four digits of my phone and my email.

Probably they hacked a website containing our email and mobile phone but PROBABLY they have not hacked our mobile phones.

This email is spam . You have not to pay anything.

I never been on XXX websites with my mobile phone; they try with all phone numbers they caught hoping that someone will believe and pay .

Don't worry .

Regards

I received the same message this morning. Don't ever click on a URL in an email unless you're certain of the origin.

Don't sweat that they have your email and phone number. That stuff is readily available and is the very tip of the iceberg for hackers--only useful for doing stuff like this. (Ironically, the phone number they listed in the email that came to me is for my landline, so I know immediately this had nothing to do with my iPhone.)

As others said, these guys are looking for those who are freaked out and will respond to avoid embarassment. Think about it, if they get even a dozen people to give them money, that's a pretty sweet haul for what probably wasn't much work at all.

You're safe.

Hi All,

A couple of quick links for you:

Does Crime Pay? - See https://bitref.com/1EkAVVDg8Rbwwa7j9DbvHQ7VmQ4FkBdEGT

- the above references the specifc Bitcoin address shown here. We had a look out of interest and the answer (so far) is No, it does not (this balance is about USD3) ..

Where are your details online - have a look at your email address at: https://haveibeenpwned.com/ - this will show if your account was part of a number of high profile breaches where userIDs / Passwords were made public - if you come up then a good idea to change your passwords on other sites if you think there were the same might be used elsewhere..

And for best defence for your email etc.: https://www.turnon2fa.com/ - many services allow 2 Factor Authentication and often for free as a second factor beyond just a password to protect your account.

Regards

OHD

PS - Bitcoin is also very traceable so that police etc. have traced and found people when they withdraw money in the real world or for real world product / services they then get caught. Attempted brackmail carries a 10-20 year prison sentence.. and this is the case if someone does or does not have any embarrasing material on you is completely irrelevant to the crime. Most of the time mails like this one are just pranks but they are also ones that have put teenagers behind bars as they are not particularly funny in the cold light of day.

Hi anais,

I've tried to remember all the websites I've used... and also I have a list of websites with some passwords written down. I've gone through all my websites I've logged in with and updated and changed the passwords on all of them... to unique-passwords PER-WEBSITE. I have a special password tool to help remember the passwords for me. I also upgraded to two-factor authentication on some of the websites that use it.

Mainly it's making sure that none of the old passwords remain in use anywhere.

Apart from that, I just deleted the email. Don't ever send them money. The people saying "don't worry its just a scam" are missing the obvious point... that THEY HAD MY PASSWORDS AND COULD POSSIBLY LOG INTO SOME WEBSITE AND BUY STUFF USING MY ACCOUNT. or do all sorts of malicious things.

They aren't helping by saying "do nothing".

DO SOMETHING. And DON'T DO WHAT THE HACKER ASKS FOR.

Copy and paste the bitcoin address into Google. You'll see how much of a scam it really is. I've received three or four of these myself. Each one worded a little different, but all basically the same: I planted a virus (on a **** website) that gave me access to either your phone or laptop. Saw what you were watching (and doing!). Made copies of everything and now, if you don't send me $1000 in bitcoin I'll send this to all your contacts (phone or email or both). It's always the same. Don't worry, it's really just a scam intended to embarrass the crap out of you. The first time I saw it I freaked out too! They count on that. Embarrassing you to all your friends and coworkers, etc., etc... It truly is just a scam. You're safe. For now.... Haha!!

It is not possible. It is a phishing attempt. Do not respond to, or otherwise act on the email.

Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support

Do you think I need to report it to the police in order to help stopping it?

It would be a complete waste of your time. These emails almost all come from overseas. Reporting it locally will do nothing to stop them.

Most foreign countries where these originate also won't do anything about them. I've read in more than one reputable newspaper that even when authorities manage to track down the source of the emails - right down to the building - and pass that information to the local authorities, nothing happens. Many are bribed and/or are in on the take to look the other way.

Even if the crooks were local, they'd still have to find them, and police don't have the resources to chase after email scams. They'll record it if you bring it to their attention, but don't expect a result. Well, other than if they get enough reports, it'll find it's way to a reporter, and then you'll hear about it in the news where they'll warn people of a scam that claims to have incriminating video and are demanding Bitcoin payments.

But otherwise, zilch. People will keep getting them until it's gone around enough for most everyone to have heard about it, and know not to reply or pay. Look how long the stupid Nigerian Prince scam was active (I need $10,000 to get 3 million out of the country, which I will give to you). After several years, they've almost completely vanished.

There is no known exploit in the wild that enables anyone to unknowingly remotely install software/code on an iOS device. This is a scam to extort money from people.

I also got the same boring email and first thought wow someone really tries hard to get money 😂😂😂😂 I really wanted to write an email back with a fake email address and tell him I can only transfer u 2000 bit coin but only if we meet up personally at Starbucks for a cup of coffee.

Anyway don’t believe in such kind of emails and don’t pay any cent!! There is just one thing u can do Delete the emai!

Report here https://www.bitcoinabuse.com/reports/create

"It's a scam. They have no such recordings". I know that. That's not the point.

The point is... they emailed me (in plaintext)... THREE OLD PASSWORDS OF MINE. That I KNOW TO BE MINE BECAUSE I USED THEM.

THAT IS REALLY BAD.

What would your reaction be if YOU got an email with a correct password (even if an old one) of yours.

It's an old password, but considering I've used hundreds of websites over the years... I can't be sure it's not in use anymore.

Whose to say they haven't ALREADY logged in (to god knows what account of mine) and found MORE information? Maybe even set a backup email for themself.

Hi I have just received the same email - the domain is registered to a school in Pittsburgh - I have reported it to the Domain abuse centre which is registered with Go Daddy and also sent a message to the Schools IT Helpdesk advising them of the email that has sent this attempt at Blackmail - so I suspect it's one of their students practicing their IT skills. I have asked them to take action and advise me. Hopefully that will make his or her card.

I got this too. It's pretty bad. In fact I got FOUR emails, one like this and 3 others like this:

Hello!

I'm a member of an international hacker group.

As you could probably have guessed, your account XXX@XXX.XXX (removed email for this forum) was hacked, I sent message you from it.

Now I have access to you accounts! You still do not believe it?

So, this is your password: ****** (removed password for this forum) , right?

Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited.

So far, we have access to your messages, social media accounts, and messengers.

Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on **** websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!

I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y

I guarantee that after that, we'll erase all your "data" 😀

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.

If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security. We hope this case will teach you to keep secrets.

Take care of yourself.

The problem is, they actually got my email AND passwords correct! These are passwords I stopped using (I think? It's hard to tell when you've used hundreds of websites) but still... it's a major problem.

Obviously, SOMEONE has done a major hack, of some websites, or at least collected a lot of info and is making good use of them. This is a major operation and SOMETHING SHOULD BE DONE ABOUT THIS.

There is one clue... the time-frame from the email: "July 5, 2018 to September 21 2018".

Whoever is done this, has done this hack in that time-frame, or at least been processing previously collected data during that time-frame.

I am really... really really really really... REALLY glad I switched over to using a unique-password system... for all my major accounts. But it's just sad that ANY websites are storing (or ever HAVE STORED) passwords in plain-text or even encrypted-form.

ALL passwords should ALWAYS BE STORED IN HASHED FORM... IN EVERY WEBSITE/COMPANY/ETC.

IT SHOULD BE ILLEGAL TO STORE A PASSWORD IN PLAINTEXT OR ENCRYPTED FORM!!!! Why do they need it? When a hash is good enough???

It's just asking to be hacked. It's lazy and absolutely irresponsible, saves the the developers 30 minutes of effort (maybe 2 hours effort including debugging), but wastes billions of pounds of money across the world.

It's absolutely criminal and SHOULD BE STOPPED. There seriously needs to be a law OUTLAWING STORING OF PASSWORDS IN ANY FORM THAT THE COMPANY OR HACKERS OF THE COMPANY CAN GAIN ACCESS TO.

You can check if your user ID has been stolen from any site that you visit here: https://haveibeenpwned.com/

Yes, it's a legitimate website.