Hack - iPhone camera and websites

Hi anais,

I've tried to remember all the websites I've used... and also I have a list of websites with some passwords written down. I've gone through all my websites I've logged in with and updated and changed the passwords on all of them... to unique-passwords PER-WEBSITE. I have a special password tool to help remember the passwords for me. I also upgraded to two-factor authentication on some of the websites that use it.

Mainly it's making sure that none of the old passwords remain in use anywhere.

Apart from that, I just deleted the email. Don't ever send them money. The people saying "don't worry its just a scam" are missing the obvious point... that THEY HAD MY PASSWORDS AND COULD POSSIBLY LOG INTO SOME WEBSITE AND BUY STUFF USING MY ACCOUNT. or do all sorts of malicious things.

They aren't helping by saying "do nothing".

DO SOMETHING. And DON'T DO WHAT THE HACKER ASKS FOR.

Do you think I need to report it to the police in order to help stopping it?

It would be a complete waste of your time. These emails almost all come from overseas. Reporting it locally will do nothing to stop them.

Most foreign countries where these originate also won't do anything about them. I've read in more than one reputable newspaper that even when authorities manage to track down the source of the emails - right down to the building - and pass that information to the local authorities, nothing happens. Many are bribed and/or are in on the take to look the other way.

Even if the crooks were local, they'd still have to find them, and police don't have the resources to chase after email scams. They'll record it if you bring it to their attention, but don't expect a result. Well, other than if they get enough reports, it'll find it's way to a reporter, and then you'll hear about it in the news where they'll warn people of a scam that claims to have incriminating video and are demanding Bitcoin payments.

But otherwise, zilch. People will keep getting them until it's gone around enough for most everyone to have heard about it, and know not to reply or pay. Look how long the stupid Nigerian Prince scam was active (I need $10,000 to get 3 million out of the country, which I will give to you). After several years, they've almost completely vanished.

I've just had a message different in all its detail yet effectively identical in every meaningful way.

You should contact your local enforcement people… here in the UK, the non-emergency police phone number 101, and/or Action Fraud and/or National Fraud Information Bureau (or Branch… I don't remember) and your ISP.

They will almost certainly re-assure you that message is a complete fake and no real threat at all and if not, they will be better placed to advise you than anyone else.

The major difference is that my message had no useful specifics such as the last part of your phone number, and I suspect your enforcement people will have an explanation for that, too.

Copy and paste the bitcoin address into Google. You'll see how much of a scam it really is. I've received three or four of these myself. Each one worded a little different, but all basically the same: I planted a virus (on a **** website) that gave me access to either your phone or laptop. Saw what you were watching (and doing!). Made copies of everything and now, if you don't send me $1000 in bitcoin I'll send this to all your contacts (phone or email or both). It's always the same. Don't worry, it's really just a scam intended to embarrass the crap out of you. The first time I saw it I freaked out too! They count on that. Embarrassing you to all your friends and coworkers, etc., etc... It truly is just a scam. You're safe. For now.... Haha!!

They just have a partial number. I think somebody hacked a site that sends a code to your phone to prove it's you when you login. A lot like this site does...(Hmmm...). All they can see is part of your number and your email. address. If they really had your entire number I'm sure they wouldn't hesitate to show you. Seeing your entire phone number would scare the crap out of people and would definitely bring in a huge amount of money!!!

BoyTheo wrote:

Don't tell me "use a unique password per site". No one does that

I do that. I have a password vault that has a unique random password for each site I visit. It's no trouble at all; the password vault application generates the password. When I log into a site the vault provides the password for that specific site. I have over 400 sites in the vault, each with a unique password. There are quite a few password vault apps. 1password is probably the most popular. I happen to use SplashID Safe, because it was one of the first. It has my passwords back almost 20 years. And if you have Apple products there's a built in one called Keychain.

Anyone saying anything different is either a hypocrit or has only ever logged into two websites. One being this one apple.com... so they probably only log into one other website in their entire life time.

And no, I am not a hypocrite. As I said, I have unique passwords for 400 different logins, websites, apps and servers that I manage. Although I use public/private key pairs for servers these days.

Where am I going wrong in thinking that separate passwords and a vault to manage them, including Keychain, are necessary only because it's not so remote a possibility any one of them might somehow be cracked.

The vault is local, presumably protected by at least a router firewall, and the websites are all accessed remotely; they might have wonderful protection but we have no control over that.

Other than that, why does the original logic not make it scary to put everything in one vault… particularly if it's on a lap-top, whose theft will negate the router firewall and give the thieves all day to hack it, while at the same time presumably leaving the owner locked out of everything and unable even to close down accounts?

Well, you need a strong password for the password vault app. That's a given. Mine is 26 random characters (not random to me, but would be to anyone else). It's a password I don't use anywhere else. And with a good vault it is the encryption key for the contents of the vault. For a password of the length I use the time to hack it would be greater than the lifetime of the Sun.

It is not possible. It is a phishing attempt. Do not respond to, or otherwise act on the email.

Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support

You’re welcome.

Some web-site where you have shown your email has been hacked. The scammer then uses the info stolen from the web-site to attempt to extort money from people.

There is no known exploit in the wild that enables anyone to unknowingly remotely install software/code on an iOS device. This is a scam to extort money from people.

Tarlin, in his case they only have a email/phone.

But in my case, they actually have 3 old passwords of mine! One very common one I used to use a lot.

This is really bad.