We posted this on Facebook a few weeks ago, but it’s worth mentioning here again.  An email has been going around the past few months. It takes some different forms but generally follows the same pattern:

1.  Someone “hacked” you and has your password
2. They’ve been monitoring you
3. They’ll send your information to all your contacts
4. To prevent this send them bitcoin

I even got that email.  I gotta say when you see your password in an email right there it’s scary.

“Subject:  dave@calldrdave.com has password (my password). Password must be changed

Hello!

I’m a programmer who cracked your email account and device about half year ago.

You entered a password on one of the insecure site you visited, and I catched it.

Your password from dave@calldrdave.com on moment of crack: (my password)

Of course you can will change your password, or already made it.”

As well as

“Subject:  dave – (my password)

It seems that, (mypassword), is your password. You may not know me and you are probably wondering why you are getting this e-mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

“

How Did They Get Your Password?

It seems like every day I listen to the news, I hear about another hack. From Applebee’s to Yahoo, there’s a company for every letter of the alphabet that’s been breached. A hacker stole your password from one of these companies.  If you use your password more than one place, that’s how they got it.

Fortunately, I use a password manager called 1Password.  Although I avoid reusing passwords for important stuff, I’ll be lazy and do it for some websites.  In my case, I could trace it to Angie’s List.  I had to sign up for my business and I didn’t’ think I’d use it much.  That’s why I used a throw-away password.

What Can You Do to Prevent This?

You can’t prevent someone from hacking another system.  I mean when Equifax gets hacked, that just shows you how vulnerable we all are.  The best you can do is mitigate the damage.

Stop Reusing Passwords

I get it. Passwords are hard to keep track off.  As I said, I use 1Password.  We can help you set that up.  We also have a more manual option:  A password book.  We sell these for $7.50, although you can get one free by joining our Wellness Program.  That lets you use a unique password and keep track of them.

Get a Reliable Antivirus

If you’re on a Mac, you probably don’t have an antivirus.  If you’re on a PC you might be using the free one that comes with Windows.

We used to take the approach good enough is, well, good enough. If you haven’t had any problems with your computer, stick with what you got.  With so many threats out there, we’re finding basic protection isn’t enough.  A professional paid antivirus provides not just added security but peace of mind.  We recommend Malwarebytes.  Fortunately, we’re able to sell it at a discount.  Normally it’s $40, but we can sell it for $35 to existing clients.

When you get an email like this, just run a scan to get that peace of mind.

Don’t Pay Scammers/Let Them Keep the Money

We deal with tech support scams all the time.  Some clients are so embarrassed they decide to let the criminals keep the money. These criminals then use the money to attack other victims.  If we cut off the stream of money and don’t make this profitable, they’ll stop doing it.  Okay maybe not stop, but at least make them work harder!

As a reminder, clients who are part of our wellness program get unlimited phone and email support for questions like these.  When they get any suspicious emails, they just call us rather than give money to a scammer.

Full text of the emails:

“It seems that, (my password), is your password. You may not know me and you are probably wondering why you are getting this e-mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

What did I do?

I backuped phone. All photo, video and contacts.

I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

Exactly what should you do?

Well, in my opinion, $500 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address:

(It is cAsE sensitive, so  copy and paste it)

Important:

You have one day in order to make a payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment – I’ll destroy the video immediately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.”

And

“Hello!

I’m a programmer who cracked your email account and device about half year ago.

You entered a password on one of the insecure site you visited, and I catched it.

Your password from dave@calldrdave.com on moment of crack: (mypassword)

Of course you can will change your password, or already made it.

But it doesn’t matter, my rat software update it every time.

Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.

I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.

Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.

But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!

I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)

I made screenshot with using my program from your camera of yours device.

After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?

BUT I’m sure you don’t want it. I definitely would not want to …

I will not do this if you pay me a little amount.

I think $855 is a nice price for it!

I accept only Bitcoins.

My BTC wallet:

If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.

After receiving the above amount, all your data will be immediately removed automatically.

My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.

If this does not happen – all your contacts will get crazy shots with your dirty life!

And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!

Various security services or antiviruses won’t help you for sure (I have already collected all your data).

Here are the recommendations of a professional:

Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.

Bye.

“