Sexploitation Email

DoaM

motorguy wrote: »

Have a look here...

https://haveibeenpwned.com/

If your email address was registered with any site that has been compromised in the past, they will generally know about it.

Adobe, MySpace and Onliner Spambot (never heard of it).

What is a Paste? I can see 81,875 Pastes at the bottom of the page, but assume that's a total and not in any way related to me?

Stoke

HaveIBeenPwned.com is fine for the massive data breaches, but those are the kind of data breaches where the data leaked is sometimes borderline useless. I just tried it myself, 7 data breaches, so I decided to dig into one of them and basically, my 'exposure' was an e-mail address and username..... So, in reality, absolutely !!!!ing useless. A username and e-mail isn't enough.

What HIBP not good for is scraping the tiny data breaches of small companies and forums, like when some random website like, I don't know, FiatFanatics.com gets compromised, with a user base of say 20,000 people. Those are the ones where security is often weak (like plain text passwords etc), the data leak is often the entire database, so more detailed with IP's, birthdays', addresses, phone numbers etc, and the administrators are unlikely to come forward and tell you that the breach has taken place, because they're just guys doing it as a hobby.

I need to be careful, because I don't want to trigger any administrators, but this is what I'm talking about:
https://www.exploit-db.com/papers/13130/

Before anyone gets triggered, above is a very old dump (24-11-2006) from nine small websites. It's been round the block so many times that I suspect any data that was useful, has already been harvested or changed. However, as you can see, you've got dumps from mostly small time websites, some of which have totally plain text passwords, others are just MD5 which has now been cracked to death, basically with the use of rainbow tables (it's a one-way encryption).

Now, with that data, you can construct the phishing scam that is spoken about in the Mirror.

On another note, I suspect the 12 year old kids behind the dump above are now safely unemployed and have absolutely no discernible talent whatsoever.

Stoke

DoaM wrote: »

Adobe, MySpace and Onliner Spambot (never heard of it).

What is a Paste? I can see 81,875 Pastes at the bottom of the page, but assume that's a total and not in any way related to me?

A paste is essentially a dump, like above, whereby someone runs an SQL query on a database to dump everything to a text file. They then paste it on github, pastebin, etc..... it also proves that HIBP's paste detection is horse !!!!, because my e-mail address apparently has no pastes..... and I know for a fact that isn't true.

onomatopoeia99

arciere wrote: »

I normally reply to this kind of scam emails to see how long I can drag it out before the scammers realise I'm just wasting their time.

My record is 7 emails from them. Need to improve.

These types of scams don't usually have a reply address that you can use, they want payment by bitcoin, so you cannot enter into correspondence.

Stoke

onomatopoeia99 wrote: »

These types of scams don't usually have a reply address that you can use, they want payment by bitcoin, so you cannot enter into correspondence.

:rotfl:

Sorry, but if someone is stupid enough to send 7 grand without some kind of dialogue or proof...... jesus christ. That's like someone running into a shop and saying "GIVE ME ALL YOUR MONEY" to the cashier and him just handing it over, only to realise after the guy leaves that he had no gun, knife, plastic sword, inflatable mallet...... People cannot be that stupid?

onomatopoeia99

Stoke wrote: »

Edit:
Also, not that I give a !!!!, but I checked the bitcoin address from the Mirror article. He's made a sum total of £0 running this scam. Sounds like he'd be better leaving his musky sweaty bedroom where he eats nothing but Dominoes pizza all day and plays world of warcraft and going out, getting a job, being a productive member of society. But hey, that's just my opinion.

You can generate a new receiving address for every bitcoin transaction, so all that tells you is the person posting the message containing the address hasn't paid ...

Stoke

onomatopoeia99 wrote: »

You can generate a new receiving address for every bitcoin transaction, so all that tells you is the person posting the message containing the address hasn't paid ...

You can, but it would take a while unless you can automate it? (Can you? I don't know all that much about BC)

If you can't automate it, it'll be literally everyone he sent it to? Possibly thousands, which would indicate not a single person fell for it.

Regardless, like I said above, if they do fall for it, I'm not even sure a crime has been committed, it's that stupid. You have wilfully handed over good money, under almost no duress at all.

People need to wake up a bit more. What the hell happened to our intuition? People driving their cars into lakes "because me GEE-PEE-ESS told me too", people handing over 7 grand because someone asked for it? If you've got 7 grand to waste, give it to charity. If not, use your brain a bit more.... you'd be amazed what you can do with it.

RumRat

I don't have any sympathy for anyone falling for any of these scams anymore.
The internet has been around for decades now and people shouldn't be on it if they don't know what the risks and signs are.
These stupid people have been around as long as the conmen preying on them. They are just easier to get to with the internet, no groundwork required....

ballyblack

I don't have any sympathy for anyone falling for any of these scams anymore.

Look upon it as a tax on fools!

Tallaght

I had an email asking for 5k as they have recordings of me on cam but i have never used a webcam
It seems like they just send it to anyone and then see how many they can catch.There has been a lot of suicides especially amongst teenagers.