GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Two days ago I received an e-mail that basically said that a hacker had cracked both my e-mail and my "device". A password I frequently used to use was in plain text in the e-mail. The sender then informed me that he had uploaded malware code to my system through my e-mail, saved all my contacts, as well as "installed malware on my device" and intercepted my traffic to certain "dirty web sites" I supposedly have visited. He has also made screenshots of this and apparently used my systems camera (which I don't have one) and now threatens to send this material to everyone I know if I don't pay a 900$ ransom.
Now, I obviously have no reason to pay anything. The password presented is not the e-mail password, but one I used to use frequently on several sites and services in the past. The worst thing is that I until today used that password for my Google login. I have an idea on the background to this as several months or maybe even up to 2 years ago, I got an e-mail from a computer forum I used to visit, that their user database had been compromised and that users were recommended to change their password on both their site and on all sites and services where the same password might have been used. Unfortunately I never remembered to do that.
Anyway, the e-mail is written rather poorly to the point that I suspect that whoever has written it doesn't have English as their native language.
The e-mail account I got the e-mail on is one I only use for "historical" reasons and is one I have long thought about removing.
My question now is what I should think about and what precautions to take. Could my computer (and other devices..?) be infected (I don't use Windows btw)? I have obviously changed the password on Google and some sites where I can remember I have used the old password.
I now need your advice
It sounds like a scam to scare you into paying. Usually if they've hacked your system they lock it and make you pay the ransom to unlock it.
You should change your password on all sites not just the ones that had this password. Ideally you should use a different password on every site so if in fact one gets cracked they don't automatically have your password for all sites.
You should also make sure the only email accounts associated with sites you have accounts in are accounts OTHER than the one you've been thinking of removing. Verify they haven't requested password reset emails to that account. Some sites make you add a new email account and they send notice to the old one. Watch the old one and delete those as they come. Once the new account is associated with the site delete the old one from the site.
You could look into things like virus scans and root kit hunters to verify your system isn't infected.
Last edited by MensaWater; 10-31-2018 at 09:31 AM.
Agree with MensaWater - sounds like the perp is trying to trick you into giving $ because they were able to get a hold of an old password. Social engineering is what this is...
Definitely a scam. I report these to the delivering ISP, as with any unsolicited commercial email.
Yes, it is disconcerting that a once legit password is referenced, but, as has been said, just don't use that password anywhere again, and be sure that all passwords are different.
Thank you for your replies! My biggest concerns are that my Google account or my computer would be compromised. Though I am running Linux I guess a malware infection by said scammer wouldn't be impossible..
I have changed e-mail and password on the sites I can remember...
Last edited by trafikpolisen; 10-31-2018 at 11:12 AM.
If you can log into your google account, change the password immediately and implement 2 factor auth using google authenticator app. As for your Linux computer, best you can do is as MensaWater suggested: run rkhunter and possibly an antivirus scanner to ensure it's oK.
I think I've now done what I can. I've changed my Google password again and enabled 2-step auth. And I've changed the password on the sites and services I can think about and will change the rest as soon as they come to mind.
I have scanned my computer with rkhunter, which complained about the following:
/usr/bin/lwp-request [ Warning ]
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]
I have scanned with clamav, which passed.
The positive side of all this is that I've now done a much needed overhaul of my security. I think of myself as a fairly security-aware person, but one tends to get lazy
I Googled the breach on the website I mentioned earlier and that was apparently over three years ago and according to that website the passwords was stored as hash sums. But that is the only obvious thing I can think about.
Btw, off topic and unrelated to this; is it possible to change user name/alias on this forum?
Last edited by trafikpolisen; 10-31-2018 at 01:05 PM.
They are scams using passwords gotten from a system breach at some popular website several years ago. I spent hours studying it because several months ago I got a few of those emails.
The passwords found are at least 5 years old. Some say possibly even 10 years, but if you have any old accounts with that password, it should be changed. They won't be trying to get in anyway because what they did was mass mailing of those warnings and some people do actually pay them. That's all they want.
I got a couple of similar scams. One I think identical to yours, and another that had the sender address spoofed as my own in a further attempt to make it look like I'd been hacked.
For all sites I'd used the compromised password on, I changed the passwords to new unique ones I store in KeepassXC. Which took a good couple of hours - that should teach us not to reuse passwords!
Thanks for all the helpful answers and insights! As mentioned, this has really highlighted the problem with reusing passwords. Wasn't easy to figure out new good passwords for every site and service though.. It's hard to memorize completely random passwords.
It's hard to memorize completely random passwords.
You shouldn't have to (otherwise it would not be good passwords because it would mean that they are not complicated enough...or you have awesome skills ahahah).
They are password managers for that task, you can have a look at:
There are others of course but I'm really satisifed with KeepassXC (I used KeepassX before - see https://www.keepassx.org/ - but it's not actively maintained anymore)...
Or you could use something like Iron Key encrypted flash drives so you have your passwords all the time. They work on both Linux and Windows. My company provides them to admins.
For personal stuff I've created a bit blocker encrypted thumb drive which has gvim installed and I use gvim encryption for the actual password file (i.e. 2 different layers of encryption). In the event it is out of my possession for any length of my time I immediately use a backup to begin changing all my passwords. Theoretically breaking both levels of encryption shouldn't occur but nothing is impossible. It does however, tend to delay things giving me time to change the passwords. I've only had to do that once when Canadian border security got hold of my encrypted file. I don't know if they even realized it was there on the laptop they scanned but didn't wait to find out - I changed passwords just on the possibility. Nowadays I do not keep this encrypted file on my laptop and don't carry thumb drives across borders.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.