Personal Account Security Issue

2FA enabled, password already changed and I didn't receive any security alert which Gmail sent me whenever I logon to new devices to check the activity.

Received the below message in my personal Gmail account.

-------------------------------------

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account XXXXX@gmail.com was hacked, because I sent message you from your account.

Now I have access to all your accounts!
For example, your password for XXXXX@gmail.com: PASSWORD

Within a period from July 31, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $800 to our Bitcoin wallet: 1F5csJmyf3yJs5s25tZmYKoFXznR452er9
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

-------------------------------------------------

How is it possible when 2FA enabled and the password he/she send me is years and years ago i have used. Without OTP who he/she can log and send this email to me.

I don't have webcam and how smartly he/she bluffing.

Do i need to be worried?

Any suggestions..
LVL 5
austin minorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlanConsultantCommented:
Hi,

I get those, my clients get those, pretty much everyone gets them.

Unless you have some other indication that your account has been compromised, it is just spam made to look like it was sent from your account to yourself, and can be deleted.


Alan.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
austin minorAuthor Commented:
Thanks for reply.

I have reported that email to phishing so  that Gmail team can review that.
AlanConsultantCommented:
Sounds like a good idea.

Don't hold your breath about getting a real (not automated) reply, but no harm in trying - you never know :-)


Alan.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

austin minorAuthor Commented:
I'll try :)
Iamthecreator OMIT Admin/EE Solution GuideCommented:
We use G Suite in our company.
I monitor the quarantine every day to release any legit emails.
I have been seeing a lot of these messages lately, for different addresses.
You should not worry about this.
Let us know the response you get from Google.
Have you got the right SPF,DKIM and DMARC in place?
austin minorAuthor Commented:
I'll let you know the response from Google.
It's my personal account and not much aware about SPF,DKIM and DMARC.
Iamthecreator OMIT Admin/EE Solution GuideCommented:
Check your email address on the following website

https://haveibeenpwned.com/
austin minorAuthor Commented:
The result shows this "Pwned on 2 breached sites and found no pastes"
masnrockCommented:
This is a twist on a known scam. The way the scam works is basically this:
The password of an account of yours was stolen a while ago (perhaps several years)
Someone obtained that password by purchasing a list.
They try contacting you in order to get money from you, citing that stolen password in the process.

Chances are that person simply forged your email address. If you looked at either the headers or the reply to address, you will most likely find some interesting results. Share of you would like.

Do the following:
1) Change the password for any account using that password mentioned in the email.
2) Don't use the same password for multiple accounts.
3) Double check the 2FA settings for your gmail account.
4) Do not respond or send money to the party who sent you the email.
AlanConsultantCommented:
Unlikely, but as has been said before, you can't rule anything out, and that is the trap you can fall into - chasing down willow-the-wisps, and spending / wasting a lot of time.

Far more likely it is just spam made to look like you sent it to yourself.

Always apply Occam's unless there is other evidence that your account has been compromised, but feel free to change the password if it makes you feel better, then change your 2FA device, then change your name, and move home, and .....

:-)

Alan.
masnrockCommented:
The result shows this "Pwned on 2 breached sites and found no pastes"
Which 2 sites? Somehow I would not be surprised if LinkedIn was one of them.

However, eliminating the use of that password in the email would be a really good idea. Why? Because many people tend to reuse passwords in multiple places. So even if they never got into your Gmail account, they might successfully access another account that uses the same password.
AlanConsultantCommented:
Change those passwords by all means, but with 2FA setup, it is highly unlikely to be the answer to the author's question.


Alan.
austin minorAuthor Commented:
Its not showing the websites when I click in breached sites it showing "About Us" section.

Yes password changed.
2FA already enabled since years.
Sure - I am not going to reply or send them any money.
masnrockCommented:
Its not showing the websites when I click in breached sites it showing "About Us" section.
Don't click the link for "breached sites", just scroll down, and you'll get to the information you need.

@Alan - Actually touches on some key points, because the password may be used for more than just Gmail (including accounts that don't have/offer MFA). Yes, an account using MFA should be safe, but even then, do you want to know that someone else has one of the two factors? Bear in mind that things can even happen to systems meant to provide a secure second factor (see SecurID incident).

With regard to his email account, the following from my earlier addresses why the email appears to be from his own account: "Chances are that person simply forged your email address. If you looked at either the headers or the reply to address, you will most likely find some interesting results. Share of you would like." Good chance that's going to have enough information to prove the fact that it isn't from his account.
austin minorAuthor Commented:
Thanks for the valuable information.

I Didn't click any link.

When i click on reply what I see is reply to- "My name < my email> "

Email I received

From - my email address
To: My number < my email >
AlanConsultantCommented:
Okay, but that just tells you that the sender was spoofed to be you.

As mentioned before, this is very common spam, and unless you have any reason to think your account has actually been compromised, there is likely nothing to be worried about.

Alan.
austin minorAuthor Commented:
Thanks all for your valuable suggestions.

All the suggestions are helpful.

Close the thread and distribute points to all.
masnrockCommented:
You will need to close the question and distribute the points as you see appropriate.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chat / IM

From novice to tech pro — start learning today.