Emails Exposing Passwords & Demanding Bitcoin

I would suggest scanning all of your devices for virus and rootkits. to include your mobile devices. In addition to this, I would change "all" of my passwords using a computer that I was sure was not infected with malware.

After this was done, I would move all my passwords to a secure and encrypted password tracking application such as 1Password or LastPass. After my passwords were moved, I would delete all credentialed data from Chrome, and also the Windows credential manager and let 1Password and/or LastPass handle the authentication from now on.


1Password : https://1password.com/

LastPass : https://www.lastpass.com

How would I scan iPhone, or do I need to??

Also, scanning my PCs with Avast + Boot Scan, is it sufficient????

I would download and run Malwarebytes on my PC https://www.malwarebytes.com as well as download and install Emsisoft https://www.emsisoft.com/en/software/eek/

It never hurts to run more than one Antivirus when you are looking for malware. When you are done, just remove it if you are running the premium trial version.

You may run all antivirus and malware software out there... you are not going to avoid this by doing so.

First, these emails are coming from all around the world from different accounts and servers.  They will use what is for me a vulnerability or flaw in the email handling process.  The envelope of the email will have the real sender but in the "TO;" field they will use this flaw to make it look like it is from yourself or someone else.  I'm not typing it here!!.  The way they get your username and password can vary from random codes of websites you have visited or from unverified code running with adds along with real information on the sites you visit.  Also, they can go and read your saved passwords regardless where you put them.

At work few people got this, was easy to find out the why only few of them... they all played online games at work!!!


If these password are valid and in use, then go change them and for the love of God!!! do not save your passwords... better type them every time you need them.  I know might sound tedious but is my recommendation. By the way, I'd use the same password for over the last 25 years and since I created it... it has a Capital letter, lower cases, numbers and special characters with a length of 10 and never store it anywhere not even in my computer at home.

These are going around all the time now.  So many different sites have been penetrated due to poor security that passwords are widely available for a few cents each and you can buy email addresses associated with passwords by the million.

I got several amusing ones -- which  would have been terrifying if I hadn't known what was going on -- over the last few months with an obsolete password for LinkedIn and claiming that they had video from my computer's camera showing me surfing porn sites.  "That is quite a trick," says I, "considering that there are no cameras on any of my systems."

But as a point of good security, don't keep your passwords stored on your computer in any way, shape or form.  Buy a little notebook and keep them in there, written down, completely inaccessible to the computer except when you type them in.  Don't let any of your browsers store passwords; this is asking for trouble.  Use a random password generator (you can easily find them on the net), and use different passwords for each site.  Then when one of the sites you use get broken into (and it will happen again, in the US big companies have no motivation to keep your personal info secure), you have two advantages.  One, that password won't open up any of your other accounts.  Two, when they say "I know your password, here it is" you look it up in your book and say, "Ah, Facebook ... again."

Check your emails on this website: https://haveibeenpwned.com
After the query, scroll down a bit to check if any breach involved the CLEAR or hashed password. If it's not there, the password must've been gotten from you. If the bank is listed, it's most likely they got the password from there. If your email was always stored server side, and the password of your email is listed, someone must have used that info to log in, and scanned through your email.

I'm with Dr. Klahn... Some of these messages are super amusing.

1) Never pay them.

2) Never respond.

3) I've put a filter now that bounces all these, at send time, saying "The user you're trying to reach no longer has a mailbox here..."

4) Never, ever, ever use the same or even a similar password twice.

I generate unique 16-32 byte unique alphanumeric strings for all my passwords + keep these passwords in a strong encrypted file.

Using services which gather together passwords... gives me the willies...

Some day LastPass will be hacked or the company bought by an organized crime syndicate or one of the underpaid employees there will sell the entire database.

Keep this in mind when you divulge all your passwords to some convenience service.

If it's not there, the password must've been gotten from you.

@Kimputer, that's not correct. There are plenty of data breaches where the data hasn't been made public, and therefore isn't available to the haveibeenpwned.com site.

Can I export all my passwords from Chrome and Windows Credentials, so I know where I have used the exposed password?

I also don't have a camera connected, but the email contents was the one that you described above regarding the porno sites. However we have very intimate photos of my wife and myself that are private. Should I be worried?

Also, can it be my malware in my IPhone?

You can export passwords to .csv from Chrome as follows:
1. Open the Chrome Settings page
2. Click Passwords
3. To the right of "Saved Passwords", click the 3 vertical dots, and there should be an option "Export passwords".

These are the results from Malware Bytes...what does it mean?

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/27/18
Scan Time: 1:00 PM
Log File: 5f7d8700-f26e-11e8-a498-180373be0e53.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8047
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: OPTIPLEX\Nataliia & aleks

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 530134
Threats Detected: 10
Threats Quarantined: 0
Time Elapsed: 17 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.InstallCore, HKU\S-1-5-21-977892953-2162632028-4269820573-1000\SOFTWARE\PRODUCTSETUP, No Action By User, [407], [481004],1.0.8047
PUP.Optional.InstallCore, HKU\S-1-5-21-977892953-2162632028-4269820573-1000\SOFTWARE\CSASTATS\ic, No Action By User, [407], [586068],1.0.8047

Registry Value: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-977892953-2162632028-4269820573-1000\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [407], [481004],1.0.8047

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.WinYahoo.TskLnk, C:\USERS\NATALIIA & ALEKS\APPDATA\LOCAL\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}, No Action By User, [714], [484244],1.0.8047

File: 6
PUP.Optional.WinYahoo.TskLnk, C:\USERS\NATALIIA & ALEKS\APPDATA\LOCAL\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\sona, No Action By User, [714], [484244],1.0.8047
PUP.Optional.WinYahoo.TskLnk, C:\Users\Nataliia & aleks\AppData\Local\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\config.dat, No Action By User, [714], [484244],1.0.8047
PUP.Optional.WinYahoo.TskLnk, C:\Users\Nataliia & aleks\AppData\Local\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\info.dat, No Action By User, [714], [484244],1.0.8047
PUP.Optional.WinYahoo.TskLnk, C:\Users\Nataliia & aleks\AppData\Local\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\install.log, No Action By User, [714], [484244],1.0.8047
PUP.Optional.WinYahoo.TskLnk, C:\Users\Nataliia & aleks\AppData\Local\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\Sqlite3.dll, No Action By User, [714], [484244],1.0.8047
PUP.Optional.WinYahoo.TskLnk, C:\Users\Nataliia & aleks\AppData\Local\{F856CE0A-DCFE-A2B2-B166-875A950E7BC2}\uninst.dat, No Action By User, [714], [484244],1.0.8047

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Select allOpen in new window

Only low risk potentially unwanted program (PUP) found (Yahoo isn't gonna risk going full malware to protect their brandname).
Would have been helpful if you actually checked what I asked you though. Because a positive (or negative, depending on how you look at it), would shed some light already on the whole situation.