Scammer skimming forum info demanding payment?

quickmac · Jul 13, 2018

Hi all,

Just a heads up that I received a "scammer" email today trying to blackmail recipients by demanding bitcoin payment. It was great for a good laugh as the "scammer" claims they gained remote access to a device and recorded "fun adult" websites the recipient "visited" and that they were going to send the video to my "social media friends" if I didn't pay them $1,200 in bitcoin.

I was able to trace back the source of how they got my contact info because they listed my macrumors username and partial "now old" password for my account here . They didn't explicitly name MacRumors but since I only use this username here , it was pretty easy to figure out how they got my contact info.

Stay safe out there on the interwebs!

whooleytoo · Jul 13, 2018

Thanks for the heads up!

p.s. so, you not going to pay me, no?

eyoungren · Jul 13, 2018

quickmac said:
Hi all,

Just a heads up that I received a "scammer" email today trying to blackmail recipients by demanding bitcoin payment. It was great for a good laugh as the "scammer" claims they gained remote access to a device and recorded "fun adult" websites the recipient "visited" and that they were going to send the video to my "social media friends" if I didn't pay them $1,200 in bitcoin.

I was able to trace back the source of how they got my contact info because they listed my macrumors username and partial "now old" password for my account here . They didn't explicitly name MacRumors but since I only use this username here , it was pretty easy to figure out how they got my contact info.

Stay safe out there on the interwebs!

Some years back I got a call from someone I didn't recognize claiming to be a MacRumors moderator. Unless I know your number or you're in my contacts I do not answer calls.

So, this person left a voicemail going on and on about how I was in trouble for bringing up torrenting on the MacRumors forum and such and such. The number that was used was a Google Voice number so right away I knew it was some person trying to hide their real number.

A quick confirmation with MR mods revealed that they do not, under any circumstance, call members. Which I knew, but just wanted confirmation of.

So I blocked the number. Never heard from that person again.

But here's the thing. This was way before that whole Neighborhood SPAM call thing that's been happening and my number isn't listed.

Sure, a war dialer could have brought my number up for someone who was making spam calls but the caller was very specific about his tirade.

I can only think it was someone in a thread that was bent out of shape enough to seek out my number. Can't imagine what would have been said if I'd actually answered the call.

C DM · Jul 13, 2018

quickmac said:
Hi all,

Just a heads up that I received a "scammer" email today trying to blackmail recipients by demanding bitcoin payment. It was great for a good laugh as the "scammer" claims they gained remote access to a device and recorded "fun adult" websites the recipient "visited" and that they were going to send the video to my "social media friends" if I didn't pay them $1,200 in bitcoin.

I was able to trace back the source of how they got my contact info because they listed my macrumors username and partial "now old" password for my account here . They didn't explicitly name MacRumors but since I only use this username here , it was pretty easy to figure out how they got my contact info.

Stay safe out there on the interwebs!

So how did they get password information? Username is one thing, given that it's just out in the open, but password is something completely different.

mobilehaathi · Jul 13, 2018

C DM said:
So how did they get password information? Username is one thing, given that it's just out in the open, but password is something completely different.

I thought there was a security breach a few years back. I don’t really remember though.

arn · Jul 13, 2018

C DM said:
So how did they get password information? Username is one thing, given that it's just out in the open, but password is something completely different.

We did get hacked a while back (we emailed everyone when it happened) so it’s possible that db got circulated.

arn

jonblatho · Jul 13, 2018

arn said:
We did get hacked a while back (we emailed everyone when it happened) so it’s possible that db got circulated.

arn

When was this? I don’t recall getting an email, but I’d like to know if I was affected.

hawkeye_a · Jul 13, 2018

jonblatho said:
When was this? I don’t recall getting an email, but I’d like to know if I was affected.

Same here. @mods When did it happen?

S.B.G · Jul 13, 2018

November 2013

https://forums.macrumors.com/threads/macrumors-forums-security-leak.1670588/

Nermal · Jul 13, 2018

That meshes with some other advice I've seen that the data is 5+ years old.

max2 · Jul 13, 2018

quickmac said:
Hi all,

Just a heads up that I received a "scammer" email today trying to blackmail recipients by demanding bitcoin payment. It was great for a good laugh as the "scammer" claims they gained remote access to a device and recorded "fun adult" websites the recipient "visited" and that they were going to send the video to my "social media friends" if I didn't pay them $1,200 in bitcoin.

I was able to trace back the source of how they got my contact info because they listed my macrumors username and partial "now old" password for my account here . They didn't explicitly name MacRumors but since I only use this username here , it was pretty easy to figure out how they got my contact info.

Stay safe out there on the interwebs!

I got the same thing a few days ago.

jeremysteele · Jul 14, 2018

max2 said:
I got the same thing a few days ago.

Same here - albeit unrelated to MR's previous breach. Got a nice email with an old password I haven't used in 5 years appended to the subject line. Silly part is I use a different password on every site, and have done so since ~2009ish. Tracked it down to a vBulletin breach on an auto forum I used to regular.

Stuff like this is the reason why I like to:

Use a different password on every site (lastpass, 1pass, etc)
Try to use email aliases to mark what site the email is used on. For instance me+macrumors@gmail - it makes it trivial to track where breaches occur... you'd be surprised (maybe not?) of how many go unreported.

NoBoMac · Jul 14, 2018

Read somewhere the other day that this is going around, and not just MR. If your email/password/PII was caught up in any breach, they will try to scam you with this blackmail scheme.

As mentioned earlier, big tell if scam is that you see a password that you have not used in ages. If still using the same password on all your sites, 1) shame on you 2) can see how people fall for this (omg! They do have my info!).

ADD: Krebs post on this. https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Search

Search

Scammer skimming forum info demanding payment?

quickmac

macrumors 6502

whooleytoo

macrumors 604

eyoungren

macrumors Nehalem

C DM

macrumors Sandy Bridge

mobilehaathi

macrumors G3

arn

macrumors god

jonblatho

macrumors 68030

hawkeye_a

macrumors 68000

S.B.G

Moderator emeritus

Nermal

Moderator

max2

macrumors 604

jeremysteele

Cancelled

NoBoMac

Moderator

Our Staff