Is this phishing & if they got one thing right, what do I do about it?

[Sooz]

Got this, sent from "Recorded You" this morning in my yahoo mail email accounts -- the account is associated with gardening.

I guess I ignore it?

Hey, I know your password is: (they inserted one of my passwords associated with a different email, but without the capital or lower case letters or symbols--but it was not the correct PW for this gardening email where the phishing landed in the Spam box).

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 900$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible shit that will happen if I publish everything!

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin!

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it, my mailer script has been configured like that and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!
Mail-Client-ID: 3986288461

[Highmac]

Yours is a very good guess... Jim's the expert on this stuff, but one thing I've learned here - DO NOT click on ANY link on that message. 

It's fairly likely the password choice was a lucky coincidence for for the spammer.

Main thing is - don't panic. I'm sure Jim will be along soon 

[Xairbusdriver]

Yep, just search for "Remote Administration Tool scam" and you;ll get plenty of hits. Actually, I thought I'd posted about it here at TS a few weeks ago.

There are actually lists of 'harvested' passwords and associated email addresses on the dark web. Which is why we always suggest you use different passwords everywhere. It's one way to prevent the combo from being used at more than one site.

Often, many forum/discussion sites don't even know their members data has been 'borrowed'. That's the reason we also suggest you always change the password from any site that admits to being hacked and also any email that mentions any particular site that you know you have a password stored. It's so simple to create and use good passwords when you use a good password manager.

Of course, you should also avoid using your real email address when visiting sites where you record stuff in front of your camera!!!

[Sooz]

Neil, I didn't click on anything--I knew to not do that b/c you good people taught me well!    

Jim, I do try to use different passwords everywhere, and sometimes, variations on them if they are all associated. 

For example, if my PW was Ala$kA@907 for the email associated with AmazonSmile online purchases, I might use a variant of that as follows for eBay purchases:  A1@$k@@907.

If I have two yahoo accounts that are interconnected, i.e. retired district teachers for one email, and retired teachers (from my high school) book club for the other email, I'm likely to use the same PW.

I seem to have A LOT of passwords when I sit down and think about it b/c I don't want to use the same PW for everything!  I tried using a couple of PW managers or generators, but those didn't float my boat.

ha ha The only thing I do in front of a camera is -- nuthin'    I am *behind* the camera to take photos of food and family! No weird influencer stuff or videos or YouTubes featuring me me me coming from me! 

Thanks!!!!!!
Smiles,
Sooz

[Highmac]

"one of my passwords associated with a different email, but without the capital or lower case letters or symbols"

To be pedantic, just having one character "wrong" means they have not got YOUR password and it won't work, so you are being very sensible.

   I believe it was Marie Antoinette who said "The pedants are revolting..." 

[Sooz]

Neil, I can always count on the humor here!!!! Thanks!

[chriskleeman]

All good advice here Sooz, I posted about these types of emails a while back. I was receiving 3-6 of them a day in each of my vermontel.net addys. Although I'm not a current customer, CapitalOne keeps sending me credit alerts, and yesterday I found at least 8 instances where one of my vermontel addys is on the Dark Web, and that the password had been exposed. And sure enough, one of my old, much simpler passwords has come through several times in these extortion emails. I've been working with the techs at VTel internet and changed my passwords (again), and one thing that has helped immensely to keep these emails out of my inboxes was to lower the "score" threshold of their Spam Filter, Roaring Penguin. This has kept 99% of these annoying emails out of my inbox. Eventually, as time permits, I will probably need to dump these accounts, but am keeping them for now because there are folks out there who just don't want to change my contact info for whatever reason. Keeping different and complex passwords over different sites will also help greatly. And depending on your ISP, they may be able to adjust the threshold of what comes into your inbox as well. I was spending an inordinate chunk of time every day scrolling through what was mostly junk in the email quarantine, and now it just takes a few seconds to go through the quarantined messages to ferret out any legitimate messages.

And the admins work really hard here to keep these jerks out of our Forum!

HTH,

Chris

[Sooz]

Thanks, Chris (Mr. Gee-tar Man!), I appreciate your input and suggestions about this!
Have a good day!
Smiles,
Sooz

[Xairbusdriver]

Here's a new (to me) scheme: "Buy our product and we'll return some of the cost."

We are brand HUAN XUN which is one professional jewelry company.  Recently, we create a review club for whom would like to review our products.

We sincerely invite you to join our club.

How to go:
1. Buy the product in our amazon store.
2. Leave 5 stars review.
3. Send us order ID, review content and paypal account.
4. We will refund full with extra 30 USD as review fee

Notes: Please do not report this email to amazon, otherwise you will lose your buyer eligibilty.
            We got your address and all of your personal information, think more.!!!!!!!!!!!!!

In other words, don't buy our product because it is good, buy it or else!! Marketing 101, Monopolists, Inc.

[Paddy]

If the email is actually FROM them, then send it on to Amazon; they shouldn't be doing this. They are a seller on Amazon - I just looked them up.

Read on for more info on the business of fake reviews on Amazon. I had no idea it was this bad...

https://thehustle.co/amazon-fake-reviews

[Xairbusdriver]

If the email is actually FROM them, then send it on to Amazon

It could just as well be another company trying to get this one kicked off Amazon. The greed generated by the commercialization of the web is seemingly unlimited. I avoid Amazon as much as possible. It is too easy to find nearly any product available for just a bit more than A. I'm sure that giant will have no sleepless hours because of my stubbornness or weird behavior, however.

[kimmer]

Read on for more info on the business of fake reviews on Amazon. I had no idea it was this bad...

https://thehustle.co/amazon-fake-reviews

This is why I don't even read the reviews at Amazon. I research trusted sites and talk to friends.

[Paddy]

Yes, but how do you distinguish a "trusted site"? There are so many out there now who get kickbacks (affiliate links etc.) that it's hard to find that too!

Take everything with a pound or three of salt. It is sometimes quite easy to spot the fake reviews on Amazon - they tend to have little about the actual user experience. And I basically discount any review that says the reviewer received the product free as part of some sort of "advance" program or whatnot. I see that in self-published books by unknown authors a lot.

As for the email that you got, Jim - it did cross my mind that it could be from a competitor (which is why I said if it is actually FROM them, which should be easy to tell using something like SpamCop to parse the headers).

[kimmer]

Yes, but how do you distinguish a "trusted site"? There are so many out there now who get kickbacks (affiliate links etc.) that it's hard to find that too!

I agree. I'm referring to sites I've used for several years for reviews and found them accurate. Most of all, I ask friends and family--most honest folks I know.

[Xairbusdriver]

OK, Paddy, I've just closed a Chat with an Amazon (or a very clever BOT of theirs). Sent them a screenshot of the SPAM message and the raw source. They were most concerned that the email shows an Amazon url that is fake. I'm considering taking up the offer from this "company" by ordering a $9.99 name bracelet, writing an amazing review and collecting my $30 fee through PayPal. My first task is to figure out which of the five fake stores they list would actually get me to the real Huan Xun pages at Amazon, I certainly don't want to actually buy something that doesn't get me that thirty dollars!!!

I feel I have done way more for Amazon than they have ever done for me. Case closed.

BTW, if my discussions with "Amazon" results in additional SPAM from an Amazon seller, I will create a rule in Mail to forward all SPAM to you!! Just remember: "We got your address and all of your personal information, think more.!!!!!!!!!!!!!"

Amazon info on suspected SPAM:

To report a phishing or spoofed e-mail or webpage:
Open a new e-mail and attach the e-mail you suspect is fake.
For suspicious webpages, simply copy & paste the link into the email body.

If you can't send the e-mail as an attachment, you can forward it.

Send the e-mail to stop-spoofing@amazon.com
Note: Sending this suspicious e-mail as an attachment is the best way for us to track it.