A very worring e-mail

BoD · December 21, 2018

I have reieved the folowing worrying e-mail.

The information it discovered (hidden above) was my e-mail address and password, although the password is not the current one but one that I have used in the past. I do change the password although possibly not often enough.

This company, Vonahi, appears genuine although you can never be sure if the email itself is from them. Of course I haven't clicked on any of the links in the e-mail - its quite possible that this is a scam to get me to do that. I'm assuming that the data is out there and it is not some sort of virus/malware/keytracker that I have as I believe I'm well protected and the data is old.

What is worrying is that the data is 'out there' but I suppose I shouldn't be surprised given all of the leaks and hacks that we hear about. Fortunately, so far, it appears that it has not been used maliciously, nor could it be with the password they have, so nothing has really changed since before I received the e-mail except that now I know about it and am worried. Do I change my email with all the hassle that involves? Or do I rely on changing my password? Should I inform my e-mail supplier?

Be careful folks, nothing is safe out there.

Joseph_Pestell · December 21, 2018

Certainly looks like a scam to me. Where is .io?

Moxy · December 21, 2018

I have reieved the folowing worrying e-mail.

Capture.JPG

The information it discovered (hidden above) was my e-mail address and password, although the password is not the current one but one that I have used in the past. I do change the password although possibly not often enough.

This company, Vonahi, appears genuine although you can never be sure if the email itself is from them. Of course I haven't clicked on any of the links in the e-mail - its quite possible that this is a scam to get me to do that. I'm assuming that the data is out there and it is not some sort of virus/malware/keytracker that I have as I believe I'm well protected and the data is old.

What is worrying is that the data is 'out there' but I suppose I shouldn't be surprised given all of the leaks and hacks that we hear about. Fortunately, so far, it appears that it has not been used maliciously, nor could it be with the password they have, so nothing has really changed since before I received the e-mail except that now I know about it and am worried. Do I change my email with all the hassle that involves? Or do I rely on changing my password? Should I inform my e-mail supplier?

Be careful folks, nothing is safe out there.

It sounds like some sort of scam to me, they want you look at their pages to try to sell you something you probably don't need.

Change your password, then delete the e-mail. I'd report it to your e-mail supplier as a phishing e-mail. For all we know they may have sent that e-mail to all Talk21 customers.

HTH

Moxy

Joseph_Pestell · December 21, 2018

Certainly looks like a scam to me. Where is .io?

Googled it. British Indian Ocean Territory (never heard of it).

Does not sound like a likely location for a genuine operation.

BoD · December 21, 2018

I was 90% sure it was a scam.

What worries me is that they had not just my email address but one of my old passwords.

Joseph_Pestell · December 21, 2018

I was 90% sure it was a scam.

What worries me is that they had not just my email address but one of my old passwords.

I have had the same problem recently. I think it was hacked from Facebook - but possibly from here.

TheSignalEngineer · December 21, 2018

Googled it. British Indian Ocean Territory (never heard of it).

Does not sound like a likely location for a genuine operation.

Several on-line forums formerly on Yahoo Gtoups are now using Groups.io

December 21, 2018

Seem legit and is an informational/marketing mail.

They are a security company and have clearly seen some information that has been published by hackers somewhere.

Somewhere you have an account with has been compromised. That is useful information to know.

Use of dubiously obtained information for marketing is somewhat dubious. They'd be in trouble with GDPR.

So yeah. Change your passwords and don't use the same password for more than one account.

Edited December 21, 2018 by 30801

TheSignalEngineer · December 21, 2018

deleted duplicate post

Edited December 21, 2018 by TheSignalEngineer

Pete the Elaner · December 21, 2018

Scammers (or Phishers) try to trick you into giving your password, bank details etc to them.

By telling you your password, this company seems to be proving that you need to be more cautious.

I would just change the password they have got hold of (& maybe some others too if you believe that the accounts may be compromised), but the OP says he did this anyway.

NorthBrit · December 21, 2018

Googled it. British Indian Ocean Territory (never heard of it).

Does not sound like a likely location for a genuine operation.

The British Indian Ocean Territory (BIOT) is an overseas territory of the United Kingdom situated in the Indian Ocean halfway between Tanzania and Indonesia.

Purporting to say they are based there suggests it is a scam.

njee20 · December 21, 2018

That is among the spammiest things I've ever seen.

Have I Been Pwned will show if your email address shows up in any of the various hacked data dumps that have appeared online, not that that information is overly useful if you've already changed passwords. My email address appears in 6 breaches FWIW. Choose strong, unique passwords. Non alphanumeric characters don't make passwords stronger, just hard to remember, choose long passwords. Sentences are good, and easier to remember than P@ssw0rd! or something.

XKCD nailed it here:

figworthy · December 21, 2018

The British Indian Ocean Territory (BIOT) is an overseas territory of the United Kingdom situated in the Indian Ocean halfway between Tanzania and Indonesia.

Purporting to say they are based there suggests it is a scam.

It doesn't follow that they are based there, just that they are using a domain that is registered there.

How many television companies are really based in Tuvalu (.tv) ?

Adrian

njee20 · December 21, 2018

That was more because of the opening of non-geographical domain extensions, like .law, .xxx etc, as I’m sure you know.

.io isn’t hugely uncommon as an extension, usually used by small tech start ups for whatever reason.

Ian J. · December 21, 2018

That was more because of the opening of non-geographical domain extensions, like .law, .xxx etc, as I’m sure you know.

.io isn’t hugely uncommon as an extension, usually used by small tech start ups for whatever reason.

io = i/o = input/output, which is a tech thing.

brianusa · December 21, 2018

We had one purporting to be from Norton. Pretty convincing as well - locked up the computer.

Brian.

njee20 · December 22, 2018

io = i/o = input/output, which is a tech thing.

Indeed, also seen it in the context of 1/0 as digital signals (although I’m now failing to recall who used that justification) - bit tenuous for many that adopt it though - I think it’s as much because it’s geographically neutral, no one is actually based in the Indian Ocean territory! You can have .tech after all.

Edited December 22, 2018 by njee20

Steadfast · December 22, 2018

That is among the spammiest things I've ever seen.

Have I Been Pwned will show if your email address shows up in any of the various hacked data dumps that have appeared online, not that that information is overly useful if you've already changed passwords. My email address appears in 6 breaches FWIW.

Interesting. Mine appears in 3, not one of which have I ever registered for! I was expecting to be on the list of some of the big name data breaches but no

Jo

BoD · December 22, 2018

That is among the spammiest things I've ever seen.

Have I Been Pwned will show if your email address shows up in any of the various hacked data dumps that have appeared online, not that that information is overly useful if you've already changed passwords. My email address appears in 6 breaches FWIW.

I wasn't overly surprised that my e-mail address was out there somewhere but a little worried that it was associated with one on my (thankfully) previous passwords.

Sir TophamHatt · January 11, 2019

Had one of these this morning:

I know XXXXXXXXX one of your pass. Lets get right to purpose. No person has compensated me to check about you. You may not know me and you are most likely thinking why you're getting this e-mail?
in fact, i installed a software on the adult porn web-site and you know what, you visited this site to have fun (you know what i mean). While you were viewing video clips, your internet browser initiated functioning as a Remote Desktop having a key logger which provided me with access to your display screen as well as web cam. Just after that, my software program obtained your complete contacts from your Messenger, social networks, as well as email . and then i made a double video. First part displays the video you were watching (you've got a good taste haha), and second part displays the recording of your cam, yea its you.

You have a pair of solutions. Lets look at these types of possibilities in particulars:

Very first alternative is to disregard this email message. in this scenario, i will send out your actual video to each one of your personal contacts and you can easily imagine concerning the humiliation you experience. in addition if you are in a romance, precisely how it will affect?

in the second place solution should be to pay me $969. Lets call it a donation. in such a case, i most certainly will without delay eliminate your video. You could carry on daily life like this never happened and you will not ever hear back again from me.

You'll make the payment through Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google search engine).

BTC address: 1H7uWvwLDaMiLat5ag7XHpDEfyWVk8Usan
[CaSe SeNSiTiVe copy and paste it]

Should you are curious about going to the cops, look, this email message cannot be traced back to me. I have dealt with my steps. i am also not looking to demand a whole lot, i only want to be paid for. You now have two days in order to pay. i have a specific pixel in this message, and right now i know that you have read this message. if i do not get the BitCoins, i will definitely send out your video recording to all of your contacts including members of your family, coworkers, and many others. Having said that, if i do get paid, i'll erase the recording right away. This is the non-negotiable offer, so don't waste my personal time and yours by replying to this email. if you want proof, reply with Yea and i definitely will send out your video recording to your 6 contacts.

I know there is no recording as I have no webcam
And I don't visit those sorts of websites.

However, it does concern me the email address they used to contact me is an old one (that luckily I am retiring) but the password is a normal one I use (quite un-secure).

Wonder if this has come from an attack on an old website I visited at some point?

Edited January 11, 2019 by Sir TophamHatt

Pete the Elaner · January 11, 2019

I had a less obvious one the other day.

Supposedly from Google informing me that my password had been changed. I do indeed use Google for mail & also have an Android phone & tablet. It said if I was unaware it had changed, then there was a recovery option. Could someone have hacked into my phone & done it somehow since it was still working on here?

I clicked on this & it asked me for my last known password in order to recover my account. This sounded my 'anti-phishing alarm'.

I closed the page on my phone, switched on my PC & logged onto mail normally. The existing password worked fine therefore it cannot have been changed & the email was false.

Philou · January 11, 2019

@SirTophamHatt

Your e-mail is of the format that has been doing the rounds lately - it actually originates from China. There was quite a thread on it on theregister.co.uk (an IT site) a few weeks ago. If I recall correctly the solution was to mark it as 'phishing' (or if your mail server allows it, 'block' all e-mails from 'that' address) and delete it - then ignore.

@Pete the Elaner

Had one about 2 months ago purportedly from Microsoft saying that my Outlook account had been attacked and that possibly my password had been compromised. Unfortunately I wasn't able to view the message source (a facility that no longer exists in Outlook) so there was no way of knowing if it was genuine or not. In this instance as it was a password I had been using for over 20 years and the same one for many other sites, I did think it wise to change anyway - bit of a pain - but perhaps for the good.

Cheers,

Philip

A very worring e-mail

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in