I got an email with the subject heading of the password I use on this board. As this is the only board where I use this password, and the database here does have my email, it seems plausible that others of you might get this same email. I'm confident you are all intelligent enough to recognize BS, but still...
The email claims to have spied on me through my computer's camera and to have video of me watching pornography and...if I do not transfer so much bitcoin to some account, three of my contacts will get this video.
Anyway, I doubt any of you would fall for this scam, but wanted to alert you that some entity may have gotten your email and password from this site. There may be something for the board administrators to think about also, I don't know.
Wow, the only email garbage I've been getting lately is trying to get my comcast password. I get emails from various accounts on comcast and gmail telling me that the new email at comast is coming and I need to update my account info and then a link to a "Comcast" site on a godaddy domain, or to a form on a non-Comcast site. Yeah, pull the other one, it has bells.
Oh, the joys of American life in that great year of 2020!
Nowadays, government agencies and mega-corporations and any/every swindler on the planet will try to suck up all the information that they can get to make a buck. It's ridiculous. It's sad that even the HOS Forum members are targeted. I'm still waiting for the crafty person who can create a means of "Blowing-up" the sender of a threatening or bogus email. It's a fantasy that I foster.... 
Oh, if only!
Do what you can to hone your talents for recognizing this kind of chicanery, flush it, and move on. Thankfully, my computer tends to recognize "junk mail" and puts it in the junk mail folder for me, but I always have to check my junk mail carefully because I get an obscure botanical notice from British Columbia, and a probably equivalently obscure occasional notice from a cider-makers' organization. I always have to move those messages from the "Junk Mail" to my "Incoming Mail" folder.
Junk mail in the mailbox was bad enough; and now in "the computer age" we have to be bombarded with junk mail online. I wish I knew who once said: "...why, there oughta be a law!..."
Reinettes
John S said
Thanks guys,I may forward this info to the powers that be to see if we want to find a way to stop it.
John S
PDX OR
I felt foolish for deleted the original when I emptied my spam filter. I just got a new variation, this time in my inbox. I will hold onto it in case the powers that be want it. Let me know.
quokka,
Two for the price of one -- in this coronavirus age of profiteering? Sign me up! 🙂
I hope that Jesse, or someone on the Forum, will have the technological know-how to preserve the integrity of the Forum members' data and e-mails. When one reads that the Department of Defense of the good ole U.S. of A. has actually been hacked, you realize that virtually anyone or any site can be hacked.
George Orwell (pseudonym) might have gotten the date wrong, but he sure saw what was coming.
We're just the "lucky ones" who get to see it all playing-out. 
Reinettes
My resident IT expert informs me that passwords are actually encrypted when we enter them, and stored in encrypted form. (I may have gotten the details wrong.) Same expert has also gotten a variation on this scam, using a password from a different board, and finds this disconcerting (not seeing how the hack is done). So while I joke about these things, perhaps it would be prudent of all of us to be a bit more circumspect about using stronger passwords and using a unique password for each site.
Rooney:
I have had such training multiple times. I do not save passwords (on computer or browser). It was taken from this site. Further, I reiterate "Same expert has also gotten a variation on this scam, using a password from a different board, and finds this disconcerting..." Both expert and I have multiple layers of protection which allows us checking out the humor of a spam email, so while I agree with the training and with your suggestion, that wasn't the source of the invasion.
quokka said
...while I joke about these things, perhaps it would be prudent of all of us to be a bit more circumspect about using stronger passwords and using a unique password for each site.
But, ...it's so much harder to remember something other than "1234567", or "password".
Kidding aside, "strong" passwords are definitely required nowadays. Things like "Kb68nH!L2" are a real pain in the *ss, but apparently they're now necessary. The difficult part is having a secure notebook or some other place to record these passwords that you can readily find when you need it. If you can come up with something like the example above that has a mnemonic meaning to you, and makes it memorable, all the better. Just don't use it on more than one site. Oh, modernity!
Reinettes
I think these things are exploited by registered users who perhaps infrequently use this or any other similar wordpress site who discovered some bugs and exploited it to find another way to keep hidden. It's going to keep other versions of wordpress to keep ahead of the rats. It's always been that way. I guessed at this site being wordpress. At any rate my guess is Jesse will have to wait for wordpress to issue a software update.
The only bug I have ever seen is opening a comment-to-post before midnight pacific time. If I wait until after midnight to post my chrome browser on android develops split personality. I always have to remember never going into a new day with an active session or perhaps even merely being logged in.
Agreed. This is disconcerting.
Reinettes said
The difficult part is having a secure notebook or some other place to record these passwords that you can readily find when you need it. If you can come up with something like the example above that has a mnemonic meaning to you, and makes it memorable, all the better. Just don't use it on more than one site.
I would offer two options to everybody. One, my resident IT expert uses Lastpass (https://www.lastpass.com/). She used the free version and after testing it severely, splurged on the premium. Two, start with the mnemonic and then make conversions that are personal to you. Try this approach at one of the many sites that will tell you the strength of your password, and you can get "very strong" passwords easily. As an example, for this site, perhaps the thought of an orchard makes you think of a line in a poem, or a song.
Don''t sit under the apple tree, with anybody else but me
First becomes
Dsutat,waebm
which you can remember with no effort, since you don't remember it - you just remember the song line. Then maybe you have some inner dyslexic and make e=3, maybe you put a little emphasis into singing the song, and you've got
Dsutat,wa3bm!
Now I just did that off the top of my head. There are plenty of sites which will test your password; according to https://howsecureismypassword.net/ (first one that popped up on a search, never used it before), it would take a computer 47 million years to crack it. I don't believe that. And nobody should use this password now.
quokka,
I tend to suffer from insomnia, so I often "fall asleep" (or try) while quietly listing to the BBC Overnight on the radio. About 3 nights ago, in the wee hours of the morning, I heard an extended segment on what sounded like the exact same message that you got. It was the same message and threat.
I just tried going to BBC.com/trending to find and the post the link so that you could hear the reportage and see if it's the same, but regrettably the online listing isn't up-to-date. (Perhaps the person who updates the site postings online is in hospital or in quarantine....). If and when the report gets posted, it'll probably be dated about May 9th -- give-or-take.
There seem to be plenty of others around the world who are getting the same spam. When sites or accounts have been hacked, passwords and emails are apparently easily purchased for pennies-on-the-dollar on the "dark web" by very, very naughty people.
Having posted this email, I'm gonna take my animal-fat torch and return to my cave.
Reinettes 🙂
P.S. -- You're not the only one who has to deal with this intimidating crap. Nowadays, with the internet, criminals can come right into your home. "Why,... there oughta be a law!"
quokka said
My resident IT expert informs me that passwords are actually encrypted when we enter them, and stored in encrypted form. (I may have gotten the details wrong.) Same expert has also gotten a variation on this scam, using a password from a different board, and finds this disconcerting (not seeing how the hack is done).
It is true that passwords are encrypted in the wordpress database and so it is less likely that a hacker could get a hold of the password from viewing the database. I won't say its not possible, however I would be more likely to believe that hacker gained access to passwords in this database if more than one member received the extortion email. Assuming you never used the password anywhere else where it may have been stored un-encrypted and because the passwords are stored encrypted here I would suspect your password was taken before it got to the database in the first place; either when you signed up or re-logged into the website. That could be malware in the website code, a hacker intercepting transmissions between your computer and the website (less likely especially with https://) or it could be in your computer/device where you typed or pasted the password. If it were me I would be doing a malware scan with more than one reputed anti-malware software to see if the device is infected with keylogging or clipboard snooping malware.
Good to know you already checked for malware quokka! Feel free to share the email or PM it to me if you prefer, although I suspect it won't help us determine how the password was gained. Blank out the password if you haven't already changed it. Here's a good link on the topic that explains multiple common weaknesses that hackers might try to expose: https://www.filterjoe.com/2010.....passwords/
You're welcome. If you use same passwords on many sites #3 is very likely. The worst thing to do is use the same password for your email because then hackers can easily access your email. And then they can use forgot password on websites to gain access to other accounts from there or search your email history for passwords contained in emails. Using different, strong passwords for every site is really good idea. I personally have been using KeePass.info software for many years to keep track of my passwords, an opensource alternative to LastPass. These days browsers are starting to do a great job of helping to generate and store passwords.
Idyllwild
simplepress
jafar
Marsha H
Viron
John S
1 Guest(s)