Solved! Hacked or not Hacked ?

[PierreLTrili]

Hello everyone,

So basically, I received a mail tonight saying I got hacked bla bla.. (the usual one) but there are minor things that tickle me considering it this time, here's the mail I received :

From : MY EMAIL ADDRESS@hec.ca
To : PASSWORD <MY EMAIL ADDRESS@hec.ca>
Date: 27 oct. 2018 00:49
Subject: MY EMAIL ADDRESS has password PASSWORD. Password must be changed
Sent from: hec.ca
signed by: hec.ca
Security: Chiffrement standard (TLS) En savoir plus

Hello!

I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Your password from pierre.lamoureux@hec.ca on moment of crack: PASSWORD

Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.

Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I've never seen anything like this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...

I will not do this if you pay me a little amount.
I think $827 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: XXXXXXXXXX

If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.
Bye.

So as you can see it's more or less the same thing over and over again, the script is the same as in other mails like this. I have masked my old password and my email address in this. But still I'm a little bit concerned as it says that the mail was sent from my email address (a professionnal one : @hec.ca, using the @hec.ca server) and this, plus the fact it had in the mail one of my old passwords (probably from a year ago yeah) is really weird.

I went to check on my @hec.ca mail to see if a mail like that was sent to myself but nothing in " sent " (could have been deleted tho). It's also strange that, apparently using my own address, the email was into " Spam " on Gmail (as I transfer every email from @hec.ca to my gmail).

I seriously doubt this is true but again, I'm wondering how it ended up like this (my own adress with the hec.ca server, plus the fact that my password was in it. I checked on " Igotpwned " and my hec.ca address hasn't gone through any issue apparently).

Thank you for helping me understanding this guys, much appreciated

Have a good day !

 

[rgd1101]

why are you reading junk mail?

another user got the same email last week.

 

[PierreLTrili]

why are you reading junk mail?

another user got the same email last week.

Well that's a really good question ! I don't know sometimes I find it funny to read the spams, they make me laugh (especially the " here is your free card "). Be sure that I never clicked on any link or downloaded anything, just reading the bullsh*t in it. As I said, this one tho caught my attention for the email address / server / password in it, trying to understand how is this possible.

 

[k1114]

It's easy to spoof an email address. People can even spoof your phone number so it looks like you are calling yourself. Any good email service also has an activity log for you to look at and see where it's been logged into. Every one has failed login attempts on their accounts from different countries so don't be alarmed by those but look at the successful logins.

I've gotten an email like on one of those on one of my other emails but the password was close but not a password I've ever used. Hec.ca might not have had a data breach but they attempt to use your password on another account or site that has used the email or a similar email and hope you used the same password on multiple accounts like many people do.

 

[canadianvice]

They're fake. I got a virtually identical one the other day.

They get those passwords and emails in data breaches. The guy claimed he hit me with a pass I haven't used in years and I can trace it getting into the wild via the Taringa.net compromise.

Basically, many sites don't treat your data with the respect it deserves, and in my case Taringa was storing weak-hashed passwords for user authentication. Someone breached them and in doing so got a huge list of essentially plaintext emails and passwords that had been used on the site. Sadly, that included mine.

If you go to a site called haveIbeenpwned (google for exact address) I bet you that email will show up in a known data breach, and if so you can surmise where the filth got the information to try and make this look real.

A lesson to change your pass often. I no longer used it, and so it's not an issue (plus I have nothing to be extorted for). But if you use the same pass everywhere and the breach is contemporary, you could end up in some trouble.

They don't have anything op and it's a fake email. They're just using outdated claims they obtained via password leaks like Adobe or forbes to try and spook you.

I'm saying this for cybersecurity tips. However: THIS EMAIL IS A FAKE TEMPLATED ONE AND NOT LEGITIMATE IN ANY WAY.