Hacked, And It Could Happen To You.

Something like that happened to me a week or so ago. I got a strange email from someone who knew my email password and claimed they had a video of me viewing some porn file they'd sent me and they were threatening to send it to everyone in my address list. To prevent that they wanted $1900 in Bitcoin. I mentally told them to go to hell and ignored them, then I changed passwords on my email,bank and a few others. So far nobody I email has received the video.It doesn't exist.

I disabled the camera on the laptop I use for internet surfing a while back and put tape over it since I don't use it anyway. Then got a similar email - now I have to wonder what my masking tape is watching when I'm not looking . . .

Humans are the weak link; this is why most hacking transitioned years ago to more social aspects. If you understand a person, you can predict their behavior. If you can predict their behavior, you gain control over them.
So for example...say I was sitting outside your house in my car and monitoring your wireless network. I do not need to break into your computer, I only need to get you to access your PC, go to some websites, and enter your passwords. Easiest way to do this is to send you an email that will make you nervous and go change your passwords.

As Bobby mentioned, there are thousands of password lists floating around on the 'dark web', older ones are free but even the better ones are pretty cheap. So if I send you an email with an old password in it, or even if I include one of the 50 most common passwords, I will be able to get at least some people to think that I have access to their computers.

Hacking today is as much about social behavior as it is about geeky technical stuff.

Understand -> Predict -> Control.
Don

Stamps62, got the same one a month ago. Trash binned and emptied.
Oracle, thats funny. What is your tape watching? Maybe its recording!
And finally , do not use "stamps" as your password or they will eventually will catch you.

Don -

Improvise
Adapt
Overcome

I just received the same e-mail this morning. I wonder if the scammers got the passwords from a hacked philatelic site.

I knew this was a spoof because like Oracle, I taped over the camera lens at the top of my screen. That was four years ago when I bought my laptop. Also I never look at p0rn online. Not that I'm claiming sainthood but my gut tells me it's a good way to get awful stuff on your system.

I also got the sense the leak on this originated from some of my stamp related activity.

I would consider places like Facebook as a likely place for 'shared' information to get into the hands of 'something less than ideal' people. Whenever you agree to use the 'free' services' of a FaceBook or stampworld.com your personal information gets 'shared' (sometimes sold, sometimes traded, sometimes stolen) throughout a long chain. FB loses control as it gets passed along to other companies, other app providers and developers, etc. It can easily branch out to over 50 different entities. For example this article "Facebook Didn't Sell Your Data; It Gave It Away" https://www.theatlantic.com/technol...data/578599/

And keep in mind that 'selling your data' does not mean that you are seeing spam emails. It really means that they are selling/trading ACCESS to you, your online habits, your demographical personality.

So do not think that if you have joined a 'free' site like FB or stampworld that your access has not been sold/shared/stolen because you have not gotten any spam or other indication. You (and access to you) are the product.
Don

I've worked in IT for around 40 years. Have deployed tons of laptops and desktop PC's over the years. Part of setting up a new machine (refresh) involves having to log in as the user to set it up. It is very easy to guess someone's passwords as most use things like name of spouse, dog, make and year of car and the list goes on and one. With the number of passwords we all have to have for almost everything (yes, a huge PITA), a fair amount of folks tend to use the same one for everything. I work for a very large company and they require a minimum of 15 digits for passwords. And there, common password rules apply, Special characters, numbers, capitals etc. Yes, keyloggers and other nasty stuff exists. Over the years, doing "side jobs" on home PC's, a fair amount of time, these nasties come from being on sites that your grandmother would not like. Lots come from game console cheat sites too. And a lot of malware and such comes from installing illegal software. So called, Keygens and other activators for activating illegal software are notorious for that. I'm not saying that everyone does any of the above. But there is a percentage of folks that do. I have rebuilt a lot of Home PC's over the years because of that stuff. My recommendation (for what it's worth) is to use strong passwords, different for each site. Two factor authentication is becoming the norm. Highly recommend that people use that. Also when you install any shareware, don't just click through the defaults (next, next, next et). Sometimes toolbars, anti-virus apps and other stuff will get installed if you just click through defaults.

Sorry for rambling on and on, but wanted to pass on things I've seen over many years of working in IT and my recommendations.

I saw an obituary for a prominent royal family philanthropist in a Nigerian newspaper. It stated that this particular "prince" had been trying to give away his many millions to needy people for decades, but nobody would reply to his emails.

I use a structured procedure to build a password for each site based on the url, so even if I forget it, I can figure it out.

I take it that "password" as a password is unacceptable.

or qwerty...