Blackmail email

[+Mn-treker]

I got my first blackmail email  yesterday. It is a scam! But of course I figured that.

Why am I telling you all about it? During my search on this issue I found a website that can tell you

if your password or your account name had possibly been compromised.

My email and password had not. As well as many of my other web sites that I use.

All except one. Geocaching .com and the geocaching store. My password had been viewed five times to my geocaching account.

My password had been viewed once to the geocaching store. Geocaching.com has not told us about any attacks!!!!

So last night I changed them. I would suggest that everybody check thiers as well.

I have also been getting scam emails from caching friends. So this may have happened quite some time ago.

Who knows this may have happened during the fake geocaching accounts created by that BOT.

[+MartyBartfast]

15 minutes ago, Mn-treker said:

Geocaching.com has not told us about any attacks!!!!

Maybe they don't know about it (if they are actually  the source of the leak, as opposed to some other source), but have you told Groundspeak about this via the "contact us" link?

[+on4bam]

I get these mails a lot on my domain. Most are fake (send to addresses that don't exist). Some contain passwords that are no longer used (for >10 years). I use a unique e-mail address for every website and a passwordmanager so every login is unique and in case of a databreach there's hardly any damage .

In any case it's not a good idea to use one e-mail address with the same password (password123 is NOT secure) everywhere.

 

[+gginnj]

20 minutes ago, Mn-treker said:

 I found a website that can tell you

if your password or your account name had possibly been compromised.

 

 

How can a third party website determine if your geocache account has been logged into?

since I don't know the website in question - I'd question the validity / security of that website - especially if your giving it any actual account names/passwords

 

GG

[+on4bam]

You could check your emailaddress here.

 

 

[+Mn-treker]

That is what i used.

[+Mn-treker]

I never use the same password.

I have a long list that i keep at home.

The only passwords compromised where associated with Groundspeak.

Funny they wanted 810$ in bitcoin.

Hah! Hah! That is .064 cents.

Edited June 26, 2019 by Mn-treker

[+on4bam]

7 minutes ago, Mn-treker said:

Funny they wanted 810$ in bitcoin.

Hah! Hah! That is .064 cents.

 

No, that's $810 ( or about 0.060 bitcoin according to XE) but that doesn't matter as they can't do anything as long as the login/pass is no longer valid.

 

[+MartyBartfast]

13 minutes ago, Mn-treker said:

That is what i used.

Then I think you're mis-interpreting the info you're getting from haveibeenpwned.com.

If you go to that site and use their "pwned passwords" checker and you stick in the password you use for geocaching.com and it says that password has been seen 5 times,  that doesn't mean YOUR account password has been seen 5 times, it means that password has cropped up somewhere, on someone's account, 5 times.

[+MartyBartfast]

Oh and the accounts I use for geocaching.com are registered with haveibeenpwned.com and I haven't had any notification that they have appeared on any list, so I doubt Groundspeak has been compromised.

[+Mn-treker]

1 hour ago, MartyBartfast said:

Then I think you're mis-interpreting the info you're getting from haveibeenpwned.com.

If you go to that site and use their "pwned passwords" checker and you stick in the password you use for geocaching.com and it says that password has been seen 5 times,  that doesn't mean YOUR account password has been seen 5 times, it means that password has cropped up somewhere, on someone's account, 5 times.

Well those were the only ones that faild that site of all the ones that i use. Too much of a coincedence that only Groundspeak passwords faild on that site for me. Better safe than sorry. I try to keep tight security. Even CIA cant get into my stuff(they tried). I backtracked on them once when i detected thier attack .

[+lee737]

4 hours ago, on4bam said:

You could check your emailaddress here.

 

 

I don't know, I'm not sure I'd go punching my email address into this webpage! 

 

[+The A-Team]

14 minutes ago, lee737 said:

I don't know, I'm not sure I'd go punching my email address into this webpage!

 

It's a heavily-used and safe site.

Wikipedia article

 

I'd strongly recommend checking your email address to see if you've been affected by any data breaches.

[+colleda]

55 minutes ago, lee737 said:

I don't know, I'm not sure I'd go punching my email address into this webpage! 

 

I checked mine and it got the all clear.

[+lee737]

I've had those emails, some Nigerian dude saying my email has been breached - 'look, I even sent this email from your account' and showing me the password they have, indeed it was one of my older junk passwords, only ever used on single-use junk type sites. I use a password manager for the rest, and the rest of my passwords are all >20 chars, and random - I don't know any of them.... so I just delete these emails....

[+lee737]

4 hours ago, The A-Team said:

 

It's a heavily-used and safe site.

Wikipedia article

 

I'd strongly recommend checking your email address to see if you've been affected by any data breaches.

Thanks, I'll look into it....

[+Mn-treker]

Yah know i have no real idea that they got hacked. But this thread was to make you all think. It is a very good idea to check. Like i said i have been getting emails from geocaching friends. This usually contain a link that will infect.

How did the knowledge get out about their link to me. Some are not even on my friends list. That scam blackmail email had a noreply from an Indian (east) clothing line. And the 810$ is how it was stated. I knew right away it was a scam. All of our data is for sale on the dark web. Phone numbers, email accounts and sometimes passwords.

How those two of mine got there is anybody's guess. 

[+Goldenwattle]

I checked my main email and got the all clear. All clear on a couple of others too. But one of my hotmail emails didn't come up clear, so I went and changed the password for that.

[+MartyBartfast]

4 hours ago, Mn-treker said:

Like i said i have been getting emails from geocaching friends.

...

How did the knowledge get out about their link to me.

 

What's probably happened is:
 

• A person's PC gets infected by a piece of malware who's payload is to send emails from their account to contacts in their address book containing the link to that malware.
• One of the recipients of that Email who happens to be someone you've exchanged Emails with through geocaching clicked the link and also gets infected with the malware which then sends the Email to their contacts (including you), and quite likely also to other geocachers who you both know.
• Other geocachers who received the mail also click the link, the process starts again, so now you've got several Emails with the same scam to the Email you use for geocaching.

 

 

You've then gone onto haveibeenpwned and discovered that the password you use for geocaching has been seen 5 times on one of the  500million+ passwords they have on record, most probably used by someone else.

 

The likelyhood is:

• Groundspeak hasn't been breached.
• Nobody has uncovered your password.
• Some of your contacts have been infected by this malware - if I was you I would contact each of them and recommend they get their PC/phone/tablet virus scanned.
• You're still as safe as ever as long as you didn't click the link in the mails.

 

[+gginnj]

interesting site....allows you to setup notifications for the future as well.

 

Mine had no issues with Geocache sites, mostly ones I was already aware of that had issues or that are dead.