Trojan, or not?


#1

I received an email today, apparently sent from my own email address to myself. It purported to be in control of my computer and could do all sorts of evil deeds, including sending emails to all my contacts with images from my visits to adult sites. I have never visited adult sites. The email demanded payment to a bitcoin address to refrain from the threatened action. I assumed it was a hoax and deleted all reference to it from my computer.
What interests me is how the hoaxer was able to send an email to me using my email address. Nothing had been sent from my computer, and nothing had been sent from ISP’s webmail service. A bit scary. Any comments?


#2

Very easy to craft email headers to look as though it’s being sent by a different address.
Very effective at creating the right (wrong) emotions for a scam as well.


#3

That scam went around a few months ago. I saw a lot of ppl who got it. Basically, it’ll be because one of your old passwords is on a leak list most likely. Most likely harmless tbh. Did you get the version that included an old password in the email as their “proof” of having your login?

Have a look here. https://haveibeenpwned.com

As a general rule, I advocate secure, single use only passwords stored in a password manager (my fav is 1Password) with 2FA where possible.


#4

It’s a scam, your email address will have been harvested at some point. Check the site @jaysee mentioned.


#5

download


#6

Agreed regarding have a unique password for everything accessed but I’m still trying to find a good password manager as I personally find 1Password terrible to use, at the moment I’m using Roboform and quite like it


#7

I rejectede Roboform, can’t remember why.

TWo that I like are Enpass (https://www.enpass.io) and Wallet (https://acrylicapps.com/wallet/mac/), both of which are pay once play forever, and dont store your passwords on their sites, they use Dropbox or iCloud to store their databases. This is a 100% must-do for me.

Wallet is supposedly not being updated anymore but they still take money for it. I got Enpass as my backup to that, because I was fretful of losing a good password manager… its a decent replacement, but Wallet gets minor updates once in a while to overcome issues with new OS versions. Its working fine in both HS and Mojave, and remains my main PW manager. It also stores logins and other stuff. I need that as well, my brain is failing me.


#8

Thank you for putting my mind at rest. I changed my password immediately. Let’s see if they call back to remind me to cough up the bitcoins.
I have 1Password but have never used it because I use two computers, one modern and one old. This seemed to make using 1Password difficult, so I didn’t bother to use it. Perhaps I should restrict myself to the one modern computer.
Thanks again, Robin


#9

Shouldn’t cause any issues with 1Password at all. I have it working across at least 5 devices of varying ages.


#10

Having another look at 1Password across Mac, PC and iPhone - looks pretty good so far


#11

Perhaps I should have another look at the usability of 1Password. It might be worth the effort.
How does one get access to, say, Gmail if using someone else’s computer?


#12

Web client or access the details from another device such as your phone


#13

Just be aware that it is relatively easy to send an email and have it appear as though it is coming from any email address you want. So no need to assume such an email is any indication of your computer or even account being compromised. Not many organisations have got to the stage of full DMARC enforcement for their domains in order to prevent this.
Having said that, anti-malware software should be used to ensure your device is clean, best practices around passwords (password manager, unique passwords, etc) are all very good steps that everyone should adhere to in order to keep their accounts and information safe online.


#14

The last time I used anti-virus software on my old MBP it slowed starting up so I got rid of it. I’m not familiar with modern AV software, what does the collective wisdom recommend for my MBA.


#15

It is inevitable that anti-malware software will have a degree of performance impact on your computer. After all, if it’s doing what it is supposed to, it will be checking files, the boot process, urls, etc. This impact is always more noticeable on older or lower spec’d hardware. Unfortunately its the price you pay for security.
Solutions have improved their performance impact a lot in recent years.
You just need to decide if you are willing to take the performance hit in order to remain secure.