PSA - my Woodnet hacked

[DaveinLA]

Hi all,

I’m not around here much anymore but sure learned (and enjoyed) a whole bunch about hand tools and more a few years back.

I still check in from time to time, usually as a guest, but logged in a few weeks ago. Last weekend I received what looks like a blackmail scam that contained my email address and password, both correct. It made some ‘interesting’ claims about my internet use and threatened to spread to my contacts unless I sent a bitcoin payment.

I just deleted as spam but evidently someone was able to capture my login. Posting in case this happens to anyone else.., taking reasonable steps to secure other accounts but as far as I know it was specific to Woodnet...

Techies (know there are many in here) please feel free to offer solutions or defensive measures.

[Handplanesandmore]

Did you use the same password for multiple accounts?  I think your woodnet account was not hacked, but rather your common password was leaked via other platforms which are known to have been hacked.

Simply change your passwords and use different passwords for different accounts/media.

Simon

[hbmcc]

Yikes! And thanks for your warning Dave. People have complained about spam here, but this is the first I recall of blackmail. There could be a keylogger resident on your system. You might install and run some malware tools specifically as many antivirus programs don't get real sophisticated in all malware.

My son works in computer support and and uses MS AV. I have too many years of suffering and reading about the laughable protection of an OS brand that spawned a multi-trillion dollar third party AV industry. 

I proudly install freeware versions of AV software so I can shop alternatives without remorse when the current program gives me grief. A new program can also pick up things left by the old one and provide additional services. 

Purchased AV can be really troublesome. I have Bitdefender with all the bells and whistles. However, it is so dumbed down now I don't know if and when it updates libraries. Nothing is scarier than reading: "Your protected" ... when I go looking. Can't even find logs of scans. I want proof. The free version was pretty darn good.

I'm rambling.....

[Derek Cohen]

Hi all,

I’m not around here much anymore but sure learned (and enjoyed) a whole bunch about hand tools and more a few years back.

I still check in from time to time, usually as a guest, but logged in a few weeks ago. Last weekend I received what looks like a blackmail scam that contained my email address and password, both correct. It made some ‘interesting’ claims about my internet use and threatened to spread to my contacts unless I sent a bitcoin payment.

I just deleted as spam but evidently someone was able to capture my login. Posting in case this happens to anyone else.., taking reasonable steps to secure other accounts but as far as I know it was specific to Woodnet...

Techies (know there are many in here) please feel free to offer solutions or defensive measures.

Dave, it could come from a number of sources.

I have received requests for bitcoins "as a donation" (and continue to receive them), to prevent releasing video footage of me watching porn sites or scratching myself where one would not wish to observe. If you Google for this, you will find that it is a common message and common presentation. The recommended response is the same for all - ignore. This is spam (emails sent in large batches), and the sender(s) do not monitor individuals. The sender would have no idea whether you responded or not. A decent spam trap is what you need. 

Regards from Perth

Derek

[barryvabeach]

Dave, it could come from a number of sources.

I have received requests for bitcoins "as a donation" (and continue to receive them), to prevent releasing video footage of me watching porn sites or scratching myself where one would not wish to observe. If you Google for this, you will find that it is a common message and common presentation. The recommended response is the same for all - ignore. This is spam (emails sent in large batches), and the sender(s) do not monitor individuals. The sender would have no idea whether you responded or not. A decent spam trap is what you need. 

Regards from Perth

Derek

Dave, as Derek says, this is a common theme,    Many say that it comes from a breach in Linked In many years ago, and apparently the login name and passwords are posted somewhere online. I get several of the blackmail posts a day.

[AHill]

It may be a common scam, but the fact that the request included his correct password would be a red light for me. It reinforces the necessity of having good anti-virus and malware protection. Shortly after WoodNet switched to the new software (a couple of years ago), a lot of WN accounts were compromised where personal email addresses were released. Many of us continue to get occasional spam for free plans and what-not. If you didn't ask for it, ignore it. Never, ever click on a link in an email that is suspicious. It's like giving a thief the keys to your home while you spend time grocery shopping.

[knockknock]

Never, ever click on a link in an email that is suspicious.

Even more important, never enter a userid, password, cc#, ss#, etc; after clicking on a link in an email. Only enter that information by going directly to a known site using the address bar of your browser, or a saved link in your favorites. It should also be the only browser window/tab you have open.

[DaveinLA]

Thanks for the replies, everyone. I try to keep good internet hygiene—within reason and my limited knowledge.

The password was unique for this site... low security but not duplicated.

I delete all email from an unrecognized source and never click unexpected or unrequested links... even from contacts, who can and have been hijacked.

No multiple browser windows, always log out at the end of a session, and been migrating away from the more data-mining search engines and browsers.

Derek: yep, that’s the one
but...

Yes, AHill, it’s a red flag to me too that they gained access to my password. Maybe from an old breach? More concerning would be resident malware on the Woodnet site or my device.

hbmcc, I run antivirus software for desktop but not mobile devices... any good recs for iPhone/ iOS? Might be time...

Sheesh, it’s getting complicated out here in the 21st century... these machines work for us, right? ??

[hbmcc]

hbmcc, I run antivirus software for desktop but not mobile devices... any good recs for iPhone/ iOS? Might be time...

Sheesh, it’s getting complicated out here in the 21st century... these machines work for us, right? ??

I don't know or have recommendations except, lose the tricked out pda's as soon as you can after retiring. Outside work, phones are an intrusion.

I have a $5 flip TrackFone I keep in the car. I got two a few years ago at Wally World when my wife decided I needed a fancy one so I could take foto's of unborn grandchildren. That one is lost somewhere. Each year I buy another year of minutes at 1000 per--3000 on the thing now--and delete about 200 messages. Everyone I know knows to ignore leaving messages. 

That's what I tell them when they really have to call me.

[mvflaim]

Dave, it could come from a number of sources.

I have received requests for bitcoins "as a donation" (and continue to receive them), to prevent releasing video footage of me watching porn sites or scratching myself where one would not wish to observe. If you Google for this, you will find that it is a common message and common presentation. The recommended response is the same for all - ignore. This is spam (emails sent in large batches), and the sender(s) do not monitor individuals. The sender would have no idea whether you responded or not. A decent spam trap is what you need. 

Regards from Perth

Derek

If someone did that to me, I'd say "go for it." It's how Kim Kardashian started her career. lol