Whats the scam on this one?

Banjo String

So I got an email yesterday from a lovely lady called Aoife, (wont say the surname in case its genuine), the subject of the email was simply "password".

When I opened email, it simply said that she had stumbled upon a website via google that had my email adress and password on it. So I clicked on link (i was using my phone at the time) and it opened up a webpage (pastebin.com)
and there it is, among with hundreds of others....

listed like so:

Data Found: customer_password,customer_email=my passwordwashere^myemail@gmail.com

Now, granted it isnt the password I use for my email address, but it is a password I use for a few other sites (which I have had to change)

The lady (Aoife) basically warned me that my details are online and liable to be hacked, urging me to change my password, and signed off by saying it was her good deed for the day.

I'm thinking she either really is a good samaritan;
Or she is herself a scammer hoping I reply, then she knows my email is active and the password is indeed good for some website, and she might try a few and hope to get lucky.

Either way, big reality check. Makes me wonder how secure our details are online.

Anyone else get the email? There were literally hundreds of password/mail combinations.

Grayson

never got that mail. Once you change the password you should be ok. just don't click on any strange links or download any strange exe files

I'd say you'd probably be ok mailing back and saying thanks, once you've changed everything. Nobody can hack your accounts through your mail unless they have your security information and/or password.

Menas

Hard to see what the scam is to be honest. That website is strange, somewhere to paste data in to in raw text format?

If only we had an application on our computers to do that ....like....eh....notepad.

Could be related to that heartbleed thingy and she may be a genuine Good Samaritan.

GhostInTheRuins

It doesn't sound like a scam to me, but I'm probably a bit naive!

Grayson

Trigger Happy wrote: »

Hard to see what the scam is to be honest. That website is strange, somewhere to paste data in to in raw text format?

If only we had an application on our computers to do that ....like....eh....notepad.

It's used to dump massive amounts of info. Originally stuff like a load of programming code that people wanted to share but more recently stuff like wikileaks files got dumped on it and of course hackers dump info they've stolen onto it to prove that they have it.

Banjo String

well, one website i did use the paswword on was amazon.

Until a few months ago when my account was compromised and soemone ordered some stuff on it...... Amazon got it in time though.

Changed my password there and then.

GhostInTheRuins

What websites did you use the password on? It might be a good idea to let others know so that they can change their passwords on those sites.

mickdw

Is it possible that by clicking her link that it was actually interrogating your computer for saved password info? And displaying it as you saw.

Banjo String

GhostInTheRuins wrote: »

What websites did you use the password on? It might be a good idea to let others know so that they can change their passwords on those sites.

Facebook (but I signed up to fb with an older email address) so that password/mail combination is invalid.

Amazon, which I have since changed the password after they notified me of security compromised.

Sammobile.com

I think thats pretty much it tbh.

KERSPLAT!

mickdw wrote: »

Is it possible that by clicking her link that it was actually interrogating your computer for saved password info? And displaying it as you saw.

I was thinking this. Maybe fire it up in the Dev forum and see what the lads over there say

weldoninhio

The link might contain a Trojan horse or a key logger. Never click on a link from a randomer.

Kenny Logins

I have seen this before, I googled an email address and found one of these dumps. Seems legit to me, she may have had a good reason to Google your email address, and felt obliged to let you know.

http://www.hotforsecurity.com/blog/more-than-300000-user-credentials-posted-on-pastebin-over-the-last-year-7994.html

Banjo String

mickdw wrote: »

Is it possible that by clicking her link that it was actually interrogating your computer for saved password info? And displaying it as you saw.

No it came through to my gmail adress which has a very different (unique actually) password to any other site I use.

El Weirdo

Banjo String wrote: »

So I got an email yesterday from a lovely lady called Aoife, (wont say the surname in case its genuine), the subject of the email was simply "password".

When I opened email, it simply said that she had stumbled upon a website via google that had my email adress and password on it. So I clicked on link (i was using my phone at the time) and it opened up a webpage (pastebin.com)
and there it is, among with hundreds of others....

listed like so:



Now, granted it isnt the password I use for my email address, but it is a password I use for a few other sites (which I have had to change)

The lady (Aoife) basically warned me that my details are online and liable to be hacked, urging me to change my password, and signed off by saying it was her good deed for the day.

I'm thinking she either really is a good samaritan;
Or she is herself a scammer hoping I reply, then she knows my email is active and the password is indeed good for some website, and she might try a few and hope to get lucky.

Either way, big reality check. Makes me wonder how secure our details are online.

Anyone else get the email? There were literally hundreds of password/mail combinations.

How do we know that this is really you?

PizzamanIRL

Isn't this called 'doxing' where someone has all your details like where you work etc. I've seen one before on that pastebin site. It listed every possible detail about the person, even past addresses, social security numbers, social media details, family member details too.

A pint o Guinness

I've seen loads of random people's details dumped on pastebin, nothing on it can infect your computer etc... A legitimate good Samaritian but the real question is how she stumbled across it. I'd only find stuff like that if I searched for it.

Banjo String

A pint o Guinness wrote: »

I've seen loads of random people's details dumped on pastebin, nothing on it can infect your computer etc... A legitimate good Samaritian but the real question is how she stumbled across it. I'd only find stuff like that if I searched for it.

Yeah wondered one myself.

In hindsight, Passwords don't really mean jack shıt.

Was it a mass email or just for you?

A pint o Guinness

Banjo String wrote: »

Yeah wondered one myself.

In hindsight, Passwords don't really mean jack shıt.

In 2011 however, I did see an Indonesian who can't form a proper sentence in English get some Indian's credit card through that. He gave it to some guy who lives in California who ended up spending it all on Steam games/Amazon. True story, and nothing happened to either of them.

Banjo String

Deleted User wrote: »

Was it a mass email or just for you?

I seem to have been BCC'd in the mail, so I'm assuming many more got it too.

Merrion

Did the link you clicked on have extra parameters - for example your email address?
If so you confirmed that you received the spam and identified yourself as someone who clicks on links, and that your email address is real - such confirmations make the email address (slightly) more valuable and you should expect more spam.

The Diabolical Monocle

Banjo String wrote: »

So I got an email yesterday from a lovely lady called Aoife, (wont say the surname in case its genuine), the subject of the email was simply "password".

When I opened email, it simply said that she had stumbled upon a website via google that had my email adress and password on it. So I clicked on link (i was using my phone at the time) and it opened up a webpage (pastebin.com)
and there it is, among with hundreds of others....

listed like so:



Now, granted it isnt the password I use for my email address, but it is a password I use for a few other sites (which I have had to change)

The lady (Aoife) basically warned me that my details are online and liable to be hacked, urging me to change my password, and signed off by saying it was her good deed for the day.

I'm thinking she either really is a good samaritan;
Or she is herself a scammer hoping I reply, then she knows my email is active and the password is indeed good for some website, and she might try a few and hope to get lucky.

Either way, big reality check. Makes me wonder how secure our details are online.

Anyone else get the email? There were literally hundreds of password/mail combinations.

Nice try Goodluck Johnathon, tryin to make me go to your pastbin site.

Banjo String

Mmm.


All info has now been removed from that particular 'paste'

Strange one.

The Diabolical Monocle

419 it is just tha game I go chop you dollar

https://www.youtube.com/watch?v=6tv8LSMVVi8

Hootanany

Check your bank account

Tail Docker

Yes. This happened to me. Someone hacked my Boards account and has been posting shyte ever since the day I joined..

batistuta9

did you notice anything about the email address OP?

Banjo String

batistuta9 wrote: »

did you notice anything about the email address OP?

No, it was a typical Irish surname with a Gmail account.

Mr. Incognito

Probably has a virus that records your password when you change it

batistuta9

Banjo String wrote: »

No, it was a typical Irish surname with a Gmail account.

sorry, i mean did you notice anything about the email addresses in the list?
have another look if you didn't

Little CuChulainn

At a guess I'd say you have a key logger on your system. It's possible she is a good samaritan or that she is trying to get you to change your passwords so they get more of them from you.

Standman

Banjo String wrote: »

Mmm.


All info has now been removed from that particular 'paste'

Strange one.

It's still viewable in googles cache.

Standman

Wow, just looking at this thing now, the majority of peoples passwords are shockingly simple. Thought people were more wise with passwords these days :eek:

batistuta9

Standman wrote: »

Wow, just looking at this thing now, the majority of peoples passwords are shockingly simple. Thought people were more wise with passwords these days :eek:

they're all irish names/email addresses - prolly boards :pac:

one of the passwords is faircity

Standman

batistuta9 wrote: »

they're all irish names/email addresses - prolly boards :pac:

one of the passwords is faircity

Also a lot of the women have mens names as their passwords. Must be the other half, so touching.

batistuta9

Standman wrote: »

Also a lot of the women have mens names as their passwords. Must be the other half, so touching.

children are popular choice of password

wonder where it's from?

CatInABox

This thread would probably be better in one of the computer forums, but that's only if you want the best advice.

There are a few websites out there that track password dumps on sites like pastebin, which can tell you if your user name and password has been hacked.

Turns out that an old email address of mind was leaked in the Adobe hack ages ago.

Check it out here.

SterlingArcher

I show you what passwords I do know, you change all your passwords inadvertently showing me everything I didn't know.

Either way you have been compromised, format or Set up a new email on a different computer/device. Then change passwords.

Kenny Logins

CatInABox wrote: »

This thread would probably be better in one of the computer forums, but that's only if you want the best advice.

I'd love to see how this thread would go if it was posted on Facebook.

EyeSight

By clicking the link it may have alerted "her" your email was active before redirecting you to that site.
If i were you i would not reply to her, just to be safe.

You said you've changed the passwords so that should be enough. Just keep an eye on your accounts for strange activity

Kenny Logins

batistuta9 wrote: »

they're all irish names/email addresses - prolly boards :pac:

one of the passwords is

You might want to remove this. I am reading the list now with that one clue.