So, it seems that the folks who have (at some point) hacked website databases, have data mined the breaches, and sold their email / password info to a group that is blasting the “I have nasty pictures of you” scam out to everyone.
I’ve gotten a second version of the email, threatening to release embarrassing photos/videos of me, unless I “donate” $1000 worth of bitcoins to their account.
This version was worded differently, and came to my email, with my four year old password in the subject line… so I’m guessing this was from the LinkedIn data breach.
Again, the email it came from will either be hacked, or (more likely) spoofed. The only REAL thing in the email is the Spammer’s BitCoin account.
I have no intent in paying it, and am only posting this again, because other folks might gain benefit from word of the scam getting out there, and hopefully fewer folks will be victimized.
The content of the newest version of the email, can be viewed here.
And another new version, 2 months later. It can be viewed, here.
I remember a few years back… my Father-In-Law was one of the first folks to get the “Canada Revenue Agency” call, saying that he owed money, he was in big trouble, and they were sending a police officer to arrest him. Now it seems like everyone is getting those calls… but at the time, we jumped in our car, and drove to his house, as fast as we could, to be there, just in case… and it left us, unsettled.
Today was my turn.
I got an email, saying that I had clicked on a link that gave someone access to my webcam, and my contacts, and unless I paid $300 USD (in Bitcoin) to them, they would send embarrassing video to everyone in my contact list… and, as the owner of a business, how this embarrassment would affect my company, and brand.
As I don’t have a webcam on any of my desktop or laptop computers, I deleted the email, and went about my day.
A short time later, I thought about it some more, and realized my ipad has a forward-facing camera, and theoretically could have been compromised.
Having said that:
I’m not paying.
I don’t like extortion, I don’t like bullies, and spammers and scammers suck.
I believe it is a scam…. and several days later, there have been no further developments.
I have posted a notice, letting my friends know, that if they get an email, saying there are compromising pictures of Bob, with a link… that they should “flush” it. Clicking on, or connecting to, a questionable link is ALWAYS a bad idea… and when you KNOW it is a bad link, an even worse idea.
I have contacted the RCMP… although there is nothing to give any leads in the email. The address is either spoofed or hacked. The only valid information in the email, would be the BitCoin account number, and that isn’t trackable.
I’ll say it again… Spammers and Scammers SUCK..
If you ever get anything similar, here are the prescribed steps, according to the Canadian Anti-Fraud Centre:
If you were the victim of fraud or extortion, please contact your local police.
Additionally, there are a number of other agencies that may be able to assist.
The following list is provided as a starting point: Financial institution, credit card company, insurance company, telephone company, Provincial Consumer Protection Agency, credit bureaus (Equifax Canada at http://www.consumer.equifax.ca/home/en_ca, TransUnion at http://www.transunion.ca/sites/ca/home_en), Canadian Radio-television and Telecommunications Commission at http://www.crtc.gc.ca/eng/home-accueil.htm, Canadian Cyber Incident Response Centre at http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-eng.aspx and Service Canada at http://www.servicecanada.gc.ca/eng/sc/sin/index.shtml.
- Canadian Anti-Fraud Centre (http://www.antifraudcentre-centreantifraude.ca)
- RCMP Scams page (http://www.rcmp-grc.gc.ca/scams-fraudes/index-eng.htm)
- Competition Bureau (http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/h_00122.html)
- OPP fraud prevention (https://www.opp.ca/index.php?id=115&lng=en&entryid=573e164b8f94ac69670ca89a)
If you want to see the text of the email, click here.
Oh, and if you are disappointed that you DON’T get to see a picture of a naked Bob… here is as close as you will get!
I’ve never really understood the phrase “gobsmacked” until today.
I got that same old spammy direct message on Twitter, saying “Did you see this pic of you. LOL” and a link:
As always, I deleted the email notification, and went to the sender’s timeline.
They are a small local company, with not many followers and a pretty meager twitter feed… so as well as replying on Twitter, I took the unusual step of calling their office to let them know that they had clicked on a bad link, and they needed to change their password.
Nobody was in the office, but I left them a fairly comprehensive message, explaining (in the simplest terms possible) how they could quickly resolve their issue.
About an hour later, I got a call back, asking if I was Bob, and asking me to explain what I was talking about.
Because… you see… they PAY someone to look after their Twitter account for them. Or, more precisely, to send spam, on their behalf.
The Twitter feed that I took as someone’s sad attempt to break into the world of Social Media… was contracted out to a “professional”… who was tricked by the “Have you seen this picture of you. LOL” tweet.
And, now I understand “gobsmacked.”
I have no issue with someone helping out with Social Media. Heck, I have a number of businesses and Organizations that I help with that !!!
But I believe in value for money, and if you can’t do something properly and well… say so, and get out of the way.
Apparently not everyone feels that way… and some people are just Social Media vultures… taking advantage of small companies that don’t know any better.
FYI… The Free Dictionary defines ‘gobsmacked’ as British slang, meaning astounded or astonished.
I am a fan of LinkedIn.
I have a number of connections, and have worked to use LinkedIn to promote and advance my business.
It is a powerful tool, and one of the premiere networks to advance your brand.
It is also “the source” of increasing frustration with the amount of email spam I receive, saying that So And So wants to connect to me, with all appearance of being a being a legitimate LinkedIn invitation… but is actually an attempt to phish (obtain my username and password surreptitiously) my account.
This has become so frequent, that I NEVER use the LinkedIn mobile app any more, and would never click on a link in a LinkedIn email, even f it appears to come from a legitimate email address.
It is a sad statement, that I now look at the source email, before I read ANY email on my Blackberry… and have had to employ a more powerful spam blocking engine,to try to stem the tide of spoofing (An email that has a legitimate address, but actually comes from a spammer) and phishing.
Certainly it is important to network, and not let the spammers stop us from connecting…. But it is equally important to make sure that our Networds are secure, but using caution, diligence, and a strong unique password.
I don’t have the BobGray.com domain.
Another Bob Gray, who wanted to run for some political office down in the South Eastern US, beat me to it. And when his political aspirations ended, he sold it to a Norwegian domain broker, who wanted $2500 for it. It has changed hands a few times, and different folks have owned it, and tried to sell it, for more, IMO, than it is worth.
THAT is why I use the BobSongs brand… because I was too late.
(And THAT was 20 years ago !!!)
It surprises me, today, how many people, who are online, still haven’t gotten around to reserving their “name” domain… or their children’s.
I have four nieces, and I reserved their domains, as soon as they settled into what they wanted to be called. *
For those who haven’t reserved a domain… there is very little cost, ($10 – $15 per year for a .com domain, a little more for .ca)
The first step is to check the domain availability using a WHOIS search. Network Solutions has an easy to use one, on their website.
The next step, if the domain is available, is to create an account with a domain registration company, and reserve the names.
But you can also use GoDaddy, Register.com, Network Solutions… there are lots of companies out there.
A few things to keep in mind:
Take the shortest option. www.RobertBuchananGray.com doesn’t roll off the tongue the way BobGray.com does.
Don’t use underscores, dashes or numbers: www.Bob_Gray.com doesn’t work well. Neither does www.BobGray317.com
And, finally… Make sure you set up a credit card, and enable the “auto-renew” feature, so that you don’t have to remember to go in and pay for it every year… it just automatically happens.
It isn’t very tough, and it can pay BIG dividends in their futures !!!
* Julia switched to Jules and Gillian to Jill
I wrote this on my BobSongs Music Blog a while back, but as far as Branding goes, the message of being consistent can and SHOULD be applied everywhere…
Had a conversation with a musician the other day. He said to me that he didn’t need to establish a brand, he just used his name.
“So” I said, “You’ve got your name reserved, for your website domain?”
Well… no. Someone else has that domain reserved.
“But then surely, on your Facebook page…”
Uh, no… I haven’t got around to securing my name as a Facebook nickname, yet.
Well, I don’t get Twitter, so I haven’t secured the name…
“Are there any other social media or business networks that someone can find you on ?”
Oh, yeah… I’m on MySpace, YouTube and LinkedIn.
“What name did you use on those ???”
Oh, they’re all different.
Make a name for yourself:
The guy is a great songwriter, and an amazing musician… but not surprisingly, not too many folks have heard of him… because he has a different name, everywhere you look.
One of my teachers used to say, “Whatever you do, try to create a name for yourself.”
Not a string of names and clever acronyms that no one but you will understand.
I am my brand.
I am BobSongs.
On my Website, Blog, Twitter, Facebook… even, so help me… Flickr… (you know I’m not much of a photographer, right ???) …I am BobSongs.
I have as many variations of BobSongs and Bob Gray web domains sewn up, as are available.
The ones that weren’t available, I keep a list of, and check every few months to see if any of them have become available.
Patrol the Brands you are associated with:
Google Alerts is great for this.
If anything “hits” the web with Bob Gray, BobSongs, or any of a few other keywords I target… I get a weekly update, e-mailed to me.
Usually it is information about other BobSongs/Bob Gray’s, or tracking something from my Twitter feed or Blog…. but every once in a while it is something I want to see, or at least be aware of. Pennywise the Clown, from the Stephen King novel “It”, was one Bob Gray. Another Bob Gray that pops up from time to time is the professional speaker, who talks about how to expand your memory. There are lots of others. But if someone is saying something about my Brand… I want to know it.
Be constant, and consistent:
I’m a bad example here, and am currently unable to follow my own rule, because TOO many of my Blog posts are NOT associated with the music and songwriting of the BobSongs Brand. The reason for this is that I haven’t yet found an alternate Brand that I am comfortable with, that is available as a domain, and on Twitter. As soon as I do… Whoosh… my non-music content will be transferred from this Blog, to the new site. (Note: This was written before www.BobBlahBlah.com came to be, to resolve this issue.)
On Social Media, I try to break down the conversations by category… so I have lists for Hockey Fans, Scotch Drinkers, Musicians, etc… as, many times, the groups with similar interests tend to talk about the same things. If I do a LOT of chatting about a subject, I would consider having a separate account for that “voice.” In my case, with my passion for all things Vancouver Canucks, I created the NucksBob Twitter account, to stop from ticking off my “other” Twitter followers, and so I can focus my tweets, in that account.
You don’t have to do any of this stuff.
Just like you don’t have to get gigs… be successful… or sell your CD’s…
You don’t have to.
But by establishing and maintaining a consistent Brand, you make it easier for people to find and support you, and it makes it that much easier, when you find success, to further establish your Brand, and broaden your support base.
Just got off the phone with a client who had forwarded me an email she got from the “SHAW WEBMAIL TEAM”…
Shaw.ca E-mail Notification
This message is from shaw.ca messaging center to all shaw.ca email account owners.
We are removing access to all our mail clients. Your email account will be upgraded to a new enhanced web mail user interface provided by shaw.ca.
Effective from the moment this email has been received and response received from you. shaw.ca will discontinue the use of our shaw.ca mail and our shaw.ca mail Lite interfaces.
To ensure your e-mail address book is saved in our database.
Please click the reply button and enter your shaw.ca
username here ( )
Password here ( )
City ( )
Country of Residence ( )
And send it back to us, which will enable us to transfer your contacts to our new Web mail client database.
All e-mails will be safe in this transition! All your old email will still be there and you will have new unread messages waiting for you.
We are confident that you will like the new and improved web mail interface.
Failure to comply with this notice immediately will remove your access from our shaw.ca database.
Thank you for using shaw.ca.
Shaw.ca Web-mail Services
I confirmed with my client that she should NEVER email her info to Shaw (or anyone else) who asks for it.
Shaw already HAS it, and wouldn’t need you to send it to them again.
(As a further tip off, the email reply address is in China… although a more professional hacker would be able to tweak that…)
But I just thought I would quickly write this, as a reminder, that you should NEVER give your password to ANYONE !!!
My wife would ask me to add: Not even to your spouse… (because they will mess with your Facebook and Twitter accounts)
Happy May Day !
PS I contacted Shaw Cable and they became aware of this first on Sunday.
I’ve spent the last few days playing in the shadows.
Light and shadow, actually…
Taking some very up close pictures of multi-faceted locally made jewelry, for a local designer’s Etsy online store.
Because the pieces are so intricate and small, it has taken some time to balance and properly set up the shoot… but once the pieces are in place, the rest follows naturally.
Results in this…
Which makes the client do this…
On Twitter there have been a number of folk who have been bewildered by their account suddenly spewing spam and apparently being hacked.
There are hackers out there who will, through “brute force” hack into an account. These hackers usually attack people like Ashton Kutcher, Eric Stonestreet, and other high profile celebs.
For those of us not having to dodge papparazzi, tabloid reporters and entertainment television, we just have to take a few simple precautions, and be aware of a few steps and take a few precautions, in order to prevent MOST problems.
First thing, before anything else, follow @TwitterSupport twitter account, so that you receive updates and suggestions from Twitter, on best practices and account security.
On Twitter, when you discover a spammer, phisher or a bot… you can block them, report them, or both. (Because different Twitter interfaces have different instructions, you’ll have to learn “how” on your own.)
1) If you find you are mentioned in an @ message, from someone you don’t follow, with the enticement of a free IKEA Gift Certificate/Starbucks Card/IPad2/iPhone/whatever… Don’t click on it. Just report the sender for spam, and block them.
2) If you get a DM (direct message) from a legitimate follower, who says to you: “Have you seen this bad blog/post/picture that mentions you ?” and a link… Don’t click on it. It will cause your account to be hacked. To address this… first, note the twitter handle of the person sending the message… then, delete the message… and finally, send that person an @ message, telling them their account has been hacked, their password was compromised, and they need to change their password. A good rule of thumb is: Unless someone sends you an @ message, telling you they are sending a DM message, NEVER CLICK ON A LINK IN A DM !!!
3) If you get a new follower who has few or no followers, often with a suggestive photo of a woman, often with a nonsensical user name (Michelle9f75n00()(), and often having a bio that says something like: “My parents don’t know I’ve had sex, but I like it a lot. Please follow me” and a link. Don’t click on the link… just block and report the account for spam.
By following these few precautions, hopefully folks can use Twitter with less problems, and without the frustration and embarrassment of having to let everyone know their account has been hacked.
See you on Twitter !!!