Is this for real?
Is this legit or .. I got this message via email that my website is hacked. My website is fine upon checking.
We have hacked your website nameofsite.com and extracted your databases. This was due to the security holes you had in your your site/server which have gained us remote control of pretty much everything that was on the server.
Our team is mostly interested in customer, administrative, and employee information which we have extracted through your databases once we got remote control over the server. It still needs to be sorted out but it will be well-organized once finished. First, we will be going through the emails/sms information and contacting the recipient how you held in disregard about their information being exposed to a hacking group when you could have stopped it. This would be detrimental to your personal image with these relationships with these people. Lastly, now that we have information not only will we be monetizing off it with our methods but made public or sold to other people that will do whatever they wish with the information also after we are done.
Now you can put a stop to this by paying a $3000 fee (0.11 BTC) in bitcoin to the address 38QUcAeq8zDrWDjdo4tY9pp9rqrqYKHGSa We will be notified of payment which we will then delete the information we have obtained, patch the hole in the site/server which we got in and remove you from any future targeting in the future. You have 72 hours in doing so after viewing this message or the series of steps will commence. You can obtain bitcoin through such services such as paxful.com or do a search on bing.com
How did you hear about us?:
99% change of being fake. Unless they have proof.
Hello @pandabb it s fake mail , is exactly the same tired text that I received in the last 6 months, once every 30 days I noticed that I receive it
send them this:
"Ok, thanks for hacking my site. Now fuck off from my face.
Suck my dick,
Just pay them -- just in case /s
We’ve been seeing a lot of such emails at work lately and even the wording is same. Sometimes they go an extra step by spoofing the sender address to make it more believable. Nothing a quick mail header analysis can’t validate.
I get them all the time saying they recorded me watching porn online.
But when I demand to see them, they never send.
that's the one I get weekly, saying they will embarrass me by releasing the "videos" to all my contacts. I don't even watch porn. Allegedly.
"We saw you posting on LowEndTalk. If you want to avoid embarrassment in your social circle and business reputations, pay a $3000 fee (0.11 BTC) in bitcoin to the address..."
Its real good sir. We have whole databases of you doing all sorts of things infront of the camwebs. We will release it to exhamster and give you a 10/90 split. 90% profit us, 10% profit you.
Please kindly do the needful.
But when I demand to see them, they never send
Maybe they did not have enough space to save the evidence?
I always know that ones a scam cause I don't have any contacts
Answering the question: It is a scam. Do not pay. Do not contact them or click on any links in the message.
About Those "I Hacked Your System" Scams:
I do not get a lot of spam. Sometimes I see a version of the "I hacked your system ..." scam. They "prove" it because they "sent" the spam email from my own email address. What makes me laugh is most of the time that email address is a receive-only forwarder (alias) that cannot possibly send email.
Some of those evade all spam filters and land at the C level people’s inbox and they start screaming. Often felt like it is better to admit they got hacked rather than explain and prove them it is a spoofed email.
Because I use forwarders where each company gets its own unique email address, I generally know which company leaked my email address. Getting them to acknowledge that their customer database has been breached and copied by "We hacked your account" spammers is another challenge.
Many companies make it impossible to reach someone to report security issues. Their focus is on reducing customer support costs by eliminating non-automated customer interaction. They want to avoid expensive customer support phone calls). They do not understand that there is a need to make a security contact available.
Frankly, many companies do not care if your customer contact information was leaked by them, despite breach disclosure laws in their locale.
Do not reply to such emails.
You are just proving that this email is active and you will receive more spam.
Its best to ignore them.
This is real as long as you believe it.
Else its just a way to scam.
On the other hand, every once a while we see users screaming to us saying that our servers are not safe because their site is hacked.
Your fault that the servers aren't secure even though my root login has the password '12345'