back to article Sorry friends, I'm afraid I just can't quite afford the Bitcoin to stop that vid from leaking everywhere

First, an apology. Allow me to express my sincere regret for any offence caused by the videotape you will soon be receiving of your faithful servant buffing the old banana, courtesy of some mysterious stranger. Well, perhaps not so much offence as surprise. After all, it is jolly unusual to receive a videotape in the post …

Page:

  1. iwi

    I'm sure the blackmailers only have simian heath concerns at the heart of everything they do. They want to save all those monkeys from being spanked.

  2. TonyJ Silver badge

    I've seen a definite uptick in these

    Had a few land in my spam folder this week.

    They all use the same throwaway password I only use on websites that insist on registration but hold no other information beyond an email address, password and login name.

    Honestly though, I guess I fall into the lucky-enough-not-to-care bracket, although I do understand there are poor souls for whom such a threat must be awful.

    It's clever though, when you think about it - pull an email address and password out of one of the large files of them out there and spam away. The addition of the password adds a certain level of believe-ability that would otherwise be missing and I can see how it would fool a lot of people.

    1. Joe W

      Re: I've seen a definite uptick in these

      ... and to boot, it was not even one of the throwaway $(servicename)_$(qualifier)@$(mydomain) ones I expected.

      (and now if they could give me pointers on how to get the front cam running reliably on my laptop I'd be chuffed, might even send them money for a coffee...)

      1. Danny 14 Silver badge

        Re: I've seen a definite uptick in these

        10 minutemail for those websites. my main personal email address was somehow harvested with a throwaway password i use. no idea how those two were connected as i only use my main email for proper logons (which i use password mangagers).

        muat have missed a random site in the early days.

        1. K Silver badge

          Re: I've seen a definite uptick in these

          Little tip if you use Gmail... you can add indicators to your email address by using a "+", such as if you address is JimBob@gmail.com -

          JimBob+Pr0nhub@gmail.com

          JimBob+H0tBears@gmail.com

          JimBob+NaughtyMLFs@gmail.com

          Google will effectively ignore the +<word>, so emails still arrive. But it will show in email details. So not only can you filter (make rules etc) on it, but by setting the <word> to the site name you entered it into, you know exactly where they sourced your email from (Little trick I learnt from the GApps team at work).

          1. Anonymous Coward Silver badge
            Boffin

            Re: I've seen a definite uptick in these

            The username+something@domain is called plus-addressing and has been available in sendmail (among others) since before gmail was a thing.

            Don't try claiming that it's a unique gmail feature.

            1. Prst. V.Jeltz Silver badge

              Re: I've seen a definite uptick in these

              Well it certainly aint a Yahoo!! feature I was disappointed to find out.

              1. pyroweasel

                Re: I've seen a definite uptick in these

                Yahoo does have a similar feature, although you have to create a myprefix-<throwaway>@yahoo.com mailbox before you can use it, rather than Gmail's instant madeup-on-the-spot address.

                Yahoo's advantage (Yes, there is one...) is that if you get spam to that mailbox, delete it and you get no more.

                Other mailboxes are available

                P~

            2. Giovani Tapini

              Re: I've seen a definite uptick in these

              I for one didn't know it was a feature at all! I don't think I would have ever had cause to consider it.

              A day when I learn something is (at least mostly) is not wasted.

              1. IceC0ld Bronze badge

                Re: I've seen a definite uptick in these

                A day when I learn something is (at least mostly) is not wasted.

                ===

                unfortunately, for me, the learning has been all about the new ways to describe mans oldest addiction :o)

            3. Teiwaz Silver badge

              Re: I've seen a definite uptick in these

              The username+something@domain is called plus-addressing and has been available in sendmail (among others) since before gmail was a thing.

              Don't try claiming that it's a unique gmail feature.

              I don't think poster was, specifically, although the wording could be interpreted as though it's a Google mail only feature.

              It's a good tip, that I'm sure there are more than a few that pass by here don't know about.

              I recall reading about it (sendmail docs) years ago, I didn't know Gmail included it.

              1. fattybacon

                Re: I've seen a definite uptick in these

                It's a shame a lot of regular sites view any email address containing the '+' as invalid. Despite it being whatever RFC for the last 400 years. Trying to get my free BT Sport was a joy, they accepted it but the BTID system didn't, so I was registered with one arm of the behemoth but unable to verify my id so couldn't ever use it.

                1. Stoneshop Silver badge

                  Re: I've seen a definite uptick in these

                  It's a shame a lot of regular sites view any email address containing the '+' as invalid.

                  $name.$service@$domain should be accepted, and I haven't found any site that doesn't. Currently I simply have a catch-all on my domain, and some local processing using procmail. Works a treat.

                  1. anatak

                    Re: I've seen a definite uptick in these

                    My hosting company decided not to support catch-all anymore.

                    Could you tell me what hosting you use ?

                  2. Prst. V.Jeltz Silver badge

                    Re: I've seen a definite uptick in these

                    "$name.$service@$domain should be accepted, and I haven't found any site that doesn't. "

                    as I said YAHOO dosent . One of the biggest email hosts in the world.

                2. dcluley

                  Re: I've seen a definite uptick in these

                  Yes - I have had a number of these claiming they have my webcam pictures. Minor problem is that I do not have a webcam.

                  On a separate point of invalid email addresses I remember when I was still working as a lecturer in a FE college trying to get on a news list from a website which needed my email address to complete the form. It complained that my email address was invalid. My email address was david.cluley@<college>.ac.uk - a perfectly valid address which had no trouble receiving emails. The web site in question? IBM. You would think that they might have got some idea about how the email system works.

                  1. Doctor Syntax Silver badge

                    Re: I've seen a definite uptick in these

                    "IBM. You would think that they might have got some idea about how the email system works."

                    Having had dealings with IBM and emails, no I wouldn't think that at all.

                    1. Scunner

                      Re: I've seen a definite uptick in these

                      "IBM. You would think that they might have got some idea about how the email system works."

                      You've clearly never used lotus notes then... <shudder>

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: I've seen a definite uptick in these

                        "IBM. You would think that they might have got some idea about how the email system works."

                        You've clearly never used lotus notes then... <shudder>

                        That kinda proves his point :).

                        That said, once you mastered the setup it was quite robust (and very safe), but boy was it a swine to use. cc:Mail was similar, but a tad easier to coax into work.

                  2. onefang Silver badge

                    Re: I've seen a definite uptick in these

                    "Minor problem is that I do not have a webcam."

                    I don't either, and if I did, all it would see if trying to record from it while I was surfing porn sites is me searching for more porn to download. I never watch it direct from the site. I'd likely even have all my clothes on, and not touching him who rules with his little head from downstairs.

                3. onefang Silver badge

                  Re: I've seen a definite uptick in these

                  "It's a shame a lot of regular sites view any email address containing the '+' as invalid."

                  I've recently tried to get Tinder to send a verification email, so it will notify my via email when things happen, instead of failing to notify me on my phone. It entirely failed to even attempt to send any emails to my own email server, which are not on any spam blacklist that I check regularly. Everyone else can send to that server fine. I tend to use individual addresses for individual sites / services, so this was to tinder@... They didn't say why it failed, just that it did. No attempts spotted in my logs. Perhaps I'll try this + trick, see what happens. Or create yet another throw away gmail account.

                4. gnarlymarley

                  Re: I've seen a definite uptick in these

                  These emails say all the same thing, even though both my phone and computer have no camera on them.

                  That malware make your front-facing camera capturing video

                  The other thing I find interesting is that they are sending it to an alias account for automation that has never had a password. Oh well, I guess they will keep sending it directly to my spamcop forwarding script.

                  1. onefang Silver badge

                    Re: I've seen a definite uptick in these

                    "That malware make your front-facing camera capturing video"

                    Hmm, the front-facing camera might only capture your face, not what your hand that's not holding the phone is doing. Maybe they need to capture video from both cameras? Or, if you are like me, and the only porn you watch on your phone is VR porn, both cameras have a very close up view of the inside of the VR headset, and nothing more.

            4. K Silver badge
              Pint

              Re: I've seen a definite uptick in these

              @AC - Who said it was unique to Gmail? I certainly didn't... I merely know its a trick you can use with it, huge difference!

              So get the bee-out-of-your-bonnet, Its Friday, so go have a pint!

            5. TonyJ Silver badge

              Re: I've seen a definite uptick in these

              I didn't know about it either. That is excellent for folks who don't own their own domain and mail server.

              1. Doctor Syntax Silver badge

                Re: I've seen a definite uptick in these

                "That is excellent for folks who don't own their own domain and mail server."

                It only costs a few quid a year to own your own domain and you don't need a mail server. Either get a mail service from your domain hoster (again not expensive - even I do it) or simply get it all sent to your free gmail or whatever mail service.

                1. onefang Silver badge

                  Re: I've seen a definite uptick in these

                  "It only costs a few quid a year to own your own domain"

                  You can get freebies to, from places like freedns.afraid.org.

                  As for your own mail server, if you have a typical Linux or BSD installed, chances are you already have a local only email server. If you have a static IP, open it up to the world, done. Oh, and turn off relaying, or find yourself on spam blacklists fairly quickly.

            6. Nick Kew Silver badge

              Re: I've seen a definite uptick in these

              Don't try claiming that it's a unique gmail feature.

              It was a feature back in the days when email addresses cost money, some people wanted more than one address, and neither security nor spam were issues.

              It was a minor feature of my mail-by-web software from 1997. Back when webmail and other web-based office facilities like docs and calendars looked like a cool new thing people would find useful.

            7. ibmalone Silver badge

              Re: I've seen a definite uptick in these

              The username+something@domain is called plus-addressing and has been available in sendmail (among others) since before gmail was a thing.

              Don't try claiming that it's a unique gmail feature.

              I always wonder that spammers must surely catch on and work out it would be a good idea to strip the sub-address. You could always blacklist anything not containing one I suppose, but would need to be pretty disciplined about it. The other stumbling block are websites with home-made field verification that rejects emails with subaddresses as invalid.

              1. onefang Silver badge

                Re: I've seen a definite uptick in these

                "You could always blacklist anything not containing one I suppose, but would need to be pretty disciplined about it."

                That's what things like mailfilter are for.

                1. ibmalone Silver badge

                  Re: I've seen a definite uptick in these

                  "You could always blacklist anything not containing one I suppose, but would need to be pretty disciplined about it."

                  That's what things like mailfilter are for.

                  To clarify, I was thinking about discipline in only handing out sub-addressed addresses and refusing to accept mails not including them. Becomes more difficult when giving your email in person or dealing with sites with broken mail validators. As soon as you start accepting some without the sub-address you are back to having to look at them at least some of the time to figure out if you need to update your whitelist.

          2. MrBanana

            Re: I've seen a definite uptick in these

            "Little tip if you use Gmail... you can add indicators to your email address by using a '+'"

            It's a good tip, which I try to use as often as possible. However, many websites have email address checkers built into the web submission form that reject the '+' character as invalid. I've tried emailing site owners with a link to the RFC that defines valid characters for email addresses, but haven't had much response. By not much response, I mean absolutely nothing, not a single reply.

            1. Ken Hagan Gold badge

              Re: I've seen a definite uptick in these

              "I've tried emailing site owners with a link to the RFC that defines valid characters for email addresses"

              To be honest it might be more productive to search Stack Overflow for "email address validation" and reply with corrections to the (presumably several hundred) crap answers that don't permit a plus sign, coz that's where all those crap websites got their code from.

              Even more productive still would be to post an answer saying "Please don't even try to validate an email address. You *will* get it wrong.", because not allowing plus signs is just one of the common mistakes. (Ask anyone with an apostrophe in their name, for example.)

            2. Anonymous Coward
              Anonymous Coward

              Re: I've seen a definite uptick in these

              "However, many websites have email address checkers built into the web submission form that reject the '+' character as invalid."

              Microsoft Office 365 email service rejects incoming traffic which uses a plus modifier on an otherwise valid alias address for my account. Pity - it looked like a way to make identified addresses without setting it up as one of the maximum 100 aliases.

              1. Andy A

                Re: I've seen a definite uptick in these

                "Microsoft Office 365 email service rejects incoming traffic which uses a plus modifier on an otherwise valid alias address for my account."

                Weirdly, Hotmail, which presumably shares code with Office 365, seems to process plus signs properly, even passing things down to an Outlook 2010 client.

            3. onefang Silver badge

              Re: I've seen a definite uptick in these

              "I've tried emailing site owners with a link to the RFC that defines valid characters for email addresses, but haven't had much response. By not much response, I mean absolutely nothing, not a single reply."

              Probably coz they thought the email address you used to send that email was considered bogus, and it went straight to their spam folders?

          3. Criggie

            Re: I've seen a definite uptick in these

            Sadly it is turned off in my corporate gmail account. :-\

        2. Anonymous Coward
          Anonymous Coward

          Re: "muat have missed a random site in the early days."

          This and/or BT/Yahoo just lost it all themselves. That's what happened to me.

          I still need to do more than a private/public email split. As lots of companies want a more private one. I need a public, private, personal, and then company independent and/or throw away ones. Looks like there is a hole in the market for a product there!

          [edit] Ah, on I've been pwned it shows Adobe being hacked. I guess that was where I lost one of my accounts, password must have been the same in error.

          1. Doctor Syntax Silver badge

            Re: "muat have missed a random site in the early days."

            "As lots of companies want a more private one. I need a public, private, personal, and then company independent and/or throw away ones. Looks like there is a hole in the market for a product there!"

            It's a market niche but not a hole as there are several mail service providers who will provide domain and email hosting facilities. Just set up a series of addresses all forwarding to one inbox. Make some long term use case specific (bank, family and friends etc.) and a throw away one that runs for a few weeks and then gets torn down.

      2. Stoneshop Silver badge
        FAIL

        Re: I've seen a definite uptick in these

        ... and to boot, it was not even one of the throwaway $(servicename)_$(qualifier)@$(mydomain) ones I expected.

        In my case, $servicename == monsterboard. Nothing else.

        Hmm, do they still exist? Apparently, yes. So I try logging in: nope. Password reminder? "No account associated with that mail address" or something like that.

        And harvesting my contacts from there (insofar as they can actually do so, given a non-existent account) would yield a dozen or so spammy recruiters I haven't had any contact with for the past fifteen years, so I doubt they still work where they did back then.

      3. Unicornpiss Silver badge
        Happy

        Re: I've seen a definite uptick in these

        I've gotten a few of these. I suspect if there was any plausibility to this, most people would have a blackmail recording showing whatever porn side by side with a chin-up view of various facial contortions as the rocket clears the tower. (also known as your "Oh! Face") :-)

        For me, I generally don't look at anything too interesting, but since I usually use a desktop at home with no microphone or camera, the show would be extra boring. Maybe porn with an anthology attached.

    2. caffeine addict Silver badge

      Re: I've seen a definite uptick in these

      TonyJ : "Had a few land in my spam folder this week."

      We've moved on to euphemisms for the women now, have we?

      1. Anonymous Coward
        Anonymous Coward

        Re: euphemisms for the women now, have we?

        "scrolling your mouse wheel" was one I recall hearing a while back :-)

        1. Def Silver badge
          Headmaster

          Re: euphemisms for the women now, have we?

          scrolling your mouse wheel

          This is almost certainly scandinavian in origin where they favour the term 'mouse' over 'pussy'.

        2. Thomassmart

          Re: euphemisms for the women now, have we?

          Funny coincidence, "mouse" is the Chinese version of our feline euphemism. "Bird" being the male chicken equivalent.

      2. TonyJ Silver badge

        Re: I've seen a definite uptick in these

        "...Re: I've seen a definite uptick in these

        TonyJ : "Had a few land in my spam folder this week."

        We've moved on to euphemisms for the women now, have we?.."

        You're going to have to explain this one to me, I'm afraid.

        1. onefang Silver badge
          Paris Hilton

          Re: I've seen a definite uptick in these

          "You're going to have to explain this one to me, I'm afraid."

          Youngsters, and those that want to avoid seeing "interesting" descriptions of genitalia should stop reading now.

          "Had a few land in my spam folder this week."

          "We've moved on to euphemisms for the women now, have we?.."

          One euphemism for labia is "beef flaps / roast beef flaps / meat flaps", particularly those with, shall we say, a lot of external structure and definition. One of those "opened up" for the activity that is the subject of this article may look like an open folder. Spam is also a sort of meat, allegedly. "a few land in" could be rather descriptive of what happens with the various objects that women might use for said activity. Do I need to go deeper? Er, in my explanation I meant.

          Paris, coz she might know all about these things.

      3. macjules Silver badge

        Re: I've seen a definite uptick in these

        he is now panicking about the time he accidentally filmed himself in 4K while having a shit.

        This is far too much information.

    3. Muscleguy Silver badge

      Re: I've seen a definite uptick in these

      Hmm, I have just Autumn cleaned my spam folder and I have absolutely NOTHING of this sort. I think it's a generational thing. I'm a crusty 52 and can remember the web being invented and what went before like Fetch.

      My eldest was always complaining her email accounts kept being unusable because of spam but she was the only family member so afflicted. We all had addresses on the same ISP, all dependent on my main account but only her's was so afflicted.

      I take perverse pleasure in going elsewhere if you require me to create login just to browse and get uppity on there not being a guest login feature.

      Also I use a different password for each site, they are all phrase initials and I use a variety of them. Except my banking logins are different again, they are quite abstruse.

      It's like sex and disk sanitation back when we were always putting discs into machines. I remember when AIDS developed as well as nVir (so date me).

      As a matter of interest my login here is really ancient, from way back before I got all initialised. Knowing that one will only allow you to impersonate me on here. Others of that vintage are probably associated with work email addresses long defunct so no use to man, beast or cybercrook.

      I remember when, having JANET accounts (Big Fat Pipe) we used to threaten spammers with humungous email files unless they desisted. How the world changes.

      1. Stoneshop Silver badge

        Re: I've seen a definite uptick in these

        I think it's a generational thing. I'm a crusty 52

        I can assure you it's not.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019