Phishing email sent to Nexus account email ***with account password***

[TWeaKoR]

So I just received a phishing email to my Nexus account email address. The interesting thing is that I use a unique email address for this account, one which doesn't technically exist - I have a rule on my email domain that any email sent to addresses that don't exist will filter through to my main account. As such, my Nexus account email only exists on Nexus' servers and in the emails they've sent me. Even more worrying, the email included my account password in both the Subject header and the body of the text.

 

Here is the full text of the email:

 

To: xxxx [my password]
Subject: Your password is xxxx
Body:
I do know xxxx is your pass word. Lets get straight to the purpose. You do not know me and you're probably wondering why you are getting this e mail? Nobody has paid me to check you.

Well, I actually placed a malware on the X videos (pornographic material) website and you know what, you visited this website to have fun (you know what I mean). When you were viewing videos, your web browser started out functioning as a Remote control Desktop with a keylogger which provided me access to your display screen and web cam. Right after that, my software obtained your entire contacts from your Messenger, Facebook, and email . Next I made a video. 1st part displays the video you were watching (you have a good taste haha . . .), and second part displays the recording of your web cam, & it is u.

There are two different possibilities. We should study each of these possibilities in aspects:

First option is to just ignore this message. In this situation, I will send out your actual recorded material to every bit of your personal contacts and thus just think concerning the embarrassment you will get. And as a consequence should you be in an intimate relationship, exactly how it can affect?

Number two choice is to give me $4000. Lets call it a donation. Then, I will without delay erase your video footage. You could resume your life like this never happened and you will not ever hear back again from me.

You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address to send to: [redacted, though I can share this if needed]
[CASE SENSITIVE so copy and paste it]

In case you are looking at going to the law enforcement officials, anyway, this email message cannot be traced back to me. I have covered my actions. I am also not looking to charge you so much, I simply prefer to be paid for.

You now have one day in order to pay. I have a special pixel within this e-mail, and right now I know that you have read through this mail. If I do not get the BitCoins, I definitely will send your video recording to all of your contacts including relatives, coworkers, and so forth. Nevertheless, if I receive the payment, I will erase the recording right away. If you want to have proof, reply Yes & I definitely will send out your video to your 6 contacts. This is the non-negotiable offer and so do not waste mine time & yours by responding to this message.

 

When I attempted to login just now my password had been changed. I was still able to use the forgotten password link, then afterwards I had to re-verify my email as the account had become inactive.

 

Obviously I'm not worried about the phishing email itself, the email and password are unique. What is concerning is that it seems the Nexus servers have been compromised, leaking account information, and even more worrying is that this appears to have included passwords which at best have been decrypted - at worst they may not have been encrypted to begin wtih.

 

Does anyone from Nexus have any comments on this?

[Rabbit1251]

I have forwarded this to the Nexus Moderators to have a look at it.

 

 

The Rabbit

[soupdragon1234]

Obviously I'm not worried about the phishing email itself, the email and password are unique. What is concerning is that it seems the Nexus servers have been compromised, leaking account information, and even more worrying is that this appears to have included passwords which at best have been decrypted - at worst they may not have been encrypted to begin wtih.

 

Nope. It states clearly enough in the email they used a keylogger. This records every keypress you make and from that they extracted your username and password.

 

I've had credit card details lifted like this in the past (keylogger trojan).

[Dark0ne]

It's a phishing email.

 

We had a database breach in July 2013, you can read more about it here: https://www.nexusmods.com/news/12675

 

As your account is from 2012, with apologies, your details would have been included in the leak. After all this time, the database has been unencrypted and that's how they have your password. Everything else in the email is fake, using the two items they do know about you, your email address and password, to try and scare you into doing what they ask.

 

If you've updated your Nexus Mods password (and anywhere else you use that password), you can safely ignore that email.

[gamevsreality]

This type of spam has been sent out a lot recently.

They claim you have gotten a trojan from a watching a video on a pornographic website and that they have used it to get recordings of you watching the video, and extracted information from all your social media and emails.

In some cases like op's they add a password to the email that they got from a security leak to try prove that it's true.

[WakahisaSensei]

I love it when these scam artists tell me they have my facebook account. No you don't. I don't have one. ^-^

[NMC]

Apparently this is a relatively common occurance...and it is a phishing scam. In fact, in the last 3 days I have received 3 similar emails and included some old passwords I no longer use, thankfully! So a word of warning, use UNIQUE passwords for every site you use, and change them regularly!

 

Here's a set of posts on 'reddit' about the exact email I received but with different hacker names, and different ransom demand amounts. I believe these following links to be 100% legitimate, however please investigate yourself before using them. Hopefully I am not breaching any Nexus T&C's by posting links here?? If so I apologise, and will delete the post.

 

https://www.reddit.com/r/hacking/comments/9ph2ix/hacker_asking_me_for_830/

 

And amongst the posts there was a link, where you can check the potential sources of the data breach on your email account:

 

https://haveibeenpwned.com/

 

You simply type your email address in, and it will tell you if it has ever been breached, and name the sources of the breaches too. As it turned out, I have been a victim of a data breach from FIVE different sources! However, if you have unique passwords for every site/ login info then you are relatively safe from what I understand.

 

I think I will be investing in a password manager to control the evergrowing number of passwords I have. Preferably one that will remind me to change them regularly.

 

Edit: If anyone with better insight than myself can provide some advice regarding security/ password management, I'd be grateful to learn from it.

Edited October 22, 2018 by NMC