So I just received a phishing email to my Nexus account email address. The interesting thing is that I use a unique email address for this account, one which doesn't technically exist - I have a rule on my email domain that any email sent to addresses that don't exist will filter through to my main account. As such, my Nexus account email only exists on Nexus' servers and in the emails they've sent me. Even more worrying, the email included my account password in both the Subject header and the body of the text.
Here is the full text of the email:
To: xxxx [my password] Subject: Your password is xxxx Body: I do know xxxx is your pass word. Lets get straight to the purpose. You do not know me and you're probably wondering why you are getting this e mail? Nobody has paid me to check you.
Well, I actually placed a malware on the X videos (pornographic material) website and you know what, you visited this website to have fun (you know what I mean). When you were viewing videos, your web browser started out functioning as a Remote control Desktop with a keylogger which provided me access to your display screen and web cam. Right after that, my software obtained your entire contacts from your Messenger, Facebook, and email . Next I made a video. 1st part displays the video you were watching (you have a good taste haha . . .), and second part displays the recording of your web cam, & it is u.
There are two different possibilities. We should study each of these possibilities in aspects:
First option is to just ignore this message. In this situation, I will send out your actual recorded material to every bit of your personal contacts and thus just think concerning the embarrassment you will get. And as a consequence should you be in an intimate relationship, exactly how it can affect?
Number two choice is to give me $4000. Lets call it a donation. Then, I will without delay erase your video footage. You could resume your life like this never happened and you will not ever hear back again from me.
You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address to send to: [redacted, though I can share this if needed] [CASE SENSITIVE so copy and paste it]
In case you are looking at going to the law enforcement officials, anyway, this email message cannot be traced back to me. I have covered my actions. I am also not looking to charge you so much, I simply prefer to be paid for.
You now have one day in order to pay. I have a special pixel within this e-mail, and right now I know that you have read through this mail. If I do not get the BitCoins, I definitely will send your video recording to all of your contacts including relatives, coworkers, and so forth. Nevertheless, if I receive the payment, I will erase the recording right away. If you want to have proof, reply Yes & I definitely will send out your video to your 6 contacts. This is the non-negotiable offer and so do not waste mine time & yours by responding to this message.
When I attempted to login just now my password had been changed. I was still able to use the forgotten password link, then afterwards I had to re-verify my email as the account had become inactive.
Obviously I'm not worried about the phishing email itself, the email and password are unique. What is concerning is that it seems the Nexus servers have been compromised, leaking account information, and even more worrying is that this appears to have included passwords which at best have been decrypted - at worst they may not have been encrypted to begin wtih.
Phishing email sent to Nexus account email ***with account password***
in Off-Topic
Posted
So I just received a phishing email to my Nexus account email address. The interesting thing is that I use a unique email address for this account, one which doesn't technically exist - I have a rule on my email domain that any email sent to addresses that don't exist will filter through to my main account. As such, my Nexus account email only exists on Nexus' servers and in the emails they've sent me. Even more worrying, the email included my account password in both the Subject header and the body of the text.
Here is the full text of the email:
When I attempted to login just now my password had been changed. I was still able to use the forgotten password link, then afterwards I had to re-verify my email as the account had become inactive.
Obviously I'm not worried about the phishing email itself, the email and password are unique. What is concerning is that it seems the Nexus servers have been compromised, leaking account information, and even more worrying is that this appears to have included passwords which at best have been decrypted - at worst they may not have been encrypted to begin wtih.
Does anyone from Nexus have any comments on this?