Encrypt all the things!

Let's say you're one of these scammers, and the victim does what @Stonehedge 's pal does, what's your tactic?

You want them to be humiliated so that in the future other victims know that the risk of being exposed is real.

So do you send it with a summary in the subject line?
"Here's a video of your pal/son/husband/colleague/nephew, Stonehedge's Friend, wanking!"

The victim's mum is not going to open that, only people who don't really care about the victim will watch it.

Or do you present it without comment? How often do you just watch a video sent to you by a random without any comment?
Would you put a still image including the victim's face as the image on the video so the victim's friends and family play the video thinking, "I know that guy?"
Or do you leave it blank and hope some will just watch it no questions asked (unlikely...?)
If the former, how much build up do you have? Do you want the viewer to cotton on what's happening, leaving them the opportunity to work out what they're about to see, and turn it off to save the victim's embarrassment, or do you give it 2 seconds and then cut straight to him yelling out, "unleash the oooze" as his stubby cock erupts over his weirdly waxed stomach and chest?

So many things to consider in this blackmail play.

If this happened to me I'd probably just email everyone I know saying here's a video of me jizzing if you're keen, because a scammer is blackmailing me so if you really want to check it out, then you can now. Save them the hassle.

CC the scammer to let them know what's up.

Perhaps as an extra power play print off the original blackmail email and record yourself wanking to that.

I've got a meeting with him on Friday. I'll ask the details if you guys are interested.

He should write a blog post about it. It'd go nuts. I'm sure loads of people are genuinely curious about what they did, the impact this had, etc. I am.

There was a link on here a while back, I think @Velocio posted it, about what preparations someone took when travelling to the US (in terms of phone, laptop, etc). I've got a feeling it was someone from Cloudflare. Anyone know what I'm talking about and can point me in the right direction?

The conversation was on this page: https://www.lfgss.com/conversations/205836/?offset=1400#13443212 a little further down for the guy I worked with (was Cloudflare, now Google, always security teams).

Cheers. I thought there was a link to another website for some reason which is why my searching for it wasn't working.

anybody using Google's compromised password/email checker?
https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html

This and others were mentioned a page back.

Deliveroo now implementing breached cred checking on their login too.

I quite admire his refusal to pay the ransom tbh. He was all like "meh, everybody does it".

Is your friend Jeff Bezos?

I got one of these. It gave me a bit of a scare because it was definitely an old password of mine, but not so much on the blackmail front (I don't have a webcam).

I'm pretty sure it came from a Myspace (remember that?!), Tumblr or LinkedIn leak.

I already use Lastpass but I did the security challenge and my results weren't great - I had a lot of duplicate, weak and old passwords. I've now sorted that out, turned on 2FA etc. and my 'Lastpass standing' is now in the top 1%, although I've still got some old passwords I want to change.

It was a good reminder to have different passwords for all the things so if someone gets one they can't get into anything else...

I am, have changed a couple already. Currently using Chrome's built-in password manager but it's a bit of a hassle when apps on my iPhone redirect me to Safari. Any suggestions for a good password manager which can import everything from Chrome and is easy to use on iPhone?

Any suggestions for a good password manager which can import everything from Chrome and is easy to use on iPhone?

KeyChain won't do the import but being integrated in to iPhone and Apple's preferred way of doing things it's easy to use. If you don't have a Mac desktop / Laptop it's probably not the best by a long shot though.

Nope, on a Windows laptop. :\

@tijmen, I might give the google password checker a go with a infrequently used account, I'm slightly nervous about it being Google.

Have you tried LastPass on the iphone. Free version I think is 100% fully functional.
https://blog.lastpass.com/2018/09/get-in-app-autofill-with-lastpass-ios-12.html/
cheers

@hippy I missed that cheers, will go back and look .

Thoroughly recommend 1Password. I use it for personal stuff and LastPass at work. 1Password is without a shadow of a doubt the better product IMO. The UI is far, far superior. Is integrated fully with iOS/thumbprint/facial recognition so I rarely even have to type in my master password. I don't think any will do imports - definitely not lastpass or 1password anyway. I use it on: A dell laptop, my iPhone, have used it on Android and have it installed on my MacBook. Works great on all of them.

Lastpass can import from Chrome. (You may need to export to CSV and then import the CSV. EDIT: Just looked and there's a menu option to import directly from Chrome on the browser add-in)

On Android at least the integration is great if you have a fingerprint reader. Vast majority of the time it will fill in passwords automatically for apps and websites or, for the few times that doesn't work, it's easy to copy/paste.

Also has add-ins for most web browsers.

https://www.passpack.com/ is another option. Heard good things about 1Password - think Troy Hunt was bigging them up maybe?

Oh, that's definitely a benefit. Times have moved on since I migrated to a password manager.

Subscription? I believe subscription will end up fucking over a lot of ppl. Comes the time their business model can no longer be sustained, the company folds and boom... Or whimper... Passwords gone.

And is it repeat purchase? Or one time... Again same. Reason.

They would be acquired. At some point consolidation will happen.

If that were to happen. If. If. It's not like I can't access my accounts. Yes it would suck to have to reset the passwords but it's not the end of the world.

'After purchasing a software license ($64.99 in 2018), 1Password can be set up to only store password files locally, and not sync with remote servers. It can also be set up so that files are synchronized through Dropbox (all platforms), local Wi-Fi, and iCloud, and more recently, through 1Password.com'.

Mine are stored on 1Password remote servers. I have opted for that method of storage/paying a sub to make my life easier when using multiple devices. More info about security here:

https://support.1password.com/1password-security/

Going a bit off topic here but...

I was looking through my gmail spam folder the other day and I noticed an email from my best bud, let's call him Rob Merovingian (it's a rare name). I clicked the email and of course the email was from "Rob Merovingian <some.scam@bullshit.com>".

I'm trying to figure this out. Obviously our relationship has been scraped from somewhere (facebook? linked in?) But how would they know to pick Rob, one of my closest friends, of all people?

The funny thing is, Rob checked his spam folder and found a similar email from "me" in there.

Anyone else seen this?

anyone using Dashlane?