Hi,
I've received one of those "I've been overviewing your computer" emails. Unfortunately I can't say who it was from, because I deleted it immediately, but the reason for concern is because he correctly stated a password I had set up for Armorama (I've changed my password). It is, of course completely different to my main sign on, so presumably the only way he could have come across it would be from hacking my Armorama account? Could anyone advise please? Also a warning for other users.

I recommend you run a deep virus/malware scan (Malwarbytes is good). You could have a keylogger running on your computer (records what you type on the keyboard, sends it to the hacker(s)). In my field that is where most of those "you have been hacked" emails find your password. You may also want to change all your other passwords.

Back to staring at my stash

Cheers

Some further reading:
https://armorama.kitmaker.net/forums/273485&page=1

Thanks Robin, I was pretty sure it was a load of rubbish, but the password thing spooked me a bit. I've changed it now. Reading the other guys comments, it is obviously a regular thing, like the Nigerians informing me I have won their state lottery.
RobbD I don't think there could be a keylogger unless it's been running for a very long time, as I don't normally type the password, my login is stored.

As I understand it the get the encrypted passwords and then run them through programmes that reverse encryption for known values. This is why a password should be a mix of upper and lower case letters, numbers and symbols and ideally will be totally random rather than actual words.

In systems where there is something halfway important to protect there are usually rules about the length of the passwords and the mix of characters.
The password crunchers use dictionaries to test for existing words. If there are a few passwords in the encrypted file that can be "reverse engineered" by being existing words then they can compromise the whole encryption. This is the reason for enforcing rules about passwords. Some systems also check against dictionaries and will reject passwords that match with the dictionary.
To get it safer the system must be built on single use passwords where the user id triggers the system to generate a challenge code (algorithm based on user id + something secret + an encryption key or simply a random code). The user must then respond with an answer code which is the result of the challenge pushed through an algorithm together with a pin-code. The system then verifies that the answer matches its own calculation.
The pin-code must of course remain secret which it can be since it is never transmitted between the system and the entity logging in.
There are also time limits on the validity of the challenge to make it difficult/impossible to use brute computing force to break the code.

/ Robin

Steve- Me too. Here is what I received from kiss@dksblu
"Hello!

I am a hacker who has access to your operating system.
I also have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence."

I deleted the email and went on. All the best

I've had the same guy.Ignored the emails and he's gone away.
.
Tom

I got a similar E-mail but, seeing how I DO NOT have a camera set up I ignored it