PSA: Phishing Emails Are Being Sent to The Email You Used for ShopBack

Since lots of Ozbargain users are also shopback users I thought I'd post this warning.

Due to the email leak from Shopback a while ago, our Shopback email addresses will be targeted by scammers now.
I use a fully separate email account for every service I sign up so I can see which sites are spamming me, break ties with them, etc.
This morning, the one I used for Shopback received the following email.

If you get this email too, trust me, these "hackers" DO NOT HAVE ACCESS TO YOUR COMPUTER, MICROPHONE, or CAMERA.
You can safely ignore these scam emails, but there's not much you can do to stop them other than clicking the spam report button.
It's worth putting your email address in here to see which sites you used have been compromised: https://haveibeenpwned.com/

I am sorry to inform you that your device was compromised.

I'll explain what led to all of this. I have used a Zero Day vulnerability with a special code to infect your device through a website.
This is a complicated software that requires precise skills that I have. It works as a chain with specially crafted and unique code and that’s why this type of an attack can go undetected.
You only need one not patched vulnerability to be infected, and unfortunately for you – it works that simple.

You were not targeted specifically, but just became one of the quite a few unlucky people who got hacked that day.
All of this happened a few month ago. So I’ve had time to collect information on you.

I think you already know what is going to happen next.
During that time, my software was quietly collecting information about your habits, websites that you visit, searches you do, texts you send.
There is more to it, but I have listed a few reasons for you to understand how serious this is.

For you to clearly understand, my software controlled your camera and microphone as well and it was impossible for you to know about it.
It was just about right timing for me to get you privacy violated.

I’ve been waiting enough and have decided that it’s time to put an end to this.
So here is my offer. I need a consulting fee to delete the media content I have been collecting.
Your privacy stays untouched, if I get paid.
Otherwise, I will leak the most damaging content to your contacts and post it to a public tube for perverts to explore.

I understand how damaging this will be for you, and amount is not that big for you to keep your privacy.
Please dont blame me – we all have different ways of making a living.

I have no intention of destroying your reputation or life, but only if I get paid.
I don’t care about you personally, that's why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1650 US Dollars transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: <Omitted>

The fee is non negotiable, to be transferred within 2 business days.
We use Bitcoin to protect my identity.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care.

Related Stores

ShopBack AU
ShopBack AU
Third-Party

Comments

  • +12

    That $3 "sorry" hand out they gave everyone after their data breach, hope it was worth it.

  • +2

    "modest consulting fee"
    .

  • +4

    Yep I'm finding my email used with Shopback getting a spike in new spam/phishing emails lately.

    • +1

      It sucks doesn't it? This was my first one for shopback, I'd forgotten to delete this email when I closed my shopback account last year.
      There are probably hundreds of them but the vast majority get blocked by the email provider's filters.
      This is why it's important to remember to use the "report spam" button for the ones like this which slip through so they can be blocked for the next people.

  • -4

    Nothing wrong here, just the Government collecting metadata on you.

  • +3

    "Take care". LOL

    Imagine being such a sh*tty human that you sit and do this all day.

    • -3

      Eh, it doesn't fit my morals either but I can't fault them too much. There are huge wealth and competence disparities across the world's population. In a free market those who make poor decisions open themselves to being ripped off.

      A fool and his money are soon parted.

  • What a c**t-sy email!

  • +2

    Jokes on the scammer. What webcam?

    Take care.

    • +2

      Dear Twix
      Same here, no mic either.
      Take care.

  • +6

    A Shopback account really is the gift that keeps on giving.

  • +2

    Dear sender, thank you for telling me about your precise skills crafting special codes in your complicated software to take advantage of a “not patched” vulnerability to monitor my every move. I hope you have these adjectives on your CV as they sound impressive indeed. I can send you the modest consulting fee in the form of 1650 BP after I have finished my quest to save the Galar region. Please respond with your Switch friend code so my special advisory team can commence the transfer process with haste. Take care.

  • "I use a fully separate email account for every service I sign up"

    How do you go about creating a new email every time? I imagine that would be painful.

    • +1

      I imagine that would be painful.

      Actually it's super easy, barely an inconvenience!

      I use my own domain, and I pay for a mail service. So I'm not actually signing up and managing multiple email accounts each time.
      This means that if the mail service goes evil/shitty I can swap it out with a competitor without losing my email address(es).

      • +1

        Which one do you use? I found I ran out of addresses with namecheap after I hit 100.

        Now I use pobox. It has an automatic forward for *@domain and you just blacklist ones that get compromised. Much easier because you're not going in and creating a specific address each time.

        • Thanks for the tip about ALLOW_ALL with an explicit blacklist, my provider (currently fastmail) can do this too.
          I might have changed to this to save time a few years ago if I'd thought of it.
          These days I don't buy as much ozbargain landfill, etc so I don't make many accounts.

      • Hmm I have my own as well but manage email through MS 365. Gets a bit messy through 365.

      • How do you deal with businesses who have issues sending email to personal email domains. I've had this issue multiple times where the email just doesn't show up at all…

        • Never had this issue in recent years with a private domain.

    • +1

      Many email services allow you to add a +phrase into your email too.
      eg. if your email is [email protected], you will also receive emails addressed to [email protected] for example. You can set filters based on this. There are a few websites that don't recognise the + sign as being a legitimate email address, but those are in the minority.

  • I don't see how anyone could fall for this scam. I mean the most basic of interaction ought to finish it. Simply asking "Can you show me this evidence?"

    There are just so many holes in this sort of scam. The major one should be evident to anyone with more than 2 brain cells. That is, here you are presented with something from an obvious low-life, yet you think they will delete your stuff if you pay?

    Having said that, there are people who buy iTunes cards for the tax office …

  • I know it isn't true especially when I use shopback on a desktop with no camera or microphone. If they got something then they got nothing.

  • +5

    Is it possible to reply to say "If it all the same to you, please include a link to my onlyfans account. Thanks and take care."

  • My 12 year old got one of these emails and really freaked out. I told him to tell the spammer to go ahead. It will increase your subscribers.

  • -3

    Yes… and OzBargain should be ashamed of themselves…

    I thought this platform was safe.

    I had a hell of a time with unwanted marketing phone calls, and thought I fixed it. Then suddenly, in clicking on an OZBARGAIN link, then again, I started to receive non stop texting, phone messages, you name it.

    STOP IT OzBargain… you know who these people are and YPU gave them my personal details.

Login or Join to leave a comment