Scammed on Protonmail by fake Janoshik

[Suprachica79]

Hi everyone,

just want to warn people about what just happened to me. I was conversing with Janoshik on proton mail and was hacked. The person deleted the Janoshik response and replaced it with their own btc wallet. They changed their email name to show info@janoshik.com so I was none the wiser. I thought because proton mail was secure, this wasn’t possible but apparently it is.
I sent $400 btc to what ended up being a scammers random wallet: fully thinking it was Jano. I don’t blame Jano for this - it was my fault not seeing that the name wasn’t actually who it was. I’m not a generally dumb person - but this shit can happen so to everyone else - please make sure you are actually talking to who you think you are by clicking on the email name specifically.

 

[TrennedOutLunatic]

@janoshik

 

[janoshik]

@janoshik

Yeah, we've talked in PMs before this was posted...
It was me who figured what happened

It's the same email scammer as always I assume.
Using passwords stolen from hacked forums to get into the email of the victim, then manufacturing email conversations in order to get to them BTC

 

[Suprachica79]

I think this is something that should be talked about. Had I had any information had this was a possibility, I would have been way more careful in knowing what to look for. Unfortunately, such information was only expressed to me after it happened.

 

[janoshik]

I think this is something that should be talked about. Had I had any information had this was a possibility, I would have been way more careful in knowing what to look for. Unfortunately, such information was only expressed to me after it happened.

I made a thread about it a while ago, but it died: How to not get fucked over by hackers or extortionists for the paranoid and inept at IT.

Maybe I could ask @Millard to take into consideration about it being stickied, so that it might help others in the future.

 

[TrennedOutLunatic]

Yes.

 

[Suprachica79]

Yes - that thread would have helped me immensely as this would not have happened had I read and followed even half of that. It seems like common sense, but for people who are not used to dealing with shady shit, it isn’t.

 

[TrennedOutLunatic]

I would have fucked this up too,for sure.
Thanks for the heads up.

 

[NorthMich]

Oh man... ProtonMail?

 

[FR0Z3N_B0MB3RRR]

Yes - that thread would have helped me immensely as this would not have happened had I read and followed even half of that. It seems like common sense, but for people who are not used to dealing with shady shit, it isn’t.

Very thanks for this post..
@janoshik how can someone else have your protonmail password?

 

[TrennedOutLunatic]

Very thanks for this post..
@janoshik how can someone else have your protonmail password?

I think that this is a different case.

 

[janoshik]

Very thanks for this post..
@janoshik how can someone else have your protonmail password?

There are many options, the two most common ones:

1. You make an account on a hypothetical forum in 2016. You use the same password as for your email. Hypothetical forum admin doesn't update software for 5 years and gets hacked, the hacker tries whether you have the same password for the email you registered with. Bam.

This is obviously not limited to forums, anywhere where your email and password is stored and has a security leak can be at fault...

2. You post your email somewhere public. Your password is simple, so when crawler finds your email, your password can be brute-forced (basically trying most common passwords at an insane rate until one of them works).

Of course there's also a combination of the methods possible...

 

[TrennedOutLunatic]

Yeah,that's what I mean.
It was not janoshik's mail that got hacked.

 

[janoshik]

Yeah,that's what I mean.
It was not janoshik's mail that got hacked.

Oh, right. I misunderstood the question. My email is perfectly safe, it was the (potential) client who was compromised.

 

[TrennedOutLunatic]

Oh, right. I misunderstood the question. My email is perfectly safe, it was the (potential) client who was compromised.

Yes. Shit happens.

 

[Suprachica79]

Yes - to be clear - I made some foolish choices when it comes to usernames and passwords. That will be corrected in the future.

 

[Test_Subject]

Two factor authentication is a must for anything money-related.

You can give the hacker your password and they can't do shit witbout the SMS code.

 

[GoldenJimmy]

Even better is using 2FA with an authenticator app like google authenticator. Over the years I have used SMS for 2 factor authentication for so many sites that I feel I am stuck with my mobile number forever.

If you do go the authenticator app route make sure you back it up or have a way to recover the authenticator app’s database when you get a new phone.

 

[MindlessWork]

Even better is using 2FA with an authenticator app like google authenticator. Over the years I have used SMS for 2 factor authentication for so many sites that I feel I am stuck with my mobile number forever.

If you do go the authenticator app route make sure you back it up or have a way to recover the authenticator app’s database when you get a new phone.

Google and Microsoft have good authentication apps and there may be info how to move them to a new device. I have the Microsoft one for Teams access on my iPhone for example and it works.

 

[janoshik]

Even better is using 2FA with an authenticator app like google authenticator. Over the years I have used SMS for 2 factor authentication for so many sites that I feel I am stuck with my mobile number forever.

If you do go the authenticator app route make sure you back it up or have a way to recover the authenticator app’s database when you get a new phone.

I've migrated authenticator from one number to another a few weeks ago - took me less than half a minute. They made it real simple.