Forum Discussion

Webber17's avatar
Webber17
Tuning in
4 months ago
Solved

Old Virginmedia email account hacked. Threatening emails received demanding money in Bitcoin

I have a very old Virginmedia.com email address. I no longer have any Virgin services but have been able to continue to use the email address. Unfortunately my account has been hacked. We are receiving many phishing emails but in the last 3 days have received two demanding money in Bitcoin.

Some of my online accounts are still using the Virginmedia email address as part of the login process. Which is a problem I don't know how to solve.

 I can’t log into Virginmedia.com  to change the password as the email is no longer recognised.  We have not been with Virginmedia for about 7 years since moving house to an area without Virginmedia services. 

Can you help please?

 


  • Webber17 wrote:

    The email they sent confirms they know the password to the virginmedia email account. So they have hacked it? Is that right?


    As goslow has posted, no it isn't.

    Over the years many people who have received that type of scam email have noted that the password quoted by the scammer is not actually their email password.

    In most cases it's the password they use (in conjunction with their email address)  to access another online account. In fact, even then, they often say that it's an old password that they changed a long time ago.

    Reusing passwords on multiple accounts makes it easy for hackers and they could access  your email account if they wanted to.

    However, as goslow has said, if your VM email account has  been hacked the hacker would most likely be using it for their own illegal purposes. If you are not seeing any evidence of that then there's a chance the account as not been hacked (YET!)

    You can enter your VM email address into this website to see if it has ever been part of a data breach https://haveibeenpwned.com/ It's a well respected website by the way and it's the best way to check that.

    In fact you can also use that website to check whether your password has been part of a data breach. Check the address and password for your current email account as well. If that comes up as being pwned then change your password immediately and take advantage of any additional security, such as 2 factor authentication, that the provider offers.

    "If VM close this email account does it mean they can still use the email to try to log in to the remaining online accounts that have it as the user name?"

    Simple answer, yes.

    When you sign into an online account there is no check made to ensure the email address in the username is actually live. So, if you have reused the same password as the one quoted in the scam email with any other online accounts , then they can still access these other online accounts even if the email account gets deleted.

    So, I would suggest that your most important first step should be to update the username on all those online accounts that are still linked to your VM email address. If you cannot change the current username then you need to consider closing that online account and setting up a new one using your current email account and a brand new password.

    Coenoby

  • coenoby's avatar
    coenoby
    Very Insightful Person

    Webber17 wrote:

    Unfortunately my account has been hacked. We are receiving many phishing emails but in the last 3 days have received two demanding money in Bitcoin.

    That's a well known scam and various versions of it have been doing the rounds for several years.

    For what it's worth, the scammer has not hacked your account. They have merely spoofed your email address to make it appear they have access to the account. It's very easy for them to do that. It's just a part of their tactics to make you think they know everything about you in an attempt to encourage you to pay up.

    Some of my online accounts are still using the Virginmedia email address as part of the login process. Which is a problem I don't know how to solve.

    I can’t log into Virginmedia.com  to change the password as the email is no longer recognised.

    You will need to check the website of each of those online accounts to check the process that you need to go through to change the sign on address / username to your current email account. In many cases that process involves you signing into your online account with that organisation and:: 

    1.  filling in an online form to update your sign on / username to a new email address
    2. the organisation then sends a verification code in an email to your old email account
    3. you click on the verification code in that email or enter the code into their website to complete the change over to your new email address

    That will be a show stopper if you don't have access to your old email account. In that case you need to check with the organisation to see if there is a way round that. Every organisation is slightly different.

    We have not been with Virginmedia for about 7 years since moving house to an area without Virginmedia services.

    Sadly, as you are no longer a VM broadband customer,all VM staff can do for you is to arrange for your old VM email account to be deleted. They will not be able to allow you to regain access to he account.

    Coenoby


     

  • The email they sent confirms they know the password to the virginmedia email account. So they have hacked it? Is that right?

    If VM close this email account does it mean they can still use the email to try to log in to the remaining online accounts that have it as the user name?

    • coenoby's avatar
      coenoby
      Very Insightful Person

      Webber17 wrote:

      The email they sent confirms they know the password to the virginmedia email account. So they have hacked it? Is that right?


      As goslow has posted, no it isn't.

      Over the years many people who have received that type of scam email have noted that the password quoted by the scammer is not actually their email password.

      In most cases it's the password they use (in conjunction with their email address)  to access another online account. In fact, even then, they often say that it's an old password that they changed a long time ago.

      Reusing passwords on multiple accounts makes it easy for hackers and they could access  your email account if they wanted to.

      However, as goslow has said, if your VM email account has  been hacked the hacker would most likely be using it for their own illegal purposes. If you are not seeing any evidence of that then there's a chance the account as not been hacked (YET!)

      You can enter your VM email address into this website to see if it has ever been part of a data breach https://haveibeenpwned.com/ It's a well respected website by the way and it's the best way to check that.

      In fact you can also use that website to check whether your password has been part of a data breach. Check the address and password for your current email account as well. If that comes up as being pwned then change your password immediately and take advantage of any additional security, such as 2 factor authentication, that the provider offers.

      "If VM close this email account does it mean they can still use the email to try to log in to the remaining online accounts that have it as the user name?"

      Simple answer, yes.

      When you sign into an online account there is no check made to ensure the email address in the username is actually live. So, if you have reused the same password as the one quoted in the scam email with any other online accounts , then they can still access these other online accounts even if the email account gets deleted.

      So, I would suggest that your most important first step should be to update the username on all those online accounts that are still linked to your VM email address. If you cannot change the current username then you need to consider closing that online account and setting up a new one using your current email account and a brand new password.

      Coenoby

  • goslow's avatar
    goslow
    Alessandro Volta

    Are you seeing any other signs of scamming activity (such as your other online services/accounts being taken over or new ones being set up using the VM email address)?

    Passwords can be leaked in a variety of ways.

    Is the VM password unique only to your VM account or have used used that same VM password elsewhere as well for other sites and services?

    • Webber17's avatar
      Webber17
      Tuning in

      I can't see any evidence of any other signs of scamming activity.  (such as  other online services/accounts being taken over or new ones being set up using the VM email address.

      The VM password has been used on our other email account but we are changing those at a rapid rate. 

      There are a few accounts for hotel booking sites and similar using the old VM email address and the same password. If I log in and change the password will they 'see' it or be notified??

      The emails coming in look like they are being sent from our VM email address to the same address but I understand they are just using a different email address but making it look like ours??

      I would like to get into a position of asking VM to close that email account - but I don't want to do that if they can continue to use it together with whatever data they have manage to suck out of what they can see. 

      Can the VM Forum people be contacted somehow for some help? I see they have private messaged some people with similar problems but no-one has contacted me. 

  • goslow's avatar
    goslow
    Alessandro Volta

    Excellent advice and information from coenoby, as ever.

    • coenoby's avatar
      coenoby
      Very Insightful Person

      goslow wrote:

      Excellent advice and information from coenoby, as ever.


      Thanks for that vote of confidence 🙂. I just try give the sort of helpful and constructive advice I look for on any community forum.

      Cheers 🍻

      Coenoby

      • ALF28's avatar
        ALF28
        Super solver

        I also found the advice excellent, especially regarding changing the compromised email address  on an other accounts as it can still be used to log in.

        My VM email often gets spam/scam activity which I monitor and now use alternative emails.

        Hackers can obtain email addresses and passwords that have leaked on the dark web.

        They can also use social engineering to get data that is useful to them.

        It is wise not to use the same password mor than once.

        Also some emails using your own name may be easy for hackers to identify a person who is a target, and they may traget/hack those emails, so best to use other additional letters,numbers dots and underscores  for example as part of the email address or not using your own name but something random as long as it can be remembered easily.

        If an email is hacked the danger is that they then have your contacts and will send phishing emails.

        This therefore can become a wider issue as they can find other emails to hack

        The passwords should be strong and updated. When I checked my own VM ntlworld.com email I was surprised to find so many leaked passwords, some I recognised and were for accounts such as adobe, Linkedin, my heritage, twitter. Some were unknown so may have been were hackers had used their own password with my VM email.

        The weaker passwords can be found on a list of easy to hack passwords, so passwords need to be long and contain letters, numbers and special characters and not to use your own name as part of a password as I once did and still get blackmail email from that one.

        The problem did affect some of my other emails, as I have found where hackers may have found your other emails. I have opened  a good few new emails rather than use my ntlworld.com email which is over 20 years old.

        Even my trusted emails sometimes get phishing emails and sometimes appear genuine so any unexpected email could be phishing.