The old NCIX compromise scam is back. Apparently, these clever hackers have found another site they were able to compromise and grab account credentials where you might have signed up for an account. The attackers then will have your e-mail address you signed up for “X” account with and the password you used on that particular website to associate it with your username/e-mail address.

You may have received an e-mail similar to this:

From: John Doe <>
To: John Doe <>
Date: Sun, 7 Oct 2018 16:02:33 -0500
Subject: Account Issue
Hi, dear user of
We have installed one RAT software into you device.
For this moment your email account is hacked (see on “from address”, I
messaged you from your account).
Your password for f3k2K2ll2! <~~~ this is a username/password that you would have created at some time with some site that was compromised by the hackers

I have downloaded all confidential information from your system and I got
some more evidence.
The most interesting moment that I have discovered are videos records where
you [are doing stuff you wouldn’t want your mom to know about].

I posted my virus on porn site, and then you installed it on your operation
When you clicked the button Play on porn video, at that moment my trojan was
downloaded to your device.
After installation, your front camera shoots video every time you
[are doing stuff you wouldn’t want your mom to know about], in addition, the software is synchronized with the video you

For the moment, the software has collected all your contact information from
social networks and email addresses.
If you need to erase all of your collected data, send me $800 in BTC (crypto
This is my Bitcoin wallet: 13cyEdT7kyH2f4j9xchvDGhv1o64MYNLUS
You have 48 hours after reading this letter.

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and

And henceforth be more careful!
Please visit only secure sites!

While I can’t recommend this practice, many people use their same password(s) for all sorts of services, which is great as far as not taxing your memory, but terrible in the sense of security.

This is basically a scare tactic with some valid true information, your username (e-mail address) and password from some site they’ve hacked in order to present you with recognizable information in order to convince you to pay the ransom.

From what I can tell by analyzing the e-mail headers from a couple of different people who have received this later lately, they scare you either by spoofing your e-mail address in the From: field, or actually use your mail server (they try the credentials they found via the site they’ve hacked).

One way to identify what site got hacked that you have an account with is to pay attention to the password they tell you, if you’ve only used it on one particular site, then you know the site was compromised and that you need to change your account there or contact the company if you’re still worried about their security breach.

Furthermore, NEVER use this password again associated with the SAME e-mail address with any other site on the Internet.

After seeing this letter, it sparked some curiosity and I found a site where you can check to see if your e-mail address shows in any data breaches:


I would at least make sure you change your passwords on any site/service that this site finds, if possible. Another thing I suggest is changing your passwords often, using unique passwords on all websites that you have some sort of account on. To make this easier, utilize a password manager!


Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more.  Give us a call for remote support or drop in to drop off.