What you missed is that the scam included a password that this guy used only on this and some four other mailman lists so this suggests one of these has been compromised --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of peter h <peter@hk.ipsec.se> Sent: Tuesday, October 23, 2018 2:19 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Mailman Yes, we have. This is a Ccommon hoax send as SPAM and the intention is to scare folks to pay. SPAM is the problem here! On Monday 22 October 2018 07.50, ac wrote:
Hi All,
I will be repeating this post on four Mailman mailing lists....
I received one of these: "I hacked your account, here is your password and pay me bitcoin" scam emails - to andre@ox.co.za with the password I used on anti-abuse-wg@ripe.net (and three other Mailman lists only...)
As I use different passwords, change my passwords (up to now, except for mailing lists), every 7 to 30 days, I am usually able to know exactly where, when so that I can go look for the how, etc. As unfortunately I used the same email and same password on four lists, I do not know which list data has been compromised.
If anyone else receives similar email with a password used on anti-abuse, please let us know...
For abuse discussion purposes: With which frequency should one change mailing list passwords? And, is it even that important? Compromising a mailing list password allows whomever to change my digest options and nothing much else, so, does it really matter?
One should have one password for each mailing list (and not one for four...) but, is it important enough, in terms of abuse itself, to even change these monthly? or maybe yearly? or maybe not at all?
Andre
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )