All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and
Thank you for purchasing through links and ads on this site.
diglloyd B&H Deal Finder...
Buy other stuff at
Capacities up to 56TB and speeds up to 1527MB/s
Today’s Deal Zone Items... Handpicked deals...
$280 $230
SAVE $50

$100 $100
SAVE $click

$4499 $3499
SAVE $1000

$1398 $898
SAVE $500

$649 $449
SAVE $200

$7595 $5995
SAVE $1600

$799 $499
SAVE $300

$2598 $2398
SAVE $200

$1498 $1398
SAVE $100

$249 $219
SAVE $30

$1699 $1299
SAVE $400

$21999 $19999
SAVE $2000

$8399 $7599
SAVE $800

$1149 $799
SAVE $350

$260 $180
SAVE $80

$4998 $3998
SAVE $1000

$569 $519
SAVE $50

$899 $799
SAVE $100

$2347 $1997
SAVE $350

$883 $633
SAVE $250

$1299 $949
SAVE $350

$1636 $1036
SAVE $600

$1699 $1299
SAVE $400

$1199 $1099
SAVE $100

OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available

Great for travel or for desktop!

Beware of Phishing Based on Fear of Secret Porn Behavior and Real Password Compromise

See previous security tips and previous phishing posts.

Check if you have an account that has been compromised in a data breach at

I’ve been getting variants of this email for months, as has my wife.

First email can be spoofed (“sent you an email from your account”) looks that way, but email was designed in an age of naiveté and is easily spoofed. Don’t fall for that claim.

The initial email was specific including a real, legitimate password* that I used 8 or 9 years ago. That the password was real raised a real fear in the instant I saw it—the fear of a real compromise to my computer. But since I use unique passwords for every web site, I was not concerned, just annoyed (you do use unique passwords for EVERY different web site, right?).

Over the ensuing two months, I have received perhaps 30 variants of this email. This latest one lacks the specifics of the original.

* How was that password obtained? By a compromise of a major internet service provider whose incompetence in storing cleartext passwords merits the corporate death penalty along with prison time for the executives.

The hacker was even smart enough to custom-tailor the phishing email with the brand of my router (Cisco). Very scary for the non-expert—how many people have paid up out of fear?

Since it was an old/unused password having nothing to do with my email and since I do not visit porn sites (a very good way to acquire malware) and because I also tape over the security-hazard camera on my Macs, it was clear that the email was extortion with no possibility of harm to me. Still, the specificity was chilling—it was a valid password I had once used at a certain photography site (, for not aleshame on themrting me).

The phishing email is a curious mix of helpful suggestions (“change your password”) with amusement (“big delight”), and threats (sending screen shots and videos to everyone) and rationalization for low-life scum behavior (“we all have to make a living”).

The hacker expects you to NOT notice missing details and pay up out of fear. If the compromise were real: (1) which OS?, (2) why not place a new file on the computer, proving its compromise or just encrypt everything (ransomware), (3) which porn site(s) exactly?, (4) no “sampler” screen shots. It’s all bogus—there is zero evidence of any actual compromise.

Don’t fall for it. And since a compromise could happen one day, always backup in triplicate. Not one, not two, at least three (3) backups.

Best practices follow.

Phishing email exploiting a compromised password (a legitimate one)

Best practices follow

This is not an exhaustive list.

  • NEVER use the same password for more than one web site or anything. Nor similar variants, e.g. MyDogEatsCats and MyDogEatsCats2 are (excuse me for being blunt) idiotic choices. NEVER. It’s just too huge a liability. [Aside: thank you Apple for making it a hassle to enter strong passwords on iOS].
  • A password of “me1234” or whatever might be easy to enter and is a strong tempation on an iPhone, but it sucks. Don’t do it. Use a mix of letters and numbers and punctuation at least 12 characters long and/or use a password manager so you don’t even have to know what the password is (have it generate 30 or 40 character random passwords for most things).
  • Don’t visit porn sites. Besides the obvious, they are magnets for malware.
  • Do not downoad “free” copies of commercial software. You’re a thief if you do, and you’re likely to get a well-deserved malware with it.
  • Backup in triplicate (at least) and keep at least two of these backups offline, not connected to the computer.
  • Don’t run Windoze unless it’s the latest and battened-down with anti-virus.
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.

Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!
OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.


√ No more slow and noisy hard drives!
View all handpicked deals...

SanDisk 256GB Extreme PRO UHS-I SDXC Memory Card
$100 $100
SAVE $click | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__