There seems to be an alarming number of scam email attempts sent from Hackers lately, and a few of them, in particular, have people extremely concerned. Scam emails are nothing new, but we have noticed a huge influx of a specific type of email since around July this year. There are a few variations of this email. However, it will generally follow these main points:
- Hello, I am a notorious hacker.
- I have infected your computer with malware, and I have used this to get embarrassing footage of you via your webcam.
- For proof, this is your password: *password here*
- For further proof, I have sent this email from your own email account. Check the sender address.
- Deposit a lot of money to my Bitcoin wallet, or I will send the footage of you to everyone you know on social media and ruin your life forever.
Below is a real-life example of one of these emails. There are always small variations, so keep in mind that this is just one example:
I’m a programmer who cracked your email account and device about half a year ago.
You entered a password on one of the insecure sites you visited, and I caught it.
Your password from (email address redacted) on the moment of crack: (password redacted)
Of course, you can change your password or already made it.
But it doesn’t matter. My rat software updates it every time.
Please don’t try to contact me or find me. It is impossible since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also, I installed rat software on your device and long tome spying for you.
You are not my only victim. I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!
I did not even know that SUCH content could be so exciting!
So, when you had fun on intimate sites (you know what I mean!) I made a screenshot using my program from the camera of your device.
After that, I joined them to the content of the currently viewed site.
It will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I’m sure you don’t want it. I definitely would not want to …
I will not do this if you pay me a small amount.
I think $824 is a nice price for it!
I accept only Bitcoins.
My BTC wallet: (Wallet Address redacted)
Suppose you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also be destroyed from your operating system.
My Trojan have an auto alert. After this email is looked at, I will know it!
You have 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning!
Various security services or antiviruses won’t help you for sure (I have already collected all your data).
Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent.
Without a doubt, the contents of the email are alarming when taken at face value. To the layperson, it understandably sounds convincing. How could they know my password and send an email from my own account if what they were saying isn’t true? Read on, and we will shed some light on the situation and the truth behind emails like this.
How is an email sent from my own email address if they don’t really have access to the account?
This is due to a technique called ‘spoofing’, and it’s surprisingly easy to do. Spoofing is when somebody forges the address of an email. This is one of the most common tactics used in phishing and spam emails. It’s very successful, and even if you know what to look out for, it may still catch you out on occasion.
You can confirm whether an email has been spoofed or not by checking the email’s “header”. If you’re not sure how to check the header of an email, MxToolBox has some great guides you can check out. You can then run the headers through their handy ‘Email Header Analyzer.
Here is a real-life example header of a spoofed scam email. Please note that certain sections have been altered or removed for the privacy of the original recipient:
Received: from b1s3-1b-syd.hosting-services.net.au
by b1s3-1b-syd.hosting-services.net.au with LMTP id KJgNBTmM1FvU3TcAM3NUgg
for < firstname.lastname@example.org >;
Received: from out06.smtpout.orange.fr ([18.104.22.168]:46953 helo=out.smtpout.orange.fr) < (This is a French IP address)
by b1s3-1b-syd.hosting-services.net.au with SMTP (TLSv1:DHE-RSA-AES128-SHA:128)
(envelope-from < email@example.com >)
Received: from ([22.214.171.124]) < (This is a Vietnamese IP address)
I have made bold the parts of the email header, which shows it to be spoofed. What we’re looking for here is the IP address (the numbers in brackets). Once you have the IP address the email was sent from, you can then check it using a geolocation IP tool to identify the origin. Our servers are all based in Australia, so if it’s an IP address from a foreign country, it wasn’t sent from your own mail server.
We’re trying to illustrate in the example header that the email was first sent by someone with a Vietnamese IP address, which was then sent from a mail service in France into the inbox. In conclusion, the email was originally sent from someone else’s email address and not from the account it claims to be from.
In cPanel, you can enable the ‘Apache SpamAssassin’ tool to help prevent spam emails from coming through. You can find and enable this under cPanel > Spam Filters.
Now, on to the other convincing aspect of this type of scam email.
How do they know my password?
When customers come to us with concerns about a spam email and ask us how their password was compromised, we often find that the password they were sent is not their current password.
The password may look familiar because of the frequent data breaches that large companies experience on an ongoing basis. These breaches can sometimes result in the leak of millions of user’s passwords to the public.
When you receive a scam email, and it includes a familiar password that you have used before or still uses, likely, the scammer has just grabbed it from a data leak of passwords.
One of the best websites for checking whether you have been part of a data leak over the years is ‘Have I Been Pwned’. All you need to do is enter your email address. The tool will then return a list of sites and services from which your email address has been leaked (and potentially other information such as your password).
If your email shows up and you have not recently updated your password, please ensure that you do so as soon as possible. Whenever your password, or a password you have used before, is emailed to you, you should immediately update that password wherever you use it.