There seems to be an alarming number of scam email attempts going around lately, and a few of them in particular have people extremely concerned. Scam emails are nothing new, but we have noticed a huge influx of a specific type of email since around July this year. There are a few variations of this email, however it will generally follow these main points:
Hello, I am a notorious hacker.
I have infected your computer with malware, and I have used this to get embarrassing footage of you via your webcam.
For proof, this is your password: *password here*
For further proof, I have sent this email from your own email account. Check the sender address.
Deposit a lot of money to my Bitcoin wallet, or I will send the footage of you to everyone you know on social media and ruin your life forever.
Below is a real life example of one of these emails. There are always small variations, so keep in mind that this is just one example:
I’m a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from (email address redacted) on moment of crack: (password redacted)
Of course you can will change your password, or already made it. But it doesn’t matter, my rat software update it every time.
Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you.
You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I’ve never seen anything like this! I did not even know that SUCH content could be so exciting!
So, when you had fun on intimate sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I’m sure you don’t want it. I definitely would not want to …
I will not do this if you pay me a little amount. I think $824 is a nice price for it!
I accept only Bitcoins. My BTC wallet: (Wallet Address redacted)
If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system.
My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment. If this does not happen – all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning! Various security services or antiviruses won’t help you for sure (I have already collected all your data).
Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent. Bye.
Without a doubt, the contents of the email are very disturbing when taken at face value. To the layperson it understandably sounds convincing. How could they know my password and send an email from my own account if what they were saying isn’t true? Read on and we will shed some light on the situation and what the truth is behind emails like this.
How is an email sent from my own email address if they don’t really have access to the account?
This is due to a technique called ‘spoofing’, and it’s surprisingly easy to do. Spoofing is when somebody forges the from address of an email. This is one of the most common tactics used in phishing and spam emails. It’s very successful, and even if you know what to look out for, it may still catch you out on occasion.
You can confirm whether an email has been spoofed or not by checking the email’s “header”. If you’re not sure how to check the header of an email, MxToolBox have some great guides you can check out. You can then run the headers through their very useful ‘Email Header Analyzer’.
Here is a real life example header of a spoofed scam email. Please note that certain sections have been altered or removed for the privacy of the original recipient:
Received: from b1s3-1b-syd.hosting-services.net.au
by b1s3-1b-syd.hosting-services.net.au with LMTP id KJgNBTmM1FvU3TcAM3NUgg
for < firstname.lastname@example.org >;
Received: from out06.smtpout.orange.fr ([126.96.36.199]:46953 helo=out.smtpout.orange.fr) < (This is a French IP address)
by b1s3-1b-syd.hosting-services.net.au with esmtps (TLSv1:DHE-RSA-AES128-SHA:128)
(envelope-from < email@example.com >)
Received: from ([188.8.131.52]) < (This is a Vietnamese IP address)
I have made bold the parts of the email header which shows it to be spoofed. What we’re looking for here is the IP address (the numbers in brackets). Once you have the IP address the email was sent from, you can then check it using a geolocation IP tool to identify the origin. Our servers are all based in Australia, so if it’s an IP address from a foreign country then it wasn’t sent from your own mail server.
What we’re trying to illustrate in the example header is that the email was first sent by someone with a Vietnamese IP address, which was then sent from a mail service in France into the inbox. In conclusion, the email was originally sent from someone else’s email address and not from the account it claims to be from.
In cPanel, you can enable the ‘Apache SpamAssassin’ tool to help prevent scam emails from coming through. You can find and enable this under cPanel > Spam Filters.
Now, on to the other convincing aspect of this type of scam email.
How do they know my password?
When customers come to us with concerns about a spam email, and ask us how their password was compromised, we often find that the password they were sent is not their current password.
The password may look familiar because of the frequent data breaches that large companies experience on an ongoing basis. These breaches can sometimes result in the leak of millions of user’s passwords to the public.
When you receive a scam email and it includes a familiar password that you have used before or still use, it’s likely that the scammer has just grabbed it from a data leak of passwords.
One of the best websites for checking whether you have been part of a data leak over the years is ‘Have I Been Pwned’. All you need to do is enter your email address. The tool will then return a list of sites and services that your email address has been leaked from (and potentially other information such as your password).
If your email shows up and you have not recently updated your password, please ensure that you do so as soon as possible. Anytime your password, or a password that you have used before, is emailed to you, you should immediately update that password wherever you use it.
Hopefully you can rest a little easier, knowing that these scam emails are usually nothing but a cheap trick. If you’re still in any doubt however, our 24/7 Australian technical support team are always here to put your mind at ease and investigate further for you. Please feel free to submit an eTicket, or give us a call on 13 24 85. And whatever you do, never deposit your hard-earned money into a scammer’s bitcoin wallet!