Hacked email scam

[Murray]

I had an old hotmail email hacked a while ago, it was used to send out general spam, when I noticed I changed password etc and I believe secured it

However I've gotten 3 similar emails to the one below recently, it shows as being sent from my own email address

When I check my activity logs the only person to successfully sign into my email address as far as logs go back is me; there have been attempts to auto sync from people who aren't me but they have failed

So I don't get how they're sending the email to me, or how they spoof it's email from my address?

(Obviously all the claims of hacking my computer I didn't believe for a second)

Hello!

My nickname in darknet is prentice19.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from [email protected] is _______ (wrong password)

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $866 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

 

[Systreg]

Plenty of results in Google for parts of the text from the email, for example:

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I used to use email spoofers a lot when I was baiting 419ers, I had one scammer on the hook for over 3 years, he thought he was talking to President Bush, as I originally emailed him from a White House email address, but got him to reply to me on my Yahoo email address, I told him it was for security reasons that I wanted to use Yahoo, to keep it private, and obviously, because I wouldn't get his reply if he emailed the White House haha

Scammers use spoofers in a similar way, they'll email from the spoofer, you can set the email to come from whatever email address you want it to appear to come from, and that's the address the receiver will see. In your case, they set it to your email address as the sender, to give the potential victim the idea that they're in your account, they're not.

Spammers also do the same, they'll send out thousands of spam emails and put a random email address as the sender, and when loads of the emails bounce or get rejected by spam filters, they'll counce back to the email address the spammer entered.

 

[Murray]

Plenty of results in Google for parts of the text from the email, for example:

I should say, in their first email to me they did use my correct password from when I was hacked months ago, in subsequent emails they've got it wrong, so would lend some credence that I am indeed still hacked

Thankfully I knew to check activity logs so seemed more a spoof

It's one of the more clever scamming emails

 

[Systreg]

If your email is ever hacked, and the email provider has security questions for you to set, it's important that people remember to update their security questions to something different, if you don't, the hacker can do a forgot password, enter the security questions, and get access again.

[edit]

Also, forgot to mention, change any alternate email address you have listed in your account, I know from dealing with a lot of scam victims, that they would usually change their password, but when asked if they changed their security questions and alternate emails address, their answer was no, and they found they were hacked again.

 

[Adam H]

https://www.acorndomains.co.uk/thre...ails-netlink-computer-inc.156362/#post-595493

The passwords they mention are from the Anti Combo public exposure lists, if they are sending you examples of passwords you actually still use then you should change them instantly, because the entire world knows your password / email combo.

Thats typically the result of using the same username and password on loads of different sites

 

[dee]

I had similar recently . Theres a great explanation in the thread here

https://www.acorndomains.co.uk/threads/bitcoin-ransom-emails-netlink-computer-inc.156362/

Think it was @Adam H who gave a great site to check your email.

EDIT.... Adam was replying at same time. Same thread link

 

[Andyh1]

Yes, just to reiterate the above points:

If your password has now been changed [make sure it's now a really secure one], then they no longer have access to your email account. As Systreg says, they can, however, spoof your email so it looks like their emails came from your account even though they didn't (MailChimp for example allows you to send [legitimate] emails from any email address you choose). The hackers* could actually have spoofed your email without your password - they only need to know what your email address is to send spoof emails - but of course when they have hacked your email, they have a copy of all the email addresses you have emailed in the past, so they now have a list of people to spam in your name (and their likelihood of success when spamming goes up if the spam email comes from someone the recipient knows).

Your email account will have been originally hacked because you will have used your email account's previous password somewhere else online, and that 'somewhere else online' was then hacked. The hackers' software will then be crawling all the websites it can that has a login area, inputting your old email/password combo to see if they get in.

In my view, for what it's worth, I think there is merit in biting the bullet and starting a new email address and slowly telling everyone you know that you're now on the new email account. Even if it takes 6 months with both email accounts running in parallel until everyone has stopped emailing your old account. Then ditch it.

Before you do the above make sure that you have a different password for every login you have. There's one thing you can be absolutely sure of: some of your passwords that you use on websites or apps etc will be hacked in the future, so if the password they get doesn't work anywhere else, you have at least contained the problem.

*I use the term 'hackers' but this isn't a human being trying to get into your account, or send you emails - it's a bit of software that's spamming ginormous lists of people hoping to get a result.

 

[Darren]

Seems to be working 1.79 BTC in the wallet mentioned.

https://bitref.com/1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH

 

[Skinner]

Worth having a check on https://hacked-emails.com/check_email/ to see where your account is explosed AND verified logins.

 

[Murray]

Thanks guys, dropbox was the problem

Got three emails, two different bitcoin addresses, seem they are getting some money

1PL9ewB1y3iC7EyuePDoPxJjwC4CgAvWTo - received 1.74942477

1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH - received 1.79670783

But I'm not sure if this is something to trick people further? like if people check them and go "oh.. other people have paid, I should too" type of thing

In their original email I feel like they should take some more risks with their mystic meg strategy, maybe mention porn streaming sites "I see you've been "enjoying" some very unusual material on pornhub" that would have a high % hit rate and make it seem more genuine lol

 

[dee]

But I'm not sure if this is something to trick people further? like if people check them and go "oh.. other people have paid, I should too" type of thing

I suspect anyone that is savvy enough to be able to check a wallet contents would be savvy enough to realise its probably a scam or at least do some research.

Robbing scum w*****s

 

[seemly]

Worth having a check on https://hacked-emails.com/check_email/ to see where your account is explosed AND verified logins.

Interesting. Using this tool resulted in me finding out that caught.co.uk had a leak in June 2018 that I never knew about.

 

[RobM]

Just as an aside this site https://haveibeenpwned.com/ is better as you don't have to wait for verification emails

 

[Skinner]

@RobM that site doesn't tell you where and when does it ? least I couldn't see it.

 

[RobM]

Yes scroll down to where it says:

Breaches you were pwned in

It's not a great colour scheme but shows for me below the donate button.

 

[Skinner]

It told me one of my old email addresses was pwned 23 times but only listed 8 sources. I can't find any list of the other 15, I'll have another look later.

There was a site a while ago, which you could email off the affected email address, and they would email back the associated passwords, so you knew which was compromised and where, but I can't find it now :/

 

[newguy]

I've been getting a tonne of these, featuring an old password of mine from literally years back. I think they just have access to databases of hacked emails and passwords and are trying their luck with people, who of whom won't have changed their password and so will be freaked out. Also, some of mine were spoofed from my email address, others weren't. My account certainly hasnt been hacked though. It's one of the more clever scams out there right now. I guess the take home is to make sure you have different passwords for everything.

 

[Adam H]

Official release from action fraud a few months ago : https://www.actionfraud.police.uk/a...ms-their-own-passwords-in-new-sextortion-scam

 

[Systreg]

Received one of these scam emails today, spoofed to appear to be sent from my email address at which I received it, the IP address is from Lahore, Pakistan. I'm posting it here to get indexed by Google, as it might help someone not so savvy if they do a search:

Subject: Security Alert. (my email address was here) was compromised. You need change password!

Hello!

I have very bad news for you.
09/08/2018 - on this day I hacked your OS and got full access to your account XXXXX

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $766 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1HjeDCAaEdd5JRDPHVgmLsCC7DsyHhYwM1

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck.

 

[newguy]

I've had about ten of them now, all worded slightly differently. I also get loads of dodgy 'Apple Support' emails now that somehow avoid my junk folder (outlook/hotmail). Joy of joys!