Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Hacked email scam

Discussion in 'General Board' started by Murray, Oct 29, 2018.

  1. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    I had an old hotmail email hacked a while ago, it was used to send out general spam, when I noticed I changed password etc and I believe secured it

    However I've gotten 3 similar emails to the one below recently, it shows as being sent from my own email address

    When I check my activity logs the only person to successfully sign into my email address as far as logs go back is me; there have been attempts to auto sync from people who aren't me but they have failed

    So I don't get how they're sending the email to me, or how they spoof it's email from my address?

    (Obviously all the claims of hacking my computer I didn't believe for a second)

     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    8,110
    Likes Received:
    397
    Plenty of results in Google for parts of the text from the email, for example:

    Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

    I used to use email spoofers a lot when I was baiting 419ers, I had one scammer on the hook for over 3 years, he thought he was talking to President Bush, as I originally emailed him from a White House email address, but got him to reply to me on my Yahoo email address, I told him it was for security reasons that I wanted to use Yahoo, to keep it private, and obviously, because I wouldn't get his reply if he emailed the White House haha :D

    Scammers use spoofers in a similar way, they'll email from the spoofer, you can set the email to come from whatever email address you want it to appear to come from, and that's the address the receiver will see. In your case, they set it to your email address as the sender, to give the potential victim the idea that they're in your account, they're not.

    Spammers also do the same, they'll send out thousands of spam emails and put a random email address as the sender, and when loads of the emails bounce or get rejected by spam filters, they'll counce back to the email address the spammer entered.
     
    Last edited: Oct 29, 2018
  4. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    I should say, in their first email to me they did use my correct password from when I was hacked months ago, in subsequent emails they've got it wrong, so would lend some credence that I am indeed still hacked

    Thankfully I knew to check activity logs so seemed more a spoof

    It's one of the more clever scamming emails
     
  5. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    8,110
    Likes Received:
    397
    If your email is ever hacked, and the email provider has security questions for you to set, it's important that people remember to update their security questions to something different, if you don't, the hacker can do a forgot password, enter the security questions, and get access again.

    [edit]

    Also, forgot to mention, change any alternate email address you have listed in your account, I know from dealing with a lot of scam victims, that they would usually change their password, but when asked if they changed their security questions and alternate emails address, their answer was no, and they found they were hacked again.
     
    • Useful Useful x 1
    Last edited: Oct 29, 2018
  6. Adam H

    Adam H Well-Known Member

    Joined:
    May 2014
    Posts:
    1,725
    Likes Received:
    267
    https://www.acorndomains.co.uk/thre...ails-netlink-computer-inc.156362/#post-595493

    The passwords they mention are from the Anti Combo public exposure lists, if they are sending you examples of passwords you actually still use then you should change them instantly, because the entire world knows your password / email combo.

    Thats typically the result of using the same username and password on loads of different sites
     
    • Useful Useful x 1
  7. dee

    dee Well-Known Member Acorn Supporter

    Joined:
    May 2013
    Posts:
    2,592
    Likes Received:
    404
  8. Andyh1

    Andyh1 New Member

    Joined:
    Jul 2018
    Posts:
    3
    Likes Received:
    1
    Yes, just to reiterate the above points:

    If your password has now been changed [make sure it's now a really secure one], then they no longer have access to your email account. As Systreg says, they can, however, spoof your email so it looks like their emails came from your account even though they didn't (MailChimp for example allows you to send [legitimate] emails from any email address you choose). The hackers* could actually have spoofed your email without your password - they only need to know what your email address is to send spoof emails - but of course when they have hacked your email, they have a copy of all the email addresses you have emailed in the past, so they now have a list of people to spam in your name (and their likelihood of success when spamming goes up if the spam email comes from someone the recipient knows).

    Your email account will have been originally hacked because you will have used your email account's previous password somewhere else online, and that 'somewhere else online' was then hacked. The hackers' software will then be crawling all the websites it can that has a login area, inputting your old email/password combo to see if they get in.

    In my view, for what it's worth, I think there is merit in biting the bullet and starting a new email address and slowly telling everyone you know that you're now on the new email account. Even if it takes 6 months with both email accounts running in parallel until everyone has stopped emailing your old account. Then ditch it.

    Before you do the above make sure that you have a different password for every login you have. There's one thing you can be absolutely sure of: some of your passwords that you use on websites or apps etc will be hacked in the future, so if the password they get doesn't work anywhere else, you have at least contained the problem.

    *I use the term 'hackers' but this isn't a human being trying to get into your account, or send you emails - it's a bit of software that's spamming ginormous lists of people hoping to get a result.
     
  9. Darren

    Darren Well-Known Member

    Joined:
    Feb 2008
    Posts:
    2,248
    Likes Received:
    31
  10. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,616
    Likes Received:
    140
  11. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    Thanks guys, dropbox was the problem

    Got three emails, two different bitcoin addresses, seem they are getting some money

    1PL9ewB1y3iC7EyuePDoPxJjwC4CgAvWTo - received 1.74942477

    1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH - received 1.79670783

    But I'm not sure if this is something to trick people further? like if people check them and go "oh.. other people have paid, I should too" type of thing

    In their original email I feel like they should take some more risks with their mystic meg strategy, maybe mention porn streaming sites "I see you've been "enjoying" some very unusual material on pornhub" that would have a high % hit rate and make it seem more genuine lol
     
  12. dee

    dee Well-Known Member Acorn Supporter

    Joined:
    May 2013
    Posts:
    2,592
    Likes Received:
    404
    I suspect anyone that is savvy enough to be able to check a wallet contents would be savvy enough to realise its probably a scam or at least do some research.

    Robbing scum w*****s
     
    • Agree Agree x 1
  13. seemly

    seemly Well-Known Member

    Joined:
    Feb 2011
    Posts:
    1,607
    Likes Received:
    493
    Interesting. Using this tool resulted in me finding out that caught.co.uk had a leak in June 2018 that I never knew about.
     
  14. RobM

    RobM Retired Member

    Joined:
    Mar 2012
    Posts:
    3,273
    Likes Received:
    470
  15. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,616
    Likes Received:
    140
    @RobM that site doesn't tell you where and when does it ? least I couldn't see it.
     
  16. RobM

    RobM Retired Member

    Joined:
    Mar 2012
    Posts:
    3,273
    Likes Received:
    470
    Yes scroll down to where it says:

    Breaches you were pwned in

    It's not a great colour scheme but shows for me below the donate button.
     
  17. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,616
    Likes Received:
    140
    It told me one of my old email addresses was pwned 23 times but only listed 8 sources. I can't find any list of the other 15, I'll have another look later.

    There was a site a while ago, which you could email off the affected email address, and they would email back the associated passwords, so you knew which was compromised and where, but I can't find it now :/
     
  18. newguy United Kingdom

    newguy Well-Known Member

    Joined:
    Dec 2009
    Posts:
    3,092
    Likes Received:
    122
    I've been getting a tonne of these, featuring an old password of mine from literally years back. I think they just have access to databases of hacked emails and passwords and are trying their luck with people, who of whom won't have changed their password and so will be freaked out. Also, some of mine were spoofed from my email address, others weren't. My account certainly hasnt been hacked though. It's one of the more clever scams out there right now. I guess the take home is to make sure you have different passwords for everything.
     
  19. Adam H

    Adam H Well-Known Member

    Joined:
    May 2014
    Posts:
    1,725
    Likes Received:
    267
  20. Systreg

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    8,110
    Likes Received:
    397
    Received one of these scam emails today, spoofed to appear to be sent from my email address at which I received it, the IP address is from Lahore, Pakistan. I'm posting it here to get indexed by Google, as it might help someone not so savvy if they do a search:

     
    Last edited: Dec 8, 2018
  21. newguy United Kingdom

    newguy Well-Known Member

    Joined:
    Dec 2009
    Posts:
    3,092
    Likes Received:
    122
    I've had about ten of them now, all worded slightly differently. I also get loads of dodgy 'Apple Support' emails now that somehow avoid my junk folder (outlook/hotmail). Joy of joys!