“Your email account is hacked. Password must be changed.”

I received two emails recently sent to two different email accounts I’ve had for over 10 years.  What really got my attention was the subject line of the email address had one of my passwords in it–right there–my password.  And then they proceeded to tell me they were responsible for “cracking” my email account and device about a half a year ago.  I’ve included the email below.


From: public@mycustomdomain.com
To: public@mycustomdomain.com
Subject: public@mycustomdomain.com has password alpha852. Password must be changed.

I’m a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Your password from public@mycustomdomain.com on moment of crack: alpha852

Of course you can will change your password, or already made it.
But it doesn’t matter, my rat software update it every time.

Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I’m sure you don’t want it. I definitely would not want to …

I will not do this if you pay me a little amount.
I think $870 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: 16nc45WxBSYJ6bmcJC9bCRxQ6Z1evvtRyz

If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen – all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won’t help you for sure (I have already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.

OK, so let’s break this down:

1) Email address is accurate… and that password is a familiar one but NOT my current email password

2) The sender claims this email was sent from my very own email address to the same email address. Fortunately, I know how to look at the “metadata” behind an email address to see where the message really came from. This particular message came from an Internet address on Time Warner’s Cable Internet Service. Some poor computer somewhere is hacked and being used to SPAM me.

3) Claims to have evidence of my computer visiting “intime” (intimate) sites where the attacker made screenshots and took pictures of me with my own webcam. I know this isn’t legit and I have web filter software to protect my network from accessing pornographic sites. And I don’t have a webcam on my home PC.

4) Claims to have my contact lists and web history and threatens to expose my behavior to my contacts and relatives IF I don’t send them $870 in Bitcoin cryptocurrency. I don’t keep my contacts in the same mailbox so this isn’t legit.

5) Then threatens me with a 48 hour warning before my “dirty life” is exposed.

What can we learn from this?

1) Pornography is a serious problem and is very accessible. So this threat, combined with the disclosure of a legitimate password, improves the credibility of the claim especially if you have a history of browsing this kind of content.

2) Saving contacts from an email program or contact app is possible with older email programs. This is another important reason why you must keep your Internet facing software, like email programs and web browsers, up to date and patched with the latest version available.

3) Webcams are almost standard issue with any mobile devices. There are controls that can be configured on your operating system (Windows, MacOS, Android, iOS) to control which apps can access your camera. It is possible for an app to have accessed my camera without my knowledge. Reviewing your apps and permissions could help protect you.

4) The threat of ransomware and “rat” (remote access trojan) software is very legit. Firewalls and malicious software protection tools are essential for protection against RATs. Protecting against ransomware requires patching your human firewall with training and education on how to spot potential ransomware attacks.

5) I use a password manager to keep unique passwords for all accounts and to know when passwords are weak or old. In my case, I was able to research the password referenced by the attacker and know that this was a really old password used many years ago. The attacker obviously has my email address and password from a website that has been hacked previously. This is why it is SO important to keep unique passwords and change them with some frequency especially on sensitive websites.

In summary, we’ve got to take our online privacy serious. If you have NOT already been a victim of a cyberattack, just give it time. PLAN NOW for the worst and prepare for the inevitable.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s