A reader contacted me about a troubling email she received:
“I attached two emails that I rec’d, copied and saved and then deleted originals saying I had been hacked. I believe it is from the same person that has been sending me spam emails for two years. Is there any way thatI can check to see if anything has been added to my computer? I don’t know what to do.”
Let’s take a look at the messages. I’ve substituted her actual address with a generic one.:
Subject: account was hacked
Date: Mon, October 1, 2018 11:44 pm
To: “hostmaster” <firstname.lastname@example.org>
Hi, dear user of email.com We have installed one RAT software into you device. For this moment your email account is hacked (see on <from address>, I messaged you from your account). Your password for hostmaster I have downloaded all confidential information from your system and I got some more evidence. The most interesting moment that I have discovered are videos records where you masturbating. I posted my virus on porn site, and then you installed it on your operation system. When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device. After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose. For the moment, the software has collected all your contact information from social networks and email addresses. If you need to erase all of your collected data, send me $800 in BTC (crypto currency). This is my Bitcoin wallet: 1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ You have 48 hours after reading this letter. After your transaction I will erase all your data. Otherwise, I will send video with your pranks to all your colleagues and friends!!! And henceforth be more careful! Please visit only secure sites!
And this followup:
Subject Your Account Was Hacked!
Date Fri September 28 2018 629 am
As you could probably have guessed your account email@example.com was hacked because I sent message you from it. Now I have access to you accounts! For example your password for firstname.lastname@example.org is hostmaster Within a period from July 7 2018 to September 23 2018 you were infected by the virus we’ve created through an adult website you’ve visited. So far we have access to your messages social media accounts and messengers. Moreover we’ve gotten full damps of these data. We are aware of your little and big secrets…yeah you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird you know.. But the key thing is that sometimes we recorded you with your webcam syncing the recordings with what you watched! I think you are not interested show this video to your friends relatives and your intimate one… Transfer 700 to our Bitcoin wallet 1Lughwk11SAsz54wZJ3bpGbNqGfVanMWzk If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy. I guarantee that after that we’ll erase all your “data” D A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If they are not all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.
This is another example of the blackmail scams I’ve been warning you about. (You can click here to read more about that).
They rely on a fear response that make you act without thinking. The odds are that this email isn’t coming from your email address, the scammers have just “spoofed” your address. That means, they make it appear to come from your address (or someone else’s). Most email programs give you the option to view the original source of the message. You can click here to learn how to do that.
One quick way to check is to look in the Sent folder for your email account. If you don’t see that you sent that message, it didn’t originate from your account. You should always have up-to-date security enabled for your PC but you can go ahead and run a security or malware scan just to make sure.
It’s possible these two messages aren’t even from the same scammer. These crooks tend to copy each other and scamming is really a big business these days.
One thought on “Have I been hacked?”
How can “this followup” be a followup when it has an earlier date than the first email?