cancel
Showing results for 
Search instead for 
Did you mean: 

Attempt to extort money

Buggwrit
Rising Star
Posts: 125
Thanks: 13
Fixes: 2
Registered: ‎03-02-2009

Attempt to extort money

Hi, first off I apologise for the lengthy nature of this post but I feel it's necessary to fully describe the situation so please bear with me.

As per the subject I've received several messages purporting to have hacked my email account and attempting to extort money from me. They've all been worded exactly the same and I've attached the latest one so you can see the content including the message source.

The first one of these I received used an email address alias that I only used for my Ebay account so I assumed that this account had been hacked. I changed the password, deleted the alias, created a new one then changed to that in the Ebay account.

However the most recent one has used an alias that I use for all my internet activity, i.e. forums, online shopping and communication with anyone outside my circle of friends and family. It would obviously be very inconvenient to have to change this one. I clearly can't put a spam filter on the message since the sender has, I assume, spoofed my own address (incidentally that would make it impossible to reply so his statement at the end is a bit pointless).

I say I assume he's spoofed my address because I'm also assuming that it would not have been possible for him to install a trojan simply by my reading his message. I've never clicked any links or opened any attachments.

This is really an annoyance as I'm pretty confident that he hasn't compromised my system. Nothing came of the first threat weeks ago and I've just run a full scan with Microsoft Security Essentials and downloaded the latest Microsoft Malicious Software Removal Tool with nothing found.

At this point I should state that I've never visited any of the type of sites he suggests so anything that he might have put together would have had to be fabricated. It would have been difficult for him to have accessed a webcam because I don't have one.

My biggest concerns are how he got hold of my main alias and how I can possibly block his emails. What would be really good is if his ISP could be identified so that his account could be closed but I'm guessing the web doesn't provide a mechanism to do this. I certainly don't have the knowledge to use the information in the message source to discover where it was sent from.

It would obviously be good if there was some way to stop this scumbag because he's probably sent this out to many other recipients, some of whom might be sufficiently scared to pay up.

One thing that particularly annoys me is that I raised a question about this with Plusnet after receiving the first threat requesting advice on how to handle it but have received no response, absolutely zilch. Not even an acknowledgement stating that this was not a suitable subject for a question.

Any help & advice would be gratefully received.

Moderator's note by Mike (Mav): Personal information removed (attachment) from a public forum as it contained your email address

5 REPLIES 5
Mustrum
Community Veteran
Posts: 3,554
Thanks: 1,055
Fixes: 76
Registered: ‎13-08-2015

Re: Attempt to extort money

Delete it, stop even opening such emails, don't post such things on a public forum, get more informed about using the internet and emails. Google or your preferred search engine can help!

Baldrick1
Moderator
Moderator
Posts: 11,625
Thanks: 5,166
Fixes: 415
Registered: ‎30-06-2016

Re: Attempt to extort money

Test all your email addresses by submitting them to https://haveibeenpwned.com/. Any that have been leaked should be changed. Also check that catch all is not enabled in your email account settings then forget about it. 

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Attempt to extort money

Unless the spammer has your password to these accounts you are pretty safe.

Change any email addresses & passwords to important accounts to unique passwords.

When you consider the number of advertisers accessing a typical web page or in emails that use HTML, the chances of an email address leaking are pretty high.

You need to block tracking cookies and the access by as many advertisers as possible.

It's not worth getting paranoid about - if your email addresses are "guessable" and on a big mail network, you will always get some spam.

When you say:-

I clearly can't put a spam filter on the message since the sender has, I assume, spoofed my own address (incidentally that would make it impossible to reply so his statement at the end is a bit pointless).

This is not true - you are seeing the "sent-from" address (spoofed) but any reply would go to the "reply-to" address which will be genuine. If you reply, you are proving that it is a live address and you will get a ton of spam. You need to look at the headers of the message.

 

"In The Beginning Was The Word, And The Word Was Aardvark."

Buggwrit
Rising Star
Posts: 125
Thanks: 13
Fixes: 2
Registered: ‎03-02-2009

Re: Attempt to extort money

Hi Baldrick1 and VileReynard, thank you for your contributions.

I checked with https://haveibeenpwned.com/ and found that my most-used alias has been leaked. I had a notification in October from one of the web retailers I deal with to say that their site had been breached. Fortunately it turned out that I had not performed any transactions during the period the malware was on their site so it is very unlikely that my password or card details have been compromised but they might have found my email address there.

I checked my email account settings and 'Catch All' was already turned off.

I do get a certain amount of spam, most of which I've been able to successfully filter with Thunderbird although obviously one has to be careful setting the criteria, and not make it too general, so as not to block people one wants to receive mail from. I never reply to spam and obviously never click on links or open attachments.

VileReynard, there was no 'Reply to' field in the message and so as an experiment I clicked the Reply button and my own address came up in the 'To:' field so it would not have been possible to reply even if I'd wanted to. This also means I have no information on which to set a filter unless there's something else in the header I can use.

When you refer to 'the headers of the message' do you mean what is displayed if I select View > Message Source in Thunderbird? If so I included that in my attachment but I don't know enough about the subject to make use of any of it. However I do notice that the 'Return path' also contains my email address. I presume that's the 'Reply to' field.

I do use different passwords for different sites so a breach at one site would not be too disastrous.

 

Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Attempt to extort money

Moderator's Note(s)

Thread has been locked as there are a couple of existing threads on this subject;

https://community.plus.net/t5/Email/Email-server-hacked/m-p/1596507

https://community.plus.net/t5/General-Chat/You-caught-me-doing-what/m-p/1511483

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still