cancel
Showing results for 
Search instead for 
Did you mean: 

Hack or phish

Wardio2
Dabbler
Posts: 15
Thanks: 1
Registered: ‎21-03-2018

Hack or phish

On 29 Sept 20 I received an email saying I'd been hacked. It showed my email address at the top but there was no corresponding sender address. It claimed to have my password (an old one) and threatened to bombard my contact list with nasties if I didn't pay USD300 using bitcoins. It also said that they had installed malware on my computer. Should I change my email address?

6 REPLIES 6
jab1
Legend
Posts: 16,820
Thanks: 5,346
Fixes: 248
Registered: ‎24-02-2012

Re: Hack or phish

I get the odd one or two like that, @Wardio2 . My advice, FWIW, is to ignore it.

It is a pure scam, and they haven't installed malware, and hasn't got your contact list, either.

John
Longliner
Seasoned Pro
Posts: 586
Thanks: 294
Fixes: 7
Registered: ‎22-10-2014

Re: Hack or phish

What is your email provider? Two of my friends, one with .btconnect and one .btinternet, have recently had scam emails. The BT Yahoo system was plagued with scams/hacks for years, don't know whether it still has problems as I quit when BT began charging for it about 2013. I'd agree that you shouldn't worry, scammer has acquired your addy and is just trying it on.

198kHz
Seasoned Hero
Posts: 5,730
Thanks: 2,773
Fixes: 41
Registered: ‎30-07-2008

Re: Hack or phish

@Wardio2 

@jab1 is spot on - just delete, ignore and move on.

Murphy was an optimist
Zen FTTC 40/10 + Digital Voice   FRITZ!Box 7530
BT technician (Retired)
Wardio2
Dabbler
Posts: 15
Thanks: 1
Registered: ‎21-03-2018

Re: Hack or phish

Thanks guys. Really appreciate your advice!

Anonymous
Not applicable

Re: Hack or phish

Hi  Wardio2

The advise you have been given is 100% sound

I suggest if you have an email account which has the option of two-factor authentication if so I would set it up

I had as  Longliner said a btinternet.com email address which was hacked so I changed to a gmail email account which I find excellent ( I know they read your emails but as I don't do anything out of the ordinary good luck to them ) it has two-factor authentication and details of account activity so you can actually see when the account was last accessed  and by whom 

 

HD

Townman
Superuser
Superuser
Posts: 22,923
Thanks: 9,542
Fixes: 159
Registered: ‎22-08-2007

Re: Hack or phish


@Wardio2 wrote:

On 29 Sept 20 I received an email saying I'd been hacked. It showed my email address at the top but there was no corresponding sender address. It claimed to have my password (an old one)...


Now that is a little more worrying, you imply that the password was at sometime a valid password.  Have you ever used that email address / password combination anywhere other than for access your email?

If they have your email address and a valid password, it implies that somewhere you have used that email / password combination and they have leaked their data.  It you have only used it for access to your email, then your email service might have been hacked.  If you use the same email address / password combination for lots of services (Netflix, Amazon, eBay etc) then you are laying yourself open to widespread risk / abuse.

NEVER use the same email address / password combination across multiple services.  When signing up for on-line services which ask for user name (email address) and password, some people misguidedly use the email address and the password for that mailbox.  If that third party gets hacked...

  1. Your email box becomes vulnerable
  2. If you use that combination everywhere, those services also become vulnerable

By reference to "(an old one)" you imply that you have changed the password on the mailbox.  You should also change the password on any other service account which used that same old password ... and use different passwords for different services.  Alternatively use a DIFFERENT email address for each service provider, using the same password or one of a small list of passwords.

If you turn on CATCH-ALL in your email settings, an email sent to anything@youraccount.plus.com will be caught by the default mailbox.

There are different points of view about the use of catch-all - some claim it leaves you open to receiving a spectrum of incorrectly addressed emails.  Personally I feel that is a far lower security issue than using the same email address for all of the suppliers you do business with.  I use a different email address for every supplier - if I then end up in the position you are in, I would soon know which database had been hacked, for the email address would point me to the supplier.

Such has enabled me to chase at least 3 data breaches with the service provider over the years.  It can also identify where suppliers share data - I discovered that Virgin Rail and Trainline were freely exchanging data between themselves.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.