Receiving extortion emails sent from my own Plusnet email address

berylcuke · ‎13-12-2023

The subject line is: YOUR DEVICE AND EMAIL HAS BEEN COMPROMISED CHECK THIS MESSAGE NOW!

The body text is as follows:

Hello there!

Unfortunately, there are some bad news for you.
Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allowed me to access your files, accounts and your camera.
Check the sender of this email, I have sent it from your email account.
To make sure you read this email, you will receive it multiple times.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I RECORDED YOU (through your camera) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces.
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks, the darknet and to publish all your files.
All you need is $2800 USD in Bitcoin (BTC) transfer to my account.
After the transaction is successful, I will proceed to delete everything.
Be sure, I keep my promises.
You can easily buy Bitcoin (BTC) here:
https://cex.io/buy-bitcoins
https://nexo.com/buy-crypto/bitcoin-btc
https://bitpay.com/buy-bitcoin/?crypto=BTC
https://paybis.com/
https://invity.io/buy-crypto
Or simply google other exchanger.
After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.
My Bitcoin (BTC) address is: 1EV3qSyz4XKoZAWvB1eVSYqHyqCNRdv9i7
Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).
You are given not more than 3 days after you have opened this email.
As I got access to this email account, I will know if this email has already been read.
Everything will be carried out based on fairness.
An advice from me, regularly change all your passwords to your accounts and update your device with newest security patches.

jab1 · ‎24-02-2012

Didn't need the full email - just the subject line. I've had thousands of those - with different subject headers - over the last 12 months or so, and after the first one, which I read off the server i.e, didn't download it, I just bin 'em before they even reach my inbox.

John

berylcuke · ‎13-12-2023

But how did you manage to bin them before they reached your inbox? As I've said earlier in this thread, I have created rules for my email client on my PC based on the subject line, but this doesn't work for my iPhone as it's impossible to create rules in its mail app. As I only use my PC when I've got computer based work to do, I usually check my emails on my iPhone during the day and so can't avoid this blooming emails unless I block my own email address.

jab1 · ‎24-02-2012

Because I have a pre-filter program which checks incoming mail, and I can either reject it through that program, or via webmail without opening it - usually use the first option though.

I don't have my ISP-based email accounts on my phone/iPad, and as I'm retired, spend enough time in front of the laptop not to bother.

Understand what you mean about the phone though.

John

Anonymous · ‎16-12-2023

@berylcuke wrote:

... or don't they need my password to do use my email address to send me emails???

They would need your password IF they wanted to send messages from within your account ...

HOWEVER

anyone can send an email with a fake "From:" email address in the message header.

If I use Thunderbird email (as an example)

If I start to write a new email to send, I can use a custom email address (which could belong to anyone)

I don't need the associated password for that custom email address, only my own email account password for my email provider's SMTP (sending) server.

It would be trivial to have a list of email addresses from a data breach, and automatically send thousands of messages from stolen email addresses !

I have a similar problem with fake "caller ID" to my landline phone, where some clown spoofs my landline number, so when you glance at the incoming number on the ringing phone, you think "it's a local number" (so must be a neighbour), or you think "I recognise that number" (but it doesn't register that it's yours ! - because you don't expect that to happen)

berylcuke · ‎13-12-2023

Well I’m definitely learning a lot here - though I wish I’d never had to!

I’ve sort of reached the conclusion from this discussion that I’m going to have to block my own email address (which I’m assuming only blocks emails from my email address and not to my email address) and then send my regular reminders to myself from an unused old gmail address. I think that’s the simplest option all round.

The sad thing is that some people must be taken in by these scam emails and pay up. Why else would they keep doing it? Grrrrr🤬.

Anonymous · ‎16-12-2023

I have an old laptop running 24/7 doing nothing else other than processing hundreds of email filtering rules, on literally thousands of incoming emails every day (95% unwanted scams).

It means I can access my emails on any other device (without any further filtering) , knowing that what I can see has been checked as genuine before I open them, and anything dangerous or unwanted is suitably dealt with.

The same laptop does the email filtering for my kids, and elderly parents - who are all prone to trust anything they receive !

IMM · ‎11-12-2023

Is this an area where SPF (if fully implemented) would help? If the sent email does not come from an IP address listed by the (apparent) sender's domain, then the receiving email server would either flag it or refuse it?

berylcuke · ‎13-12-2023

Wow PlanetX, that’s one hell of a lot of emails! Makes my problem seem totally inconsequential.

berylcuke · ‎13-12-2023

Er, what’s SPF? And is there a way of activating it on Plusnet?

Anonymous · ‎16-12-2023

I've had some of my email addresses for 25 years, so have had a long time to escape to the internet miscreants !

It didn't help that Plusnet leaked everyone's email addresses- Plusnet could face DATA BREACH probe over SPAM HELL gripes

Townman · ‎22-08-2007

Sender Policy Framework

This has two aspects.

1. A sending domain (right hand side of the email address) specifies which SMTP servers are permitted to send email on behalf of that domain name

2. An email receiving server needs to check the senders domain for restricted sending SMTP and then decide if the email should be accepted or not

SPF has merits, is not fool proof and can have issues if implemented strictly.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

IMM · ‎11-12-2023

spf is sender policy framework https://en.wikipedia.org/wiki/Sender_Policy_Framework

I don't think PlusNet implement it on @Username.plus.com email addresses.

However my new external domain name and email host does but I'm still trying to understand fully how it works and what protection it provides.

( I was obviously a bit slow with this reply )

greygit1 · ‎26-06-2023

Catch-alls are fine until someone starts using randomised stuff before the '@'. Then that seeming usefulness becomes somewhat dimished. A domain with specified recipient addresses (and no catch-all) is so much tidier (IMO).

I think I understand why iSPs might like/prefer to operate with catchalls (where they offer subdomains or hosting forwarding onto a mail address). It simplifies configurations on the mail server s/w when the h/w is having to handle a lot. And why e-mail support is being (essentially) ring-fenced. The number of Pnet accounts using e-mail will reduce with customer turn-over (which happens).

Just my opionated tuppence-worth.

Townman · ‎22-08-2007

If you look hard enough you can find a cloud for every silver lining. The risk of spurious somethings before the @ is a much lower risk than giving everyone the same email address. As best as I can recall I’ve had only one spurious anything@ … whereas the multiple specific@ leaked by third parties have easily been directed to the blackhole.

Yes ideally specific aliases to a mailbox are preferable but cannot be made up on the fly. A third-party requests my email address and they get third-party@ there and then, no messing about setting up an alias first.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.