E-mail...from myself??

I received an E-mail from...myself... as follows:

"Dear user of hotmail.ca!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account *** Email address is removed for privacy ***: boomer (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $889 to my Bitcoin cryptocurrency wallet: 1ARbihuSkEAojNHgxsgFVKjTJDHXuimB8
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!"

Now I'm calling his bluff, but the thing is, that WAS my password on my old pc. How did he pull this off, sending me emails from me? and finding my old password?

Hi Benjamin, well done for being suspicious, you would be amazed how many users fall for this!

This is a new form of scam, they have somehow accessed some old passwords from an online source and are trying to extort payment from users

You can safely bin that Email, rest assured, they do not have access to your data, PC or accounts
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear Benjamin,

I am an independent advisor, and I am trying to help other users in Community with my experience in Microsoft products.

This is a new type of scam. But it is better to change the password to more secure as soon as possible, as account might be under hacking attempt.https://support.microsoft.com/en-gb/help/402640... Also this article is useful https://support.microsoft.com/en-gb/help/12410/...

I understand that this is frustrating to receive lots of spam and unwanted emails. It is even more frustrating to receive scams, spoofing and phishing emails. Scammers nowadays are using multiple methods to intimidate users. Recently they invented new way of spoofing your own email address. This is good explained in this (not Microsoft) article https://nakedsecurity.sophos.com/2018/10/15/bew... If you received such an email, report it and just in case change your password to more secure https://support.microsoft.com/en-gb/help/402640...

Additionally there are couple of ways to deal with scammers and unwanted emails ( I am sure that you are aware of some and you are using them, but maybe additional information in support articles will help you ):

1. First of all check your spam filters and see suggestions on how to keep spam out of your inbox https://support.office.com/en-us/article/help-k...
2. Report the phishing, spam and unwanted emails https://support.office.com/en-us/article/deal-w...
3. Add emails or domains to block sender list https://support.office.com/en-us/article/block-...
4. Create specific rules for subjects or common phrases that are present in those emails https://support.office.com/en-us/article/use-in...

Also read this information about fighting junk emails from Postmaster for Outlook https://sendersupport.olc.protection.outlook.co...

You can also check tips on how to stay safe online from Microsoft https://www.microsoft.com/en-us/digital-skills/...

Hope this will help your email free from Junk!

Please Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.
Regards,
LA
***I'm an independent advisor and I don't work for Microsoft***

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

>>
Now I'm calling his bluff, but the thing is, that WAS my password on my old pc. How did he pull this off, sending me emails from me? and finding my old password?
<<

This is a running scam that has been going on for a while. The most likely source of your email is from compromised databases from websites that have been compromised at some point (could be years ago so that would explain why the password is not current or one that was automatically generated). This could be something you did years ago.

What you need to do

#1 - Make sure that you change your password anywhere that the one included i the email has been used
#2 - Do not use the same password twice especially when involving things like credit/card, banking, PayPal, Amazon, Apple, Netflix sites etc etct
#3 - Ignore any demand for payment

You can check to see if your email address comes up on a compromised database by checking it on the following website (created by a Microsoft MVP so can definitely be trusted)

';--have i been pwned?
https://haveibeenpwned.com/

****While the spammer doesn't have access to your email account, they do have access to the password that was used when you subscribed to the compromise database so make <ABSOLUTELY> sure that this isn't a password that is currently being used anywhere as noted above

Required Forum Disclaimer:

The above link is a non-Microsoft website. The pages appear to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.
Karl Timmermans (Outlook MVP 2012-2018)
http://www.contactgenie.info

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Yeah I didn't think they did, and I learned through my own research that they have old credentials from other breaches. What they used right there was either my old neopets account, tumblr or my old myspace.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Benjamin, I am glad you are smart enough not to fall for this sort of scam, this one has a lot of users unnecessarily worried . . .
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

LOL I already was there. I got pwned on tumblr, neopets, armorgames and myspace

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

>>
LOL I already was there. I got pwned on tumblr, neopets, armorgames and myspace
<<

Just for the record, HIBP isn't a complete list of what has been compromised. I now have over 125 such emails over the past 2-3 months with varying passwords from secondary places I subscribed to at one point in my life over the years - some of which would be considered "obscure" for the general public which means the hackers are scouring the universe to pick up lists from whereever they can - both major and minor sites. Fortunately I use a password manager so can go back and check all of this stuff and make any necessary corrections accordingly - a PITA but a necessary one.
Karl Timmermans (Outlook MVP 2012-2018)
http://www.contactgenie.info

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

 
 

Question Info


Last updated May 31, 2020 Views 1,619 Applies to: