Here’s a question for you.
Have you ever received an email from your own email address stating that your account has been hacked and that is why you are receiving an email from your own address? The email will typically have content in it that explains the hacker has compromised your password account and now has complete control of it. Plus, they will claim to have possession of all your client email addresses, accounts and assorted other important and critical information.
This is going to be upsetting, regardless of what you use your computer for. If you happen to be in a work environment, it could spell a particular type of disaster… if it was at all possible and true. However, you should just remain calm when you receive this type of email because, in reality, it isn’t exactly as it seems.
Go ahead and change your password to that account, just to be safe but do not become alarmed. Or at least don’t start a panic by reaching out to your clients and, telling them what has apparently happened to your email account.
Your email address was spoofed.
This happens to be a very popular method used by hackers to extort bitcoin from people who are a bit on the paranoid side or just don’t have a very good understanding about how computers operate in general. I don’t doubt that there are many victims out there who fall prey to these methods. If for argument sake, thousands of these kinds of emails are being sent daily, I would hazard a guess that probably at least 50 will take the bait.
So, what is email spoofing?
It’s just the way hackers are capable of tricking spam filters and using any information they want in the headers of the email.
Here is an example:
Received: from [11.22.33.44] (11.22.33.44.yourdomain.com [11.22.33.44])
(Authenticated sender: support@yourdomain.com)
by something.servername.com (Postfix) with ESMTPA;
Sat, 1 Jul 2019 14:21:13 +0000 (UTC)
This shows that the sender domain will be your domain.
Hackers are a sneaky and clever bunch and as such, they will always find ways to trick machines to do the dirty work for them. Any time you receive an email that shows it has come from your email address, it should be a clue to you that someone is trying to play a game with you.
Hackers are claiming to know my password.
Now you’ve received an email from a hacker and not only are they indicating they have access to your email account, but they also show that they know your password. However, the password is an old one you once used several years ago and have not used since.
What is going on?
These passwords happen to be available from an online database. By sending it to you, the hacker hopes to scare you enough into believing their story and that you’ll send them bitcoin to leave you alone.
What are these databases that have my old passwords?
Data breaches are not uncommon and have happened with Fitness Apps, Home Depot, Twitter and a long list of other companies over the past decade. Regardless of the fact that these breaches may have taken place a few years in the past, it can take years before your information will actually end up posted on one of these shady databases. For example, one of my hacked accounts was from nine years ago.
So, here’s the deal. The hackers who send you an old password of yours claiming to know anything about you first off, do not know your real password. It also means that they do not have access to your account.
But to be safe, it wouldn’t hurt to change your password anyway. Give yourself a bit of relief by making it a long password with numbers, upper and lower case letters and even punctuation marks.
As it turns out, scams like these are the easiest tools that hackers will use to get your hard earned money because they know that there are enough computer users out there who will get scared and comply. In other words, don’t fall victim to something that isn’t really happening. Do not pay these con artists a single dime.
At the end of the day, it is wise to be cautious but not to be overly paranoid. Educate yourself and stay safe. Because most of us spend a great deal of time online, it is always best to know what you may be up against. The better informed you are about these types of scams, the better prepared you will be to deal with them.