Someone Emailed Me From My Address That I Had Been Hacked And I Had To Deposit Bitcoin! What Should I Do?

Problem

I have got an email to follow the title and text that has been emailed through my address.

1. How this is possible?
2. Is my computer hacked? Is my email been hacked?
3. Is my system infected with Trojan?
4. What do I need to do?

Examples

Ex No.1
Subject: <email@example.com> is hacked
From: <email@example.com>
To: <email@example.com>

Hello!

My nickname in darknet is taddeo38.
I hacked this mailbox more than six months ago, 
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
 I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you! During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!  I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $522 is quite a fair price to destroy the dirt I created. Send the above amount on my BTC wallet (bitcoin): 19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.  Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!  Since reading this letter you have 50 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter.  I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!

Ex No.2
Subject: Change your password immediately. Your account has been hacked.
From: <email@example.com>
To: <email@example.com>

I greet you!

I have bad news for you.
11/08/2018 - on this day I hacked your operating system and got full access to your account webmaster@amnpardaz.com

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.

I want to say - you are a big pervert. You have unbridled fantasy!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $813 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 17vzpL7n29egdeJF1hvUE4tKV81MqsW4wF

You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".

I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
 This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don't be mad at me, everyone has their own work.
Farewell.


Ex No.3
Subject: emailaddress
From: <email@example.com>
To: <email@example.com>
Hello,
I am a spyware software developer. Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... 🙂
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!
So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $966 to my Bitcoin cryptocurrency wallet: 1KzMDhZLokkNd1kcxs2mgwXm97pVvnfRBC Just copy and paste the wallet number when transferring. If you do not know how to do this - ask Google.
My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!


Ex No.4
Subject: Account compromised - Password change required (email@example.com)
From: <email@example.com>
To: <email@example.com>

Hey! I compromised your account and gained full access to it. As proof, I just sent this email from your account only (notice the from email address is support@amnpardaz.com).
Let me tell you exactly how did this happen. You visited a compromised adult website sometime back, and you got infected, and then I observed every action of yours. It gave me access to all of your contacts, browsing history, your passwords, your webcam, and even your microphone.
I noticed you were trying to please yourself by watching one of those nasty videos, well my son, I recorded your actions (thanks to your webcam) and even recorded your screen (the video you were watching). Now, if you do nothing, then I will send this video to all of your email, social media and messenger contacts.
You have the option to prevent me from doing all of this. All you need to do is to make the transfer of $969 to my bitcoin address. If you don't know how to make the transfer, search google for "buy bitcoin." It is quick and easy. Trust me.
My bitcoin address to which you need to transfer is 1LupWwgsFXjfHVeeorePjrYQgMNuHzsKLs
Once I receive the transfer (i.e payment), I will delete your video and everything I have about you, and you will never hear a word from me again. My malware will also self destruct itself once I get the payment. You have 48 hours to make the payment. As I mentioned earlier, I have full access to your system. Now I know that you have read the email, so your time starts now. If you are thinking about filing a complaint, save your efforts, since it will not result in anything. This email is untraceable, remember it been sent using your account only?
Don't think about sharing this message either because in that case, I will send your video to all of your contacts.

Bye!


Ex No.5
Subject: email@example.com has been hacked, change your password ASAP
From: <email@example.com>
To: <email@example.com>

H​el​lo​,

A​s ​yo​u ​ma​y ​ha​ve​ n​ot​ic​ed​, ​I ​se​nt​ t​hi​s ​em​ai​l ​fr​om​ y​ou​r ​em​ai​l ​ac​co​un​t ​(i​f ​yo​u ​di​dn​'t​ s​ee​, ​ch​ec​k ​th​e ​fr​om​ e​ma​il​ i​d)​. ​In​ o​th​er​ w​or​ds​, ​I ​ha​ve​ f​ul​lc​ce​ss​ t​o ​yo​ur​ e​ma​il​ a​cc​ou​nt​.
I​ i​nf​ec​te​d ​yo​u ​wi​th​ a​ m​al​wa​re​ a​ f​ew​ m​on​th​s ​ba​ck​ w​he​n ​yo​u ​vi​si​te​d ​an​ a​du​lt​ s​it​e,​ a​nd​ s​in​ce​ t​he​n,​ I​ h​av​e ​be​en​ o​bs​er​vi​ng​ y​ou​r ​ac​ti​on​s.​
T​he​ m​al​wa​re​ g​av​e ​me​ f​ul​l ​ac​ce​ss​ a​nd​ c​on​tr​ol​ o​ve​r ​yo​ur​ s​ys​te​m,​ m​ea​ni​ng​, ​I ​ca​n ​se​e ​ev​er​yt​hi​ng​ o​n ​yo​ur​ s​cr​ee​n,​ t​ur​n ​on​ y​ou​r ​ca​me​ra​ o​r ​mi​cr​op​ho​n ​an​d ​yo​u ​wo​n'​t ​ev​en​ n​ot​ic​e ​ab​ou​t ​it​.
​I ​al​so​ h​av​e ​ac​ce​ss​ t​o ​al​l ​yo​ur​ c​on​ta​ct​s.
​Wh​y ​yo​ur​ a​nt​iv​ir​us​ d​id​ n​ot​ d​et​ec​t ​ma​lw​ar​e?​
I​t'​s ​si​mp​le​. ​My​ m​al​wa​re​ u​pd​at​es​ i​ts​ s​ig​na​tu​re​ e​ve​ry​ 1​0 ​mi​nu​te​s,​ a​nd​ t​he​re​ i​s ​no​th​in​g ​yo​ur​ a​nt​iv​ir​us​ c​an​ d​o ​ab​ou​t ​it​.
​I ​ma​de​ a​ v​id​eo​ s​ho​wi​ng​ b​ot​h ​yo​u ​(t​hr​ou​gh​ y​ou​r ​we​bc​am​) ​an​d ​th​e ​vi​de​o
​yo​u ​we​re​ w​at​ch​in​g ​(o​n ​th​e ​sc​re​en​) ​wh​il​e ​sa​ti​sf​yi​ng​ y​ou​rs​el​f.
W​it​h ​on​e ​cl​ic​k,​ I​ c​an​ s​en​d ​th​is​ v​id​eo​ t​o ​al​l ​yo​ur​ c​on​ta​ct​s ​(e​ma​il​, ​so​ci​al​ n​et​wo​rk​, ​an​d ​me​ss​en​ge​rs​ y​ou​ u​se​).​
​Yo​u ​ca​n ​pr​ev​en​t ​me​ f​ro​m ​do​in​g ​th​is​.
​To​ s​to​p ​me​, ​tr​an​sf​er​ $997​ t​o ​my​ b​it​co​in​ a​dd​re​ss​.
​If​ y​ou​ d​o ​no​t ​kn​ow​ h​ow​ t​o ​do​ t​hi​s,​ G​oo​gl​e ​- ​"B​uy​ B​it​co​in​".​
​My​ b​it​co​in​ a​dd​re​ss​ (​BT​C ​Wa​ll​et​) ​is 1NU15tokRymh45uiMU2GfnSwZavXmEXvJJ
​Af​te​r ​re​ce​iv​in​g ​th​e ​pa​ym​en​t,​ I​ w​il​l ​de​le​te​ t​he​ v​id​eo​,
​an​d ​yo​u ​wi​ll​ n​ev​er​ h​ea​r ​fr​om​ m​e ​ag​ai​n.
Y​ou​ h​av​e ​48​ h​ou​rs​ t​o ​pa​y.​ S​in​ce​ I​ a​lr​ea​dy​ h​av​e ​ac​ce​ss​ t​o ​yo​ur​ s​ys​te​m
I​ n​ow​ k​no​w ​th​at​ y​ou​ h​av​e ​re​ad​ t​hi​s ​em​ai​l,​ s​o ​yo​ur​ c​ou​nt​do​wn​ h​as​ b​eg​un​.
​Fi​li​ng​ a​ c​om​pl​ai​nt​ w​il​l ​no​t ​do​ a​ny​ g​oo​d
​be​ca​us​e ​th​is​ e​ma​il​ c​an​no​t ​be​ t​ra​ck​ed​.
​I ​ha​ve​ n​ot​ m​ad​e ​an​y ​mi​st​ak​es​.
I​f ​I ​fi​nd​ t​ha​t ​yo​u ​ha​ve​ s​ha​re​d ​th​is​ m​es​sa​ge​ w​it​h ​so​me​on​e ​el​se​, ​I ​wi​ll​ i​mm​ed​ia​te​ly​ s​en​d ​th​e ​vi​de​o ​to​ a​ll​ o​f ​yo​ur​ c​on​ta​ct​s.​

​Ta​ke​ c​are

Solutions

Lately, many clients have got emails such as the above email. This email is usually received on the domains of organizational/administrative and non-personal sites. The reason for receiving this email is the defect in your email server settings but does not mean to be hacked.

Maybe it is hard to believe, but as simple as the author of the email is allowed to choose and send any title and text, he is completely allowed to choose the sender’s address. The reason is that the design of the email-sending protocol goes back to the 1980s when fraud and sending spam not existed and was inspired by paper mailing. For this reason, as exactly as a paper letter that the sender’s address is not checkable, these protocols lack some important and obvious appearance.

In recent years, some attempts have been made to stop fraud and secure email protocol, one of the most important ones is Sender Policy Framework. If you received the above email, your problem may be your mail server does not use SPF authentication.

How to test and initiate SPF for domain

SPF’s philosophy is that the domain owner’s name announced that in his opinion which email addresses are allowed to send emails from its domain? For instance, if your email address is info@amnpardaz.com the domain owner name (amnpardaz.com) allows you to assign its email sender service.

How to test SPF?

Assume that your email domain is amnpardaz.com and you want to check its SPF:

1. Run cmd
2. Run nslookup -type=txt amnpardaz.com
3. The output order will be something like this:

   Non-authoritative answer: 
   amnpardaz.com text = 
   
   "v=spf1 mx -all"

4. A phrase that has been written in bold is the value of your SPF domain. If you cannot view a text= phrase in the output, that is mean your domain has no SPF.

Despite having SPF, it must be correct. For this reason, you can get help from SPF online check services.

Also, pay attention that at the end of the SPF, usually, the “-all” phrase must have been added to be effective. Without this phrase, other IPs and servers will still be allowed to send emails from your address.

How to adjust SPF for domain

To adjust the SPF you need to go to the DNS section. This panel is different based on the place it has been bought from and you need to contact your service provider, if necessary. Pay attention that one allows adjusting SPF, which is the owner of the domain name.

To adjust SPF, you need to set a DNS record from the type of TXT on your domain. So, one of these two phrases is enough in most applications:

• v=spf1 MX -all Or
• v=spf1 ip4:11.22.33.44 –all (which you replaced 11.22.33.44 by server IP).
• In a rare situation, if you use another service provider (such as Gmail, etc.) to send an email, maybe you need more advanced settings that you must follow in your service provider documents.

To be familiar with the insidious phrase of SPF and do the correct settings of the document, study the SPF documents. If you have any problem in doing this setting, seek help from a DNS service provider or relevant experts.

Last step: adjust the email server

Until now you succeed to block sending fake emails to others from your domain. But does your mail server supports SPF?

In the last step, your email server must be set to check the income SPF emails and throw away fake emails. This setting is different for each mail server and must refer to your mail server documents.