Avatar of c7c4c7
Flag for United States of America asked on

New email virus demanding Bit Coinc

There's a new scam out there where someone receives an email that claims that the person sending the email is going to send everyone in their contact list a message saying that the person is visting porographic web sites.  The email usually contains one of the persons valid password that is currently in use, so they definitely have been hacked somehow/somewhere.

If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information.  None of the machines show any indication of having malware/viruses on them
Security* malwareEmail Clients

Avatar of undefined
Last Comment

8/22/2022 - Mon

Make sure you have a top notch spam filter. This stuff all goes into my spam quarantine.

So Spam Control and User Education: People should delete email from strangers unopened.
David Favor

A really simply way to fix this also, is to tighten up your SPF + DKIM records, then setup DMARC to bounce all SPF + DKIM failures.

This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.

What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.

One of the persons accounts had been hacked in the past. And the party who sent you the email probably obtained that password in a list of cracked credentials they purchased.

In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

In reality it's mostly blowing smoke to see if they can get your money - That's correct nothing ever happens, they just keep sending emails

password should be discontinued - That and all other PW have been changed

One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question