New email virus demanding Bit Coinc

c7c4c7 used Ask the Experts™
There's a new scam out there where someone receives an email that claims that the person sending the email is going to send everyone in their contact list a message saying that the person is visting porographic web sites.  The email usually contains one of the persons valid password that is currently in use, so they definitely have been hacked somehow/somewhere.

If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information.  None of the machines show any indication of having malware/viruses on them
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Make sure you have a top notch spam filter. This stuff all goes into my spam quarantine.

So Spam Control and User Education: People should delete email from strangers unopened.
David FavorFractional CTO
Distinguished Expert 2018

A really simply way to fix this also, is to tighten up your SPF + DKIM records, then setup DMARC to bounce all SPF + DKIM failures.

This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.

What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.
Distinguished Expert 2018

One of the persons accounts had been hacked in the past. And the party who sent you the email probably obtained that password in a list of cracked credentials they purchased.

In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.


In reality it's mostly blowing smoke to see if they can get your money - That's correct nothing ever happens, they just keep sending emails

password should be discontinued - That and all other PW have been changed

One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different
Distinguished Expert 2018
I never mentioned which account got hacked, nor did I mention when. For example, it may have been their LinkedIn account from the incident a few years ago.

I recommend going to and looking up their email addresses. That should help give you more of an idea.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial