Link to home
Start Free TrialLog in
Avatar of c7c4c7
c7c4c7Flag for United States of America

asked on

New email virus demanding Bit Coinc

There's a new scam out there where someone receives an email that claims that the person sending the email is going to send everyone in their contact list a message saying that the person is visting porographic web sites.  The email usually contains one of the persons valid password that is currently in use, so they definitely have been hacked somehow/somewhere.

If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information.  None of the machines show any indication of having malware/viruses on them
Avatar of John
Flag of Canada image

Make sure you have a top notch spam filter. This stuff all goes into my spam quarantine.

So Spam Control and User Education: People should delete email from strangers unopened.
Avatar of David Favor
A really simply way to fix this also, is to tighten up your SPF + DKIM records, then setup DMARC to bounce all SPF + DKIM failures.

This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.

What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.
One of the persons accounts had been hacked in the past. And the party who sent you the email probably obtained that password in a list of cracked credentials they purchased.

In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.
Avatar of c7c4c7


In reality it's mostly blowing smoke to see if they can get your money - That's correct nothing ever happens, they just keep sending emails

password should be discontinued - That and all other PW have been changed

One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different
Avatar of masnrock
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial