New email virus demanding Bit Coinc

There's a new scam out there where someone receives an email that claims that the person sending the email is going to send everyone in their contact list a message saying that the person is visting porographic web sites.  The email usually contains one of the persons valid password that is currently in use, so they definitely have been hacked somehow/somewhere.

If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information.  None of the machines show any indication of having malware/viruses on them
c7c4c7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Make sure you have a top notch spam filter. This stuff all goes into my spam quarantine.

So Spam Control and User Education: People should delete email from strangers unopened.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
A really simply way to fix this also, is to tighten up your SPF + DKIM records, then setup DMARC to bounce all SPF + DKIM failures.

This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.

What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.
masnrockCommented:
One of the persons accounts had been hacked in the past. And the party who sent you the email probably obtained that password in a list of cracked credentials they purchased.

In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.
c7c4c7Author Commented:
In reality it's mostly blowing smoke to see if they can get your money - That's correct nothing ever happens, they just keep sending emails

password should be discontinued - That and all other PW have been changed

One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different
masnrockCommented:
I never mentioned which account got hacked, nor did I mention when. For example, it may have been their LinkedIn account from the incident a few years ago.

I recommend going to www.haveibeenpwned.com and looking up their email addresses. That should help give you more of an idea.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.