c7c4c7
asked on
New email virus demanding Bit Coinc
There's a new scam out there where someone receives an email that claims that the person sending the email is going to send everyone in their contact list a message saying that the person is visting porographic web sites. The email usually contains one of the persons valid password that is currently in use, so they definitely have been hacked somehow/somewhere.
If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information. None of the machines show any indication of having malware/viruses on them
If you've run into this and discovered how they are getting the passwords I would appreciate your sharing the information. None of the machines show any indication of having malware/viruses on them
A really simply way to fix this also, is to tighten up your SPF + DKIM records, then setup DMARC to bounce all SPF + DKIM failures.
This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.
What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.
This works for the majority of this spam, as most is addressed with the same from + to address, so since you didn't send yourself this message... it will bounce, so won't even end up in your spam folder.
What I do is a bit more tricky. I setup a filter on my incoming SMTP server (MX records) which scans for the signature of this message, as they all have the same syntax. When I see the template for this spam, I bounce the message with a "Recipient no longer here" message, so eventually they will likely black list all recipients on all my mail servers.
One of the persons accounts had been hacked in the past. And the party who sent you the email probably obtained that password in a list of cracked credentials they purchased.
In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.
In reality it's mostly blowing smoke to see if they can get your money. However, don't leave things to chance. That password should be discontinued from use, especially for the email account. Also do multifactor where possible.
ASKER
In reality it's mostly blowing smoke to see if they can get your money - That's correct nothing ever happens, they just keep sending emails
password should be discontinued - That and all other PW have been changed
One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different
password should be discontinued - That and all other PW have been changed
One of the persons accounts had been hacked in the past - The people have nothing in common at this point
ISP's are different, email providers are different
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So Spam Control and User Education: People should delete email from strangers unopened.