What's behind the "I sent you an email from your account" scam and what to do if you took the bait
You find an email that appears to have been sent from your account. However, it was definitely not written by you. What does this mean?
The SSPDaily website writes, "Most likely, you've encountered a fraud and blackmail attempt, and your email has been hacked. At least that's what the email will claim, in which an anonymous sender says they've hacked into your email account and device, posing a serious security threat."
The email may also threaten to leak compromising videos and demand a ransom if you don't want them published.
How to make sure that the blackmailer is telling the truth and what to do in this case?
"I sent you an email from your account"
The "I sent you a letter from your account" scam is a fraudulent scheme where cybercriminals convince a potential victim that they sent them a letter from their own account. Accordingly, the hackers claim to have access to the recipient's mailbox and have been monitoring it for several weeks or months.
They may even include the current or old account password in the email, which they allegedly received as a result of a security breach.
As a rule, blackmailers claim to have "found" you when you visited a 21+ website. The scammers also warn that they update email signatures every few hours so that no antivirus will be able to detect or remove their malware.
The goal of this performance is to make the victim feel panicked and believe that they are being spied on and controlled remotely by their device, that they have access to the camera and microphone, and the ability to block access to the computer.
As part of their threat, scammers usually claim to have obtained contact information of friends and family members of the potential victim and recorded the victim watching a video on a porn site.
If the ransom demand is not met, they promise to send the recording to everyone they know.
Undoubtedly, the ultimate goal of blackmail is money. As a ransom, criminals often ask for a few hundred to a thousand dollars and give the victim a Bitcoin wallet address to transfer the specified amount. The money must be transferred in two to three days.
At the same time, the victim is assured that after receiving the money, the video will be deleted and they will never get in touch again.
In general, emails can have different formats, but the context is always the same: threats against users with compromising videos and a ransom demand to keep the secret.
How can you tell if your email account has been hacked?
Since scammers claim to have hacked your account and gained full access, it makes sense to verify their claims.
To do this, you should review the email you received to make sure it was sent from your account. Check for spelling errors, special characters disguised as alphabets, or full stops in the middle of the email address.
In addition, check your outgoing email messages to see what was sent from your account to your account.
If your email address is different from the one used by the scammers, it's likely that it hasn't been hacked and they're just trying to scare you. However, it is possible that your mailbox has been hacked.
Scammers often add a password, claiming that it is the current or old password you used to log in. If the email contains an old password that you changed a few months ago, your account may be completely safe and the criminals got the password as a result of a common data breach. This does not threaten you in any way.
On the contrary, if the email contains your current password, it is likely that your account has been hacked.
What should you do if your account has been hacked?
If your mailbox hasn't been hacked, delete the email and block the sender so that you don't receive any more messages from them.
If fraudsters have compromised your email account, you should take a number of precautions to protect it.
First, change your password immediately.
Secondly, ask your email client to log out of your account from all devices that are currently logged in.
Third, change your email address or phone number to recover your account so that fraudsters can't change your password again.
Once you've secured your account, run a quick security scan with Microsoft Defender or another built-in security scanner. If the scanner detects a virus, follow the instructions to remove it. You can also use third-party antivirus software to remove trojans and viruses from your device.
After that, look for suspicious connections on the device and delete them. In addition, turn off or cover the webcam, mute the microphone, and disconnect the device from the Internet.
Doing so will protect your device and the data stored on it, as well as ensure your privacy.
What you should not do is transfer money to a fraudster's bitcoin wallet as 9 times out of 10 their claims are false. Don't forget to report this case to the cyber police.
How to protect your future email account
Follow these tips to ensure you never put yourself in danger again.
- Always use a strong password and never store it in your browser or a third-party password manager.
- Do not use your primary email account to sign up for suspicious websites, programs, or services.
- Set up two-factor authentication for your email account to increase its security.
- When manually registering on other platforms, do not use the same password as your email account.
- Check suspicious emails carefully for signs of phishing attacks and do not fall for them.
- If you receive an email notification that your account has been compromised, change your password immediately.