Did My EMail Get Hacked?

NO.

It’s the Bitcoin Blackmail Email of  2018!

Did you get an email from yourself saying you were hacked you need need to pay $1000 in Bitcoins or else info about you watching porn will be released to all of your contacts?

Don’t fall for it. It’s fake and you were not hacked at all.

You’ve probably seen this poorly-worded email, and it may have even had one of your old passwords in it, to prove that they have you dead to rights. The password they have is from old data harvested from big data breaches of the past. Do not fear. It would not hurt to change your password, if it’s the same, but understand: this email is benign.

Here’s an example of the poorly-written, grammatically atrocious fake scam.

Here are some more supporting links explaining it.

http://fortune.com/2018/08/27/bitcoin-blackmail-scam-password-hacked-cam/

https://www.consumer.ftc.gov/blog/2018/08/how-avoid-bitcoin-blackmail-scam

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

“But how did they email me from my own address? Surely I’ve been hacked!”

In any email client/program, you have the ability to control what the “from” email says. See this email setup example I just did:

However, examining the original headers of the email, which are behind the scenes, we can tell it did NOT come from my email server

X-Original-To: randy@bizmarquee.com
Delivered-To: randy@bizmarquee.com
Received: from ns2.dnsprivados21.info (ns1.dnsprivados21.info [190.183.221.84]) by bizmarquee.com (Postfix)…

If we lookup the up the IP address 190.183.221.84, we see it came from Latin America. Well this clears up the horrible writing, at least! But it also proves it did not come from my own server, which is located in the USA.

So, deception with “from” email addresses is easy and anyone can do it. However, it’s also easy to figure out. A professional can quickly determine if it really came from your account or not, however.

You’ll get many of these emails over time. In short, delete them, don’t worry about them, you did not get hacked, and your secrets remain safely shrouded in darkness.