“Change your password qwerty immediately. You have been hacked.”

I've been getting these emails for a while now. If you realize that it's just a scam, they're providing a service similar to Have I Been Pwned, delivered directly to your inbox!

They&#x27;ve earned nearly 3BTC off of this scam if BitRef is accurate: <a href="https:&#x2F;&#x2F;bitref.com&#x2F;15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP" rel="nofollow">https:&#x2F;&#x2F;bitref.com&#x2F;15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP</a>

I have been getting a variation of this email for months sent to mailer-daemon@ on a mail server on a VM that hosts absolutely no personal information or credential about anyone.<p>If you Google some phrases from it it seems like it&#x27;s been going around nearly verbatim for years.<p>I think they are probing for mail servers which don&#x27;t try to force any kind of authentication on From: headers. So mailing lists would probably be a fit for them. They have no idea who their targets are. They are just looking for gullible people to scam.

I&#x27;m surprised it doesn&#x27;t include a link to a &quot;security site&quot; with a domain like &quot;passwordcheck.ru&quot; to verify that the new password is secure.<p>The thing that confuses me about this is that it includes the password. Certainly most people would go &quot;that&#x27;s not my password&quot; and ignore it. Are they trying to filter out the results to only people with atrocious passwords?

Ouch [1]<p>I like the cut of whoever sent 0.00000666 BTC&#x27;s jib.<p>[1] <a href="https:&#x2F;&#x2F;www.blockchain.com&#x2F;btc&#x2F;address&#x2F;15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP" rel="nofollow">https:&#x2F;&#x2F;www.blockchain.com&#x2F;btc&#x2F;address&#x2F;15ZHnf1MPn6ybb8yUeAoC...</a>

&gt; This is a hacker code of honor.<p>Had me right there. The entertainment value alone would be worth it, if I did not also have to calm down those (few) of my clients who are a little more, shall we say, persuadable?<p>Then out comes the &quot;good security practices&quot; text, along with credit card monitoring recommendations text, etc.<p>&quot;I know it&#x27;s true, &#x27;cause I saw it on tv.&quot; - John Fogerty

What happens if you keep sending them more &quot;incriminating information&#x2F;pics&quot;?

a lot of people get this spam. I received as similar one. it&#x27;s spam filter configuration of lkml and I doubt that it is an actual targeted attack.<p><i>&gt; After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).</i><p><i>&gt; I made a screenshot of the intimate website where you have fun (you know what it is about, right?). After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate. </i><p>+1 for social engineering.<p>and very similar to the thousands of other such mails sent out every day by scammers.

&gt; Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!<p>The most impressive part of this hack is that he got read receipts for emails!

The mysterious individual extorting me assures me that paying their ransom via bitcoin is even easier than a credit card transaction.<p>How informative and thoughtful of them.

according to blockchain dot com,<p>Total Received 2.98619488 BTC (apx $19k USD)<p>So not an unsuccessful campaign I guess

I&#x27;ve seen similar emails in my DMARC rejected email reports.<p>The unique thing about these ones is that they send it from your own address. I.e. they spoof your address so that it looks like your account really has been compromised.<p>Like this:<p>From: me@example.com<p>To: me@example.com

That btc address started receiving txs last month and has almost 3 BTC in it. At time of writing that is worth ~20k USD

So I guess the question is: was the password for that email ever qwerty or how did it end up there?

This is spam people, how easily fooled are you!?