10 Email

You cannot control who calls your mobile phone or land line, but only control who you initially give your number to. Email is much the same, unfortunately someone will eventually send you a virus via email, so your best course of action is to have your email scanned for malicious content before it arrives into your inbox. This is what happens in many corporate systems and free hosted email systems like Gmail, Outlook.com and Yahoo Mail.

The problem is when you have your own domain name or use email addresses from your internet service provider (ISP) which are not scanned for viruses. Many web domain hosts offer free antivirus scanning for only the first email address that is setup or primary address. Additional addresses are chargeable, typically a few dollars each month, but enabling the service is not often obvious. If your email is not scanned before it arrives onto your computer, you are relying on your judgement and local antivirus to identify and stop any malicious attachments or links. This leaves you potentially more likely to be infected or to open links to malicious websites, as desktop antivirus rarely stops everything.

If you really must have your own custom domain for emails, consider using a 3rd party filtering service or using a premium hosted email service like Google Apps or Office365. The best way to spread viruses is still via email, so make sure you are not taking unnecessary risks. Check with whoever provides your email if you are not sure if there is any antivirus in place (no need to check Gmail, Yahoo and Outlook.com email accounts). You could also look at using a disposable email address (which is forwarded to your real email address) as the initial address you give out. Once you are happy you trust the sender, you can then update the address to your real one. Services like temp-mail.org or www.disposablemail.com allow you to create a free temporary email address, for as little as 10 mins to 2 weeks.

When it comes to your employer’s corporate email system there are a couple of important facts that you must always remember. Firstly, your emails are not private, they are the property of your employer and second, most corporate systems make an archive copy of every incoming and outgoing email, known as journaling. Often this archive copy is undeletable and in some cases like in Office365 there is a feature called ‘litigation hold’ which stops users from actually deleting any emails, though they appear to be deleted to the user.

The safest thing to do is never send personal emails using your work email address, especially with confidential personal information like pin numbers and passwords. If you are permitted, use a free hosted email system like Gmail, Outlook.com or Yahoo Mail, for anything not work related.

Also, just because your email system has antivirus filtering, it doesn’t mean it always catches everything. Take the above email that made it through our Microsoft Office 365 mail filters with a malicious word file as an attachment. Or this phishing attempt to glean Amazon credentials.

But when the original shortened bit.ly hyperlink was tested in VirusTotal, it came back all clean.

Also, if your email software is displaying a warning like the one below, please heed it. Try to keep a look out for these warnings and do not be tempted to follow the link out of curiosity.

To get around the phishing warnings and spam filters, cybercriminals may try sending emails with Adobe PDF attachments, which contain the links they are trying to get you to visit. Like this example below:

It’s all fake of course, though the bank account the cyber criminals want you to pay into will exist. Remember, be suspicious of all requests for money, and never follow the links in emails you were not expecting.

One of the little-known aspects of email is just how insecure it is and how easy it is for someone to send an email that appears to have come from your own email address. Criminals have been exploiting this for years and use this flaw in email to try to convince you that they have infected your computer. It’s all a bluff, so don’t panic. Here are a few examples of what to expect.

From: <info@booleanlogical.com>

Date: Sat, 27 Apr 2019 at 23:22

Subject: info@booleanlogical.com has been hacked, change your password ASAP

To: <info@booleanlogical.com>

Hello, 

As you may have noticed, I sent this email from your email account (if you didn't see, check the from email id). In other words, I have fullccess to your email account.

I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won't even notice about it. 

I also have access to all your contacts. 

Why your antivirus did not detect malware 

It's simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it. 

I made a video showing both you (through your webcam) and the video you were watching (on the screen) while satisfying yourself. With one click, I can send this video to all your contacts (email, social network, and messengers you use). 

You can prevent me from doing this. To stop me, transfer $979 to my bitcoin address. 

If you do not know how to do this, Google - "Buy Bitcoin". 

My bitcoin address (BTC Wallet) is 1JwCiVwbUVwsZGvFBNEj2Z3XiP4AaaSA7V 

After receiving the payment, I will delete the video, and you will never hear from me again. 

You have 48 hours to pay. Since I already have access to your system  I now know that you have read this email, so your countdown has begun. 

Filing a complaint will not do any good because this email cannot be tracked. I have not made any mistakes. 

If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts. 

Take care

This one is subtly different.

Subject: "Security alert"

As you may have noticed, I sent you an email in your account. This means that I have full access to your device and accounts. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain.

Trojan Virus gives me full access and control your devices. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware? @nswer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing h0w you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the m0use, I can send this vide0 to all your emails and contacts^.

If you want to prevent this, tr@nsfer the amount of $942 to my bitcoin* @ddress (if you do not kn0w how to do this, write to Google: "Buy Bitcoin").

My bitcoin @ddress (BTC Wallet) is: 12yCNJHAwda8Kgxv9DswpS9k16XnstSqcJ

After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed.

They may even follow up with further emails.

Subject: IGNORE AND HAVE YOUR SELF TO BLAME

THE SECOND WARNING

You ignored my first email, but I am not going to ignore your mistakes, don’t be stupid and do as I say. I know your passwords (check this email subject), I know about your daily life, your internet activities and you know nothing about me, and you must be wondering why you are getting this email, right? I installed a malware on the adult (porn) website and guess what, you visited this website to have fun (you know what I mean!). While you were watching the porn, your web browser started functioning as an RDP+keylogger, which gave me access to your display screen and camera. Right after that, my software collected all of your contacts from your Facebook account, Messenger account, and email account, then, I created a double screen video. The first part shows the video you were watching (you have a nice taste lol), and the second part shows the recording of your camera (it is you!).

You have two options -

1. First option is to ignore this email. In this case, I will send the recorded video clip of yours to all of your contacts lists, associates and social network friends. just imagine the humiliation you will feel from this. Don't forget that this can also affect your relationship as well.

2. Second option is to pay me $2000. Since you decided to ignore my first email, the price is now $3000. We will call it a donation.

In this case, I will right away delete your video and all of your information I have about you (including your contact lists) and you will never hear from me again. You can continue your daily life like this never happened. You will make the payment via bitcoin. If you do not know about bitcoin, search Google for "how to buy bitcoin". You can also get the bitcoin from sites like Bitstamp, Coinbase, Kraken, Bitcoin Atm, Localbitcoins, etc.

Bitcoin (i.e. BTC) address to which you need to send $3000 is - 

1AjJCkBTA8aPDLLCpW6Am1z1FKUEroQzeT

Send exactly 0.291578 BTC to my address so i will know is you:

1AjJCkBTA8aPDLLCpW6Am1z1FKUEroQzeT

(copy it and paste - it’s case sensitive)

If you are thinking to go to the police, good luck,I am from russia and I have taken every step  to make sure that this email cannot be traced back to me. You have 72 hours to pay me. I have a special pixel in this email, and at this moment, I know that you have read this email. Contact me on this email address chupachu147@gmail.com copy to sadiqibram01@aol.com with this subject: 012VIPERMARVO-RESTOREKEYPC4102934

After this steps you will receive through email the key and a decrypt tutorial. Remember to send the exact amount as above! This way I will know it’s from you. Do not be angry at me. This is just my job, and you are not the only person I caught. Be angry at your fantasies - if you didn’t visit those sites for adults you would have no problem.. but now...

I am waiting for your bitcoin. Remember, time is ticking..

If you receive emails similar to these, just delete them, as you can see they follow a template of sorts. They are relying on you seeing your own email address in the ‘from’ field to convince you. There is no evidence compared to a real extortion attempt, where if the criminal did actually have compromising images or video of you, they would send proof so you were in no doubt. Instead, they are hoping you panic, and maybe email them back, at which point they will try to reel you in.

Lastly, make sure you know who your email service is with and who or which company supports it. This will help protect you from falling for fake verification and password reset emails like the ones below.

Generally, beware of anything that asks you to enter your email address and password after clicking a link in an email. Look out for trigger words like verify, verification, reset, upgrade, fraud, alert, refund, payment, invoice, urgent, important or similar calls to action. Just because it looks the part, doesn’t mean it is genuine. If you are unsure, open a web browser and manually type in the website of the company concerned. Be careful with web searches as the criminals have been known to pay to be at the top of the listings, so scan through until you are confident it's the official website. From here use the ‘contact us’ info to verify if the email is genuine.

Can you spot the giveaway signs that this is a fake Yahoo Customer Support email, claiming that I need to address issues to prevent account closure?

Firstly, it’s not from Yahoo Support, and I’m not named in the To: field.

Secondly, there is no Yahoo branding and typos, e.g. RECENRTLY

Thirdly, the Scan for viruses link goes to http://huwden.buckhan.gb.net/ and has nothing to do with Yahoo.

Lastly, there is an Unsubscribe and offer small print on a final warning email!

Index or next chapter Online Privacy