---
title: "This account has been hacked! Change all your passwords! - DP Web Design"
description: "D.P. Web Design is a web development & graphic design company in Townsville. We specialise in small business & corporate websites, CMS & E-commerce stores."
url: "https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords"
date: "2026-07-10T18:29:03+00:00"
language: "en-GB"
---

#  This account has been hacked! Change all your passwords!

####  The 'You've been looking at porn sites' scam!

[icon-calendar] Posted: November 22, 2018

This one's my favorite so far, these scammers must have put their creative thinking caps on for this one! It is so well worded, non threatening, unverifiable, great geek terminology (that we all know) and plays on most people's insecurity about sex &amp; porn. Of course I have changed the clients email address to a generic one.

[\[icon-mail\] Read The Hoax Email](#modal-content-75 "SUBJECT: your@emailaccount.com.au&nbsp;- this account has been hacked! Change all your passwords!")

Hello!

I have very bad news for you.
11/07/2018 - on this day I hacked your operating system and got full access to your account This email address is being protected from spambots. You need JavaScript enabled to view it.

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.

I want to say - you are a big, big pervert. You have unbridled fantasy!!!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I made a screenshot of your joys (using the camera of your
device) and joined all together.
It turned out beautifully, do not doubt.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $793 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 1JK55P9Lps6goSxDH13TBWbqCMi6ez4g5D

You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter.
Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".

I want you to be prudent.
\- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
\- Do not try to contact me (this is not feasible, I sent you an email from your account)
\- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don't be mad at me, everyone has their own work.
Farewell.

Great isn't it! Keep in mind there is nothing they say that can be verified. except for the fact that it looks (LOOKS) like it comes from your email address, but it doesn't. Some will even have a password attached to them that is actually an old or current password depending on how vigilant you are with changing your passwords. So this is a little scarier, if it is your password in the scam email then CHANGE YOUR PASSWORD. More than likely it is a password that you've used before on another site that would have been hacked.

You can see if any of your common username and passwords are on this hacked database here: [https://haveibeenpwned.com](https://haveibeenpwned.com/). Basically this scammer has a list of 5 billion or so hacked (and for the most part outdated) email addresses and passwords and is using a robot to send out millions of emails on a fishing expedition waiting for someone to bite.

By the way, this was the 2nd email sent to this client, the first one (that I don't have but is worded very similarly) had an email header that looked like this...

[\[icon-cog\] View The Email Header](#modal-content-184 "Email Header")

X-Kaspersky: Checking
X-Kaspersky: Checking
X-Kaspersky: Checking
X-Kaspersky: Checking
Return-Path: This email address is being protected from spambots. You need JavaScript enabled to view it.
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: from host2.dphost.com.au by host2.dphost.com.au with LMTP id eEGPDK9i1luaBDAAwFJbFw for This email address is being protected from spambots. You need JavaScript enabled to view it.; Mon, 29 Oct 2018 11:30:23 +1000
Return-Path: This email address is being protected from spambots. You need JavaScript enabled to view it.
Envelope-to: This email address is being protected from spambots. You need JavaScript enabled to view it.
Delivery-date: Mon, 29 Oct 2018 11:30:23 +1000
Received: from \[78.30.30.111\] (port=4535 helo=static.masmovil.com) by host2.dphost.com.au with esmtp (Exim 4.91) (envelope-from This email address is being protected from spambots. You need JavaScript enabled to view it.) id 1gGwNk-00DCh8-Ex for This email address is being protected from spambots. You need JavaScript enabled to view it.; Mon, 29 Oct 2018 11:30:23 +1000
Date: 29 Oct 2018 01:54:34 +0000
From: This email address is being protected from spambots. You need JavaScript enabled to view it.
X-Priority: 3
Message-ID: This email address is being protected from spambots. You need JavaScript enabled to view it.
To: This email address is being protected from spambots. You need JavaScript enabled to view it.
MIME-Version: 1.0
Content-Type: text/plain;
charset="ibm852"
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, score=13.2
X-SpamFlt-Status: Not Detected
X-KASFlt-Status: clientwebsite.com.au:7.1.1
X-KASFlt-Status: Version: 5.5.10.77
X-KASFlt-Status: {Std\_cp\_850\_852, cont}
X-KASFlt-Status: Status: trusted
X-KASFlt-Status: Method: white email list
X-KASFlt-Status: {received from trusted sender This email address is being protected from spambots. You need JavaScript enabled to view it.: white list}
X-KASFlt-Status: Rate: 0
X-Spam-Score: 132
X-KASFlt-Status: Lua profiles 130625 \[Oct 29 2018\]
X-KASFlt-Status: LuaCore: 204 204 2f584fc5d437d92fc6aea7edaff39b944687648d
X-SpamFlt-Phishing: Not Detected
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.23548
X-Spam-Bar: +++++++++++++
X-Spam-Report: Spam detection software, running on the system "host2.dphost.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\\@localhost for details. Content preview: Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Of course you can will change y Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL\_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block> for more information. \[URIs: financialwriters.com.au\]

1.3 RCVD\_IN\_RP\_RNBL RBL: Relay in RNBL, <https://senderscore.org/blacklistlookup/> \[78.30.30.111 listed in bl.score.senderscore.com\] 0.0 RCVD\_IN\_DNSWL\_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block> for more information. \[78.30.30.111 listed in list.dnswl.org\] 1.5 SPF\_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 PYZOR\_CHECK Listed in Pyzor (<https://pyzor.readthedocs.io/en/latest/>) 2.5 BITCOIN\_PAY\_ME Pay me via BitCoin 2.0 RDNS\_NONE Delivered to internal network by a host with no rDNS 1.0 FROM\_IN\_TO\_AND\_SUBJ From address is in To and Subject 3.0 BITCOIN\_MALWARE BitCoin + malware

X-Spam-Flag: YES
Subject: SPAM This email address is being protected from spambots. You need JavaScript enabled to view it. is compromised. Password must be changed

I know right, you're just thinking what does it all mean anyway? The Email header can't be faked and it tells the truth about where the emails was sent from. The scammer can add your email to the 'From:' field in the email but the header will let you know where it originated.

### Let's break this header down...

You can see the below header which tells mails comes from 78.30.30.11, this was not my client's server IP anyway, so this means they couldn't have sent it from my clients email address. So right there, case closed!

```Received: from <strong>[78.30.30.111]</strong> (port=4535 helo=static.masmovil.com) by host2.dphost.com.au with esmtp (Exim 4.91) (envelope-from <joomla-hidden-mail base="" first="eW91cg==" is-email="1" is-link="1" last="ZW1haWxhY2NvdW50LmNvbS5hdQ==" text="eW91ckBlbWFpbGFjY291bnQuY29tLmF1">This email address is being protected from spambots. You need JavaScript enabled to view it.</joomla-hidden-mail>) id 1gGwNk-00DCh8-Ex for <joomla-hidden-mail base="" first="eW91cg==" is-email="1" is-link="1" last="ZW1haWxhY2NvdW50LmNvbS5hdQ==" text="eW91ckBlbWFpbGFjY291bnQuY29tLmF1">This email address is being protected from spambots. You need JavaScript enabled to view it.</joomla-hidden-mail>; Mon, 29 Oct 2018 11:30:23 +1000``<br></br>`

Wait, you want more, also in the end of that header, you can see the email software has detected this message as spam as well.

```X-Spam-Report: Spam detection software, running on the system "host2.dphost.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. `
`Content preview: Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Of course you can will change y `
`Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0`
`URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See <a href="http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block">http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block</a> for more information. [URIs: clientwebsite.com.au] `

`1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, <a href="https://senderscore.org/blacklistlookup/">https://senderscore.org/blacklistlookup/</a> [78.30.30.111 listed in bl.score.senderscore.com] 0.0`
`RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See <a href="http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block">http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block</a> for more information. [78.30.30.111 listed in list.dnswl.org] 1.5`

`SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 `
`PYZOR_CHECK Listed in Pyzor (<a href="https://pyzor.readthedocs.io/en/latest/">https://pyzor.readthedocs.io/en/latest/</a>) 2.5 `
`BITCOIN_PAY_ME Pay me via BitCoin 2.0 `
`RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 `
`FROM_IN_TO_AND_SUBJ From address is in To and Subject 3.0 `
`BITCOIN_MALWARE BitCoin + malware``<br></br>`

Also that ip is blocked in RBL for the same kind of spamming as well and SPF check also says SOFT fail.

```RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See <a href="http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block">http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block</a> for more information. <strong>[78.30.30.111 listed in list.dnswl.org]</strong>``<br></br>`

### What do we do?

So let's get in contact with the server or hosting company and give them an ear full! Weeeeeell, It's more than likely the email came from a server that was hacked or an email account that has a low level password like 'pass1234' and it was hacked and sent out 80,000 emails before it was closed down.

### Getting caught by a scammer is usually from a lapse of judgment or just coincidental

So you can imagine if last night you decided to visit a kinky adult site for the first time and the next morning you received this email. Or you're going for a loan at ANZ and the next morning you receive one of those 'Your Loan Has Been Approved, login to see more' scams. Even the smarties can get caught out.

**Do I need to say this?**

- change passwords regularly on important sites
- use a password manager
- never share passwords to friends
- always logout when finished (when on public computers)
- every email is a scam, until proven otherwise
- don't take what I am saying here as gospel, if in doubt, talk to a professional
- If it's too good to be true, THEN IT'S A SCAM!

 [![This account has been hacked! Change all your passwords!](https://www.dpwebdesign.com.au/media/yootheme/cache/d8/envato-labs-ai-1dbbb55e-d4f5-4571-97ec-83fcab5e4e07-d8e89e69.jpg)](#js-2) ![](https://www.dpwebdesign.com.au/zoo/blogs/envato-labs-ai-1dbbb55e-d4f5-4571-97ec-83fcab5e4e07.jpg)

###  More Blogs...

 [![Why Your Website Matters More Than You Think](https://www.dpwebdesign.com.au/media/yootheme/cache/57/Why_Your_Website_Matters_More_Than_You_Think-57a5d381.jpg "Why Your Website Matters More Than You Think")](https://www.dpwebdesign.com.au/news/why-your-website-matters-more-than-you-think)

 [{tip width="300" content="Why Your Website Matters More Than You Think"}Why Your Website Matters More Than You…{/tip}](https://www.dpwebdesign.com.au/news/why-your-website-matters-more-than-you-think)

 [![Joomla 3 to Joomla 5 Upgrade: Should You Do It?](https://www.dpwebdesign.com.au/media/yootheme/cache/2c/joomla-4-0-0-beta-v3-2c27e312.jpg "Joomla 3 to Joomla 5 Upgrade: Should You Do It?")](https://www.dpwebdesign.com.au/news/joomla-3-to-joomla-5-upgrade-should-you-do-it)

 [{tip width="300" content="Joomla 3 to Joomla 5 Upgrade: Should You Do It?"}Joomla 3 to Joomla 5 Upgrade: Should…{/tip}](https://www.dpwebdesign.com.au/news/joomla-3-to-joomla-5-upgrade-should-you-do-it)

 [![Web Design Tips and Guidelines](https://www.dpwebdesign.com.au/media/yootheme/cache/cb/documents-on-minimal-web-design-2022-12-16-00-17-52-utc-900px-cbd7291e.jpg "Web Design Tips and Guidelines")](https://www.dpwebdesign.com.au/news/web-design-tips-and-guidelines)

 [{tip width="300" content="Web Design Tips and Guidelines"}Web Design Tips and Guidelines{/tip}](https://www.dpwebdesign.com.au/news/web-design-tips-and-guidelines)

 [![Trusted Website Design in Townsville](https://www.dpwebdesign.com.au/media/yootheme/cache/5e/above-view-of-open-laptop-with-flower-shop-website-2021-09-24-02-48-09-utc-900px-5e011b74.jpg "Trusted Website Design in Townsville")](https://www.dpwebdesign.com.au/news/trusted-website-design-in-townsville)

 [{tip width="300" content="Trusted Website Design in Townsville"}Trusted Website Design in Townsville{/tip}](https://www.dpwebdesign.com.au/news/trusted-website-design-in-townsville)

 [![Harnessing Mobile Power: The Imperative of Mobile-Optimised Website Design in Townsville](https://www.dpwebdesign.com.au/media/yootheme/cache/3b/search-searching-online-network-website-concept-2022-12-15-23-39-18-utc-900px-3b8357c5.jpg "Harnessing Mobile Power: The Imperative of Mobile-Optimised Website Design in Townsville")](https://www.dpwebdesign.com.au/news/harnessing-mobile-power-the-imperative-of-mobile-optimised-website-design-in-townsville)

 [{tip width="300" content="Harnessing Mobile Power: The Imperative of Mobile-Optimised Website Design in Townsville"}Harnessing Mobile Power: The Imperative…{/tip}](https://www.dpwebdesign.com.au/news/harnessing-mobile-power-the-imperative-of-mobile-optimised-website-design-in-townsville)

 [![Should I Make My Website Myself or Hire a Developer](https://www.dpwebdesign.com.au/media/yootheme/cache/28/website-development-2022-12-15-23-25-34-utc-900px-28fa5a3a.jpg "Should I Make My Website Myself or Hire a Developer")](https://www.dpwebdesign.com.au/news/should-i-make-my-website-myself-or-hire-a-developer)

 [{tip width="300" content="Should I Make My Website Myself or Hire a Developer"}Should I Make My Website Myself or Hire…{/tip}](https://www.dpwebdesign.com.au/news/should-i-make-my-website-myself-or-hire-a-developer)

 [![The Benefits of Hiring a Professional Web Designer](https://www.dpwebdesign.com.au/media/yootheme/cache/57/ben-kolde-bs2Ba7t69mM-unsplash-570f0879.jpeg "The Benefits of Hiring a Professional Web Designer")](https://www.dpwebdesign.com.au/news/the-benefits-of-hiring-a-professional-web-designer)

 [{tip width="300" content="The Benefits of Hiring a Professional Web Designer"}The Benefits of Hiring a Professional…{/tip}](https://www.dpwebdesign.com.au/news/the-benefits-of-hiring-a-professional-web-designer)

 [![Why Your Business Needs a Website, Not Just a Facebook Page](https://www.dpwebdesign.com.au/media/yootheme/cache/10/timothy-hales-bennett-OwvRB-M3GwE-unsplash-10f0693f.jpeg "Why Your Business Needs a Website, Not Just a Facebook Page")](https://www.dpwebdesign.com.au/news/why-your-business-needs-a-website-not-just-a-facebook-page)

 [{tip width="300" content="Why Your Business Needs a Website, Not Just a Facebook Page"}Why Your Business Needs a Website, Not…{/tip}](https://www.dpwebdesign.com.au/news/why-your-business-needs-a-website-not-just-a-facebook-page)

 [![Does Your Business Run Entirly on Facebook](https://www.dpwebdesign.com.au/media/yootheme/cache/cc/facecrap-cc5046a1.jpg "Does Your Business Run Entirly on Facebook")](https://www.dpwebdesign.com.au/news/does-your-business-run-entirly-on-facebook)

 [{tip width="300" content="Does Your Business Run Entirly on Facebook"}Does Your Business Run Entirly on…{/tip}](https://www.dpwebdesign.com.au/news/does-your-business-run-entirly-on-facebook)

 [![Do You Use DP Web Design Support Packages?](https://www.dpwebdesign.com.au/media/yootheme/cache/91/chat-bot-robot-welcomes-android-robotic-character-P8K9HG5-900px-91aa754d.jpg "Do You Use DP Web Design Support Packages?")](https://www.dpwebdesign.com.au/news/do-you-use-d-p-web-design-support-packages)

 [{tip width="300" content="Do You Use DP Web Design Support Packages?"}Do You Use DP Web Design Support…{/tip}](https://www.dpwebdesign.com.au/news/do-you-use-d-p-web-design-support-packages)

 [![All About Support!](https://www.dpwebdesign.com.au/media/yootheme/cache/dc/hand-wrench-robot-serviceman-worker-on-yellow-K9V8GM7-640px-dceab7a3.jpg "All About Support!")](https://www.dpwebdesign.com.au/news/all-about-support)

 [{tip width="300" content="All About Support!"}All About Support!{/tip}](https://www.dpwebdesign.com.au/news/all-about-support)

 [![This account has been hacked! Change all your passwords!](https://www.dpwebdesign.com.au/media/yootheme/cache/00/hooded-computer-hacker-hacking-network-P2V3SQY-900px-00e66d03.jpg "This account has been hacked! Change all your passwords!")](https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords)

 [{tip width="300" content="This account has been hacked! Change all your passwords!"}This account has been hacked! Change…{/tip}](https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords)

 [![Domain Name Registration Services is a SCAM!](https://www.dpwebdesign.com.au/media/yootheme/cache/7b/domain-name-registration-services-7bc41b0e.jpg "Domain Name Registration Services is a SCAM!")](https://www.dpwebdesign.com.au/news/domain-name-registration-services-is-a-scam)

 [{tip width="300" content="Domain Name Registration Services is a SCAM!"}Domain Name Registration Services is a…{/tip}](https://www.dpwebdesign.com.au/news/domain-name-registration-services-is-a-scam)

 [![Go to All About Support!](https://www.dpwebdesign.com.au/media/yootheme/cache/f6/hand-wrench-robot-serviceman-worker-on-yellow-K9V8GM7-640px-f67f7172.jpg)

 All About Support!

 Previous Article

 ](https://www.dpwebdesign.com.au/news/all-about-support)

 [![Domain Name Registration Services is a SCAM!](https://www.dpwebdesign.com.au/media/yootheme/cache/ad/domain-name-registration-services-ad3973a0.jpg)

 Domain Name Registration Services is a SCAM!

Next Article

 ](https://www.dpwebdesign.com.au/news/domain-name-registration-services-is-a-scam)

## Schema

```json
{ "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Home", "item": "https://www.dpwebdesign.com.au" }, { "@type": "ListItem", "position": 2, "name": "News, Updates & Scams", "item": "https://www.dpwebdesign.com.au/news" }, { "@type": "ListItem", "position": 3, "name": "This account has been hacked! Change all your passwords!", "item": "https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords" } ] }
```

```json
{ "@context": "https://schema.org", "@type": "Article", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords" }, "headline": "This account has been hacked! Change all your passwords!", "description": "This one's my favorite so far, these scammers must have put their creative thinking caps on for this one! It is so well worded, non threatening, unverifiable, great geek terminology (that we all know) and plays on most people's insecurity about sex &amp; porn. Of course I have changed the clients email address to a generic one. [icon-mail] Read The Hoax Email Hello! I have very bad news for you.11/07/2018 - on this day I hacked your operating system and got full access to your account This email address is being protected from spambots. You need JavaScript enabled to view it. It is useless to change the password, my malware intercepts it every time. How it was:In the software of the router to which you were connected that day, there was a vulnerability.I first hacked this router and placed my malicious code on it.When you entered in the Internet, my trojan was installed on the operating system of your device. After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a small amount of money to unlock.But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.I'm talking about sites for adults. I want to say - you are a big, big pervert. You have unbridled fantasy!!! After that, an idea came to my mind.I made a screenshot of the intimate website where you have fun (you know what it is about, right?).After that, I made a screenshot of your joys (using the camera of yourdevice) and joined all together.It turned out beautifully, do not doubt. I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.I think $793 is a very small amount for my silence.Besides, I spent a lot of time on you! I accept money only in Bitcoins.My BTC wallet: 1JK55P9Lps6goSxDH13TBWbqCMi6ez4g5D You do not know how to replenish a Bitcoin wallet?In any search engine write "how to send money to btc wallet".It's easier than send money to a credit card! For payment you have a little more than two days (exactly 50 hours).Do not worry, the timer will start at the moment when you open this letter.Yes, yes .. it has already started! After payment, my virus and dirty photos with you self-destruct automatically.Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys". I want you to be prudent.- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)- Do not try to contact me (this is not feasible, I sent you an email from your account)- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server. P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.This is a hacker code of honor. From now on, I advise you to use good antiviruses and update them regularly (several times a day)! Don't be mad at me, everyone has their own work.Farewell. Great isn't it! Keep in mind there is nothing they say that can be verified. except for the fact that it looks (LOOKS) like it comes from your email address, but it doesn't. Some will even have a password attached to them that is actually an old or current password depending on how vigilant you are with changing your passwords. So this is a little scarier, if it is your password in the scam email then CHANGE YOUR PASSWORD. More than likely&nbsp;it is a password that you've used before on another site that would have been hacked.&nbsp; You can see if any of your common username and passwords are on this hacked database here: https://haveibeenpwned.com.&nbsp;Basically this scammer has a list of 5 billion or so hacked (and for the most part outdated) email addresses and passwords and is using a robot to send out millions of emails on a fishing expedition waiting for someone to bite. By the way, this was the 2nd email sent to this client, the first one (that I don't have but is worded very similarly) had an email header that looked like this... [icon-cog] View The Email Header X-Kaspersky: Checking X-Kaspersky: Checking X-Kaspersky: Checking X-Kaspersky: Checking Return-Path: This email address is being protected from spambots. You need JavaScript enabled to view it.Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.Received: from host2.dphost.com.au by host2.dphost.com.au with LMTP id eEGPDK9i1luaBDAAwFJbFw for This email address is being protected from spambots. You need JavaScript enabled to view it.; Mon, 29 Oct 2018 11:30:23 +1000Return-Path: This email address is being protected from spambots. You need JavaScript enabled to view it.Envelope-to: This email address is being protected from spambots. You need JavaScript enabled to view it.Delivery-date: Mon, 29 Oct 2018 11:30:23 +1000Received: from [78.30.30.111] (port=4535 helo=static.masmovil.com) by host2.dphost.com.au with esmtp (Exim 4.91) (envelope-from This email address is being protected from spambots. You need JavaScript enabled to view it.) id 1gGwNk-00DCh8-Ex for This email address is being protected from spambots. You need JavaScript enabled to view it.; Mon, 29 Oct 2018 11:30:23 +1000Date: 29 Oct 2018 01:54:34 +0000From: This email address is being protected from spambots. You need JavaScript enabled to view it.X-Priority: 3Message-ID: This email address is being protected from spambots. You need JavaScript enabled to view it.To: This email address is being protected from spambots. You need JavaScript enabled to view it.MIME-Version: 1.0Content-Type: text/plain;charset="ibm852"Content-Transfer-Encoding: 7bitX-Spam-Status: Yes, score=13.2X-SpamFlt-Status: Not DetectedX-KASFlt-Status: clientwebsite.com.au:7.1.1X-KASFlt-Status: Version: 5.5.10.77X-KASFlt-Status: {Std_cp_850_852, cont}X-KASFlt-Status: Status: trustedX-KASFlt-Status: Method: white email listX-KASFlt-Status: {received from trusted sender This email address is being protected from spambots. You need JavaScript enabled to view it.: white list}X-KASFlt-Status: Rate: 0X-Spam-Score: 132X-KASFlt-Status: Lua profiles 130625 [Oct 29 2018]X-KASFlt-Status: LuaCore: 204 204 2f584fc5d437d92fc6aea7edaff39b944687648dX-SpamFlt-Phishing: Not DetectedX-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.23548X-Spam-Bar: +++++++++++++X-Spam-Report: Spam detection software, running on the system "host2.dphost.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\\@localhost for details. Content preview: Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Of course you can will change y Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: financialwriters.com.au] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [78.30.30.111 listed in bl.score.senderscore.com] 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [78.30.30.111 listed in list.dnswl.org] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 2.5 BITCOIN_PAY_ME Pay me via BitCoin 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 FROM_IN_TO_AND_SUBJ From address is in To and Subject 3.0 BITCOIN_MALWARE BitCoin + malwareX-Spam-Flag: YESSubject: SPAM This email address is being protected from spambots. You need JavaScript enabled to view it. is compromised. Password must be changed I know right, you're just thinking what does it all mean anyway? The Email header can't be faked and it tells the truth about where the emails was sent from. The scammer can add your email to the 'From:' field in the email but the header will let you know where it originated. Let's break this header down... You can see the below header which tells mails comes from 78.30.30.11, this was not my client's server IP anyway, so this means they couldn't have sent it from my clients email address. So right there, case closed! Received: from [78.30.30.111] (port=4535 helo=static.masmovil.com) by host2.dphost.com.au with esmtp (Exim 4.91) (envelope-from This email address is being protected from spambots. You need JavaScript enabled to view it.) id 1gGwNk-00DCh8-Ex for This email address is being protected from spambots. You need JavaScript enabled to view it.; Mon, 29 Oct 2018 11:30:23 +1000 Wait, you want more, also in the end of that header, you can see the email software has detected this message as spam as well. X-Spam-Report: Spam detection software, running on the system "host2.dphost.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\\@localhost for details. Content preview: Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Of course you can will change y Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: clientwebsite.com.au] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [78.30.30.111 listed in bl.score.senderscore.com] 0.0RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [78.30.30.111 listed in list.dnswl.org] 1.5SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 2.5 BITCOIN_PAY_ME Pay me via BitCoin 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 FROM_IN_TO_AND_SUBJ From address is in To and Subject 3.0 BITCOIN_MALWARE BitCoin + malware Also that ip is blocked in RBL for the same kind of spamming as well and SPF check also says SOFT fail. RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [78.30.30.111 listed in list.dnswl.org] What do we do? So let's get in contact with the server or hosting company and give them an ear full! Weeeeeell, It's more than likely the email came from a server that was hacked or an email account that has a low level password like 'pass1234' and it was hacked and sent out 80,000 emails before it was closed down. Getting caught by a scammer is usually from a lapse of judgment&nbsp;or just coincidental So you can imagine if last night you decided to visit a kinky adult site for the first time and the next morning you received this email. Or you're going for a loan at ANZ and the next morning you receive one of those 'Your Loan Has Been Approved, login to see more' scams. Even the smarties can get caught out. Do I need to say this? change passwords regularly on important sites use a password manager never share passwords to friends always logout when finished (when on public computers) every email is a scam, until proven otherwise don't take what I am saying here as gospel, if in doubt, talk to a professional If it's too good to be true, THEN IT'S A SCAM!", "image": { "@type": "ImageObject", "url": "https://www.dpwebdesign.com.au/images/zoo/blogs/2018/hooded-computer-hacker-hacking-network-P2V3SQY-900px.jpg" }, "publisher": { "@type": "Organization", "name": "DP Web Design", "logo": { "@type": "ImageObject", "url": "https://www.dpwebdesign.com.au/images/logo-on-white.png" } }, "author": { "@type": "Person", "name": "Danny Poole", "url": "https://www.dpwebdesign.com.au/news/this-account-has-been-hacked-change-all-your-passwords" }, "datePublished": "2018-11-22T04:38:33+00:00", "dateCreated": "2018-11-22T04:38:33+00:00", "dateModified": "2025-05-21T12:15:17+00:00" }
```
