Bitcoin Hacked Email Scam

This showed up in my inbox today. Scammers are apparently upping their game, but not by a lot. This one was rather clever though. The sender tries to convince me that my account was hacked and attempts to extort me into paying Bitcoin to the above highlighted address.

“Hello! I have bad news for you. 13/07/2018 - on this day I hacked your operating system and got full access to your account [email] On that day your account [email] password was: [password].” Quote from the extortionist

What makes the scam slightly convincing is that the password stated in the email is a legitimate password. In my case, this is a password from a very long time ago. Not only that, but this message appears to be sent from my own email address. Even the email headers look legit, but the message is sent from a spoofed address.

How’d they get the password? That’s an easy answer. My email has been exposed in at least five different security breaches — chief among them: Dropbox, Bit.ly, and Last.fm. Anyone that has access to those pawned files can troll for real passwords, emails, and other info to construct an elaborate scheme such as this one.

The Bitcoin address in question has already been reported multiple times and it’s evident that many variations of this scam have been sent to numerous people. Many people fell for this scam and paid into the wallet. What a bizarro world. This is however, a good reminder to not use the same password on multiple sites and to change passwords often.