My email account has been hacked and they are about to hold my account for ransom pleae help!

  • 0
  • 1
  • Problem
  • Updated 8 months ago
  • In Progress
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archiving inactive content.

I have received an email which is using my email address and they have threaten to hold my account for ransom
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
  • angry

Posted 8 months ago

  • 0
  • 1
Photo of themieleman

themieleman, Champion

  • 65,152 Points 50k badge 2x thumb
CLIENT HOLD
Your domain is on a suspended status called clienthold. For more information on this, and how to resolve this issue, please refer to this article:
https://community.homestead.com/homestead/topics/extremely_important_domain_
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
I am not able to access the link you have posted, get the message sight not available
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Are you still able to access your account? If so, please run security scans on your computer and update your account and email passwords to something you have never used before..

Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

Yes I can still access my account email and I run my security program at least once a week, but this hack still got through somehow, and I will change my access password and also my email password
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
It could have been a scam. They may not have actually gotten access to anything, just spoofed you. If you have a good scanner and update your passwords you should be ok. Just make them strong passwords.
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
After changing passwords everything seems to be working normally, thanks for all the assistance!!!
BTW, how to you access or chane a password for Roundcube, it appears that it is different from the Homestead passwords?
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

The thing that concerned me was the fact that they sent an email to me using my email address
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Do you still have it. They can make it appear that it was sent from your address, even if it was not. We would need to see the source code of the message to know if it actually used our servers or not.
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
I just received a similar email. Can I forward it to you for evaluation?
Photo of Linda6036

Linda6036

  • 154 Points 100 badge 2x thumb
i just received a similar email...i think it's a scam, because i don't visit porn sites...just want to make sure!
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

How do I send you the email? Just forward it or what?
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
You can post them here. If you use Roundcube, select the message and use the show source option. If you prefer not to post publicly, please start a private conversation.
Photo of Linda6036

Linda6036

  • 154 Points 100 badge 2x thumb
Return-Path: <linda@onesweetplum.com>
Delivered-To: linda@onesweetplum.com
Received: from bospopproxy07.eigbox.net ([10.20.15.10])
	by bospop02.eigbox.net with LMTP id gLWbEKDiKlzPEgAAetpfIw
	for <linda@onesweetplum.com>; Mon, 31 Dec 2018 22:46:40 -0500
Received: from bosmailscan10.eigbox.net ([10.20.15.10])
	by bospopproxy07.eigbox.net with LMTP id cGZ4EKDiKlxGGQAAvca6pg
	; Mon, 31 Dec 2018 22:46:40 -0500
Return-path: <linda@onesweetplum.com>
Envelope-to: linda@onesweetplum.com
Delivery-date: Mon, 31 Dec 2018 22:46:40 -0500
Received: from [10.115.3.13] (helo=smtp.maileig.com)
	by bosmailscan10.eigbox.net with esmtp (Exim)
	id 1geB0q-0004rc-0K
	for linda@onesweetplum.com; Mon, 31 Dec 2018 22:46:40 -0500
Received: from 39-144-247-190.fibertel.com.ar ([190.247.144.39])
	by bosimpinc13 with bizsmtp
	id JrmW1z01K0rDCDq01rmbBs; Mon, 31 Dec 2018 22:46:36 -0500
X-EN-SP-DIR: IN
X-EN-SP-SQ: 1
X-EN-OrigIP: 190.247.144.39
X-EN-IMPSID: JrmW1z01K0rDCDq01rmbBs
Message-ID: <B76B680BE7B40884585B38D4873BB76B@I6I8CKCKQ>
From: <linda@onesweetplum.com>
To: <linda@onesweetplum.com>
Subject: linda@onesweetplum.com was under attack! Change your access data!
Date: 31 Dec 2018 20:14:30 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $566 to my bitcoin address (if you do not know how to do this, write to Google: &#8220;Buy Bitcoin&#8221;).

My bitcoin address (BTC Wallet) is: 18eBGkYam1wjz1S77jz3VmADuYYFzhA3vB

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

Photo of Lori7898

Lori7898

  • 232 Points 100 badge 2x thumb
This is the exact message I received too!!
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

Hi, stranger!

 

I know the 9118trader, this is your password, and I sent you this message from your account.

If you have already changed your password, my malware will be intercepts it every time.

 

You may not know me, and you are most likely wondering why you are receiving this email, right?

In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).

 

While you were watching video clips,

my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

 

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

 

What I've done?

I made a double screen video.

The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people), and the second part shows the recording of your webcam.

 

What should you do?

 

Well, I think $774 (USD dollars) is a fair price for our little secret.

You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

 

BTC Address: 16LBDius3vg6ufFvnc7PGXfiTZgphuZgr5

(This is CASE sensitive, please copy and paste it)

 

Remarks:

You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

 

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.

However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

 

If you want to get proof, answer "Yes!" and resend this letter to youself.

And I will definitely send your video to your any 12 contacts.

 

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

 

Bye!

 

 

 

Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
Return-Path: <bill@sadataki.com>
Delivered-To: bill@sadataki.com
Received: from bospopproxy02.eigbox.net ([10.20.15.14])
	by bospop35.eigbox.net with LMTP id UCxEJpp8JFxFDgAAN8h8kA
	for <bill@sadataki.com>; Thu, 27 Dec 2018 02:17:46 -0500
Received: from bosmailscan14.eigbox.net ([10.20.15.14])
	by bospopproxy02.eigbox.net with LMTP id +HwyJpp8JFy0NgAAcg53ZQ
	; Thu, 27 Dec 2018 02:17:46 -0500
Return-path: <bill@sadataki.com>
Envelope-to: bill@sadataki.com
Delivery-date: Thu, 27 Dec 2018 02:17:46 -0500
Received: from [10.115.3.13] (helo=smtp.maileig.com)
	by bosmailscan14.eigbox.net with esmtp (Exim)
	id 1gcPvO-0002pa-GO
	for bill@sadataki.com; Thu, 27 Dec 2018 02:17:46 -0500
Received: from service-81.mrdv-7.mtsnet.ru ([213.87.102.81])
	by bosimpinc13 with bizsmtp
	id GvHh1z00x1lNWTZ01vHj8f; Thu, 27 Dec 2018 02:17:44 -0500
X-EN-SP-DIR: IN
X-EN-SP-SQ: 1
X-EN-OrigIP: 213.87.102.81
X-EN-IMPSID: GvHh1z00x1lNWTZ01vHj8f
Message-ID: <EE63E7006F6A8488058166090CE2EE63@sadataki.com>
From: <bill@sadataki.com>
To: "go3474" <bill@sadataki.com>
Subject: The decision to suspend your account. Waiting for payment.
Date: 27 Dec 2018 23:38:39 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Bkeshhcf hqpapa 0.4
X-EN-SR: 1

Hi, stranger!

I know the go3474, this is your password, and I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy 
(you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people),
and the second part shows the recording of your webcam.

What should you do?

Well, I think $776 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

BTC Address: 16LBDius3vg6ufFvnc7PGXfiTZgphuZgr5
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself. 
And I will definitely send your video to your any 12 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

Bye!

Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
I am unable to access Roundcube , it will not accept the password, it this password different than than my homestead PW or my email PW?
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

OK got into Roundcube and here is the source for my hacked email:


Return-Path: <sv5.a77.b42@3xp0.icu>
From: <Dickc@riteroappaloosas.com>
To: <Dickc@riteroappaloosas.com>
Subject: Dickc@riteroappaloosas.com was hacked.
Date: Sat, 1 Dec 2018 14:23:04 -0600
Message-ID: <20181201202304.D54771D75FA@pg2.3xp0.icu>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002A_01D4A12B.D6ED5250"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQK/w2tY7r35OUiT2ohtZEgKH8U07A==
X-OlkEid: 12A43789DCEEBD1B2A69714985F797D10B0DF38E

This is a multipart message in MIME format.

------=_NextPart_000_002A_01D4A12B.D6ED5250
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: 7bit

Hello!

My nickname in darknet is Exp0mIcu.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by 
me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will 
see that I sent you an email from your mailbox. (Dickc@riteroappaloosas.com)

Even if you changed the password after that - it does not matter, my virus 
intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing 
history.
Accordingly, I have the data of all your contacts, files from your computer, 
photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the 
camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price 
to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 
3Ke69oPecfzdhAhYUMCCbMSxsRuegg4m57
As soon as the above amount is received, I guarantee that the data will be 
deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your 
contacts from your device.
Also, I'll send to everyone your contact access to your email and access 
logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that 
you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't 
enter your passwords anywhere!
Good luck!

------=_NextPart_000_002A_01D4A12B.D6ED5250
Content-Type: text/html;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello!<br />
<br />
My nickname in darknet is Exp0mIcu.<br />
I hacked this mailbox more than six months ago, <br />
through it I infected your operating system with a virus (trojan) =
created by me and have been monitoring you for a long time.<br />
<br />
If you don't belive me please check 'from address' in your header, you =
will see that I sent you an email from your mailbox. =
(Dickc@riteroappaloosas.com)<br />
<br />
Even if you changed the password after that - it does not matter, my =
virus intercepted all the caching data on your computer<br />
and automatically saved access for me.<br />
<br />
I have access to all your accounts, social networks, email, browsing =
history.<br />
Accordingly, I have the data of all your contacts, files from your =
computer, photos and videos.<br />
<br />
I was most struck by the intimate content sites that you occasionally =
visit.<br />
You have a very wild imagination, I tell you!<br />
<br />
During your pastime and entertainment there, I took screenshot through =
the camera of your device, synchronizing with what you are watching.<br =
/>
Oh my god! You are so funny and excited!<br />
<br />
I think that you do not want all your contacts to get these files, =
right?<br />
If you are of the same opinion, then I think that $500 is quite a fair =
price to destroy the dirt I created.<br />
<br />
Send the above amount on my BTC wallet (bitcoin): =
3Ke69oPecfzdhAhYUMCCbMSxsRuegg4m57<br />
As soon as the above amount is received, I guarantee that the data will =
be deleted, I do not need it.<br />
<br />
Otherwise, these files and history of visiting sites will get all your =
contacts from your device.<br />
Also, I'll send to everyone your contact access to your email and access =
logs, I have carefully saved it!<br />
<br />
Since reading this letter you have 48 hours!<br />
After your reading this message, I'll receive an automatic notification =
that you have seen the letter.<br />
<br />
I hope I taught you a good lesson.<br />
Do not be so nonchalant, please visit only to proven resources, and =
don't enter your passwords anywhere!<br />
Good luck!

------=_NextPart_000_002A_01D4A12B.D6ED5250--
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
Richard, you have posted two emails. The one above looks like it was sent Dec1. Did you just open it? If it's been over 48 hrs since it was opened I would be interested to know if anything has happened yet regarding the hacker's threats.
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
I just did open it in order to send it to you; from what I'm seeing I do not see any changes to my email of the the computer programs, keeping my fingers crossed!
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
I received the same email, verbatim, as Richard has posted.
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb

Request an assist in changing my email password as well as that for my account.
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Update the email password from manage my email account on the email tab.

For the Homestead account, go to account at the top right and then billing and security.
Photo of RICHARD E.5283

RICHARD E.5283

  • 424 Points 250 badge 2x thumb
The email tab... is that on the homestead page?
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Yes, on the left side of your account screen.
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
As a point of reference, the password included in my email has not been in use for years and is not the password for my Homestead email or account.

Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Sounds like they are phishing, but if you have the email, please post the source so that I can look.
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Have you scanned your computer with an updated security program just to make sure.
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
Source code posted above.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 43,926 Points 20k badge 2x thumb
Hello,

This definitely seems like phishing, be sure to run a malware scan to be safe and change passwords. Our support is aware of these phishing emails but, unfortunately, we do not have the ability to block them 100% of the time.
(Edited)
Photo of William9309

William9309

  • 274 Points 250 badge 2x thumb
Based on the source code provided can you determine if the emails in question originated from outside the Homestead servers. If so, that would support the phishing theory. BTW, this latest email scam is all over the tech blogs and tech media. Thanks.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 43,926 Points 20k badge 2x thumb
Yes, thank you for your ticket. From the information provided, it does look like phishing behavior. It does not appear your password has been breached. Our system works to try to prevent this, however it does not filter 100% of the time because we do not want to be over-aggressive and filter out valid email.
Photo of Lori7898

Lori7898

  • 232 Points 100 badge 2x thumb
I received this email....Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $571 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1BPUUNghhuwQjDDvFd3TnJz2ato5dyDLr8

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!.
Photo of Damien5922

Damien5922

  • 60 Points
I've received the same email and also one similar to it a week later. 
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 43,926 Points 20k badge 2x thumb
This is a scam email, please ignore it.

This conversation is no longer open for comments or replies.