Hacked??!!
At some point (if it hasn't happened already) you are going to be the target of some sort of online scam. Many of these play on the lack of knowledge of the user and fears of the unknown (i.e., computer security).
From a novice's point of view, these can be terribly alarming. What I have noticed is that the vast majority of these can be deduced with some logic and absolutely zero (or very little) computer prowess.
I am assuming most people have heard of the scams that a Nigerian prince has left you millions, so let's step away from that one and more to one that is much more intimidating for the uninitiated...
Before we get into deducing the likelihood of an actual threat by logically observing the email, let's see how we can quickly find out information about this email.
In the case of our email scam here, it was sent to the user from their own email address. How can this be? They must have your email password??!! No...not necessarily. This can be done by spoofing an email address. That's where you make it appear that the email is sent from an email address which it is not.
Finding the Email's Origin
In order to see where it came from you will need to look at the email header (see the documentation for your email client). When looking at the email header, keep in mind that the "Received" sections are the most reliable parts of the header. These form a path from the originating source to your mail server.
The "Received" lines should be read from bottom to the top. The first "Received" line will be your own mail server while the last will be where the email originated. That being the case, let's look at the email header in question (to the left)...
Not only do we instantly have some red flags raised because the email is coming from a Chinese server (sorry China!) but we can quickly deduce that they did not send the email from the victim's account, rather it was sent from a different mail server (i.e., in China). Had they sent it from the victim's actual account, the mail server would be theirs (matching the mail server in the top-most "Received" section).
From here you can use whois tools to determine the source of the IP's and DNS. You can determine who they belong to and even potentially let them know that their services are being used for nefarious activities.
The Logic of the Scam (or Lack Thereof)
The image to the right is an actual example from an attempt to extort money through fear and playing on a lack of knowledge. Let's step through it and see if we can deduce the problems herein...
Poor Spelling & Grammar
Note the spelling and grammar issues scattered throughout the email. This is a textbook trademark of an email scam.
Generalizations
Note that the scammer uses a generic term...that he "cracked your email and digital device". This is done because you could use a phone, tablet, computer...who knows. This way he can entice whoever reads.
Blackmail
In this particular threat, the scammer claims to have intimate knowledge of the victim's web usage...specifically they claim the victim visits porn sites. Now, this is also an easy thing to do with statistics. It is said that 70% of men and 30% of women go to porn sites according to Patty Lee of the Daily News in 2010. Other more recent articles place both those numbers much higher.
What that means is that the scammer can make this presumption and hit at least half the people (more if he/she targets emails with male names).
This is a "Fear, Uncertainty, and Doubt" (i.e. F.U.D.) approach. It uses fear to entice you to comply with their wishes without fully considering the threat.
Techie Jargon
The scammer then moves in for the kill, using what might sound (to a layman) to be a very convincing technical approach.
This scammer says they gained access to remote your computer and use your camera and see what is on your monitor. They claim to have gathered all of the victim's data (which would be tons of wasted internet traffic for most people).
They claim to have gathered all of their "passcodes" that were entered on websites. They claim that changing your data is ineffective because their app refreshes every 5 minutes.
They have "compiled a backup of your device"...
Ok, let me get this straight...you have a backup of my device and ALL of my "passcodes"? But now you're asking me to send you money...??
This is the logical flaw here as well. If they truly had that information, couldn't they merely log into your Google, Apple, and whatever else accounts...likely your bank account.
He also claims to have a "pixel" in the email that will let him know you read the "letter". Um...no.
Then he moves to something along the lines of "Facebook Pixel" and how this is something used by the authorities to track people. A quick Google search will reveal this is for tracking Facebook ads.
Bottom Line
Don't be driven by fear...examine the threat with a rational and logical mind. That alone should help discredit 90% of the scams. Look at email headers to find where they came from. You can use tools to look up IP addresses or look up DNS names to see who the originator is. Many times these can be servers or computers that are compromised.
Potentially you are receiving the email because one of your contacts fell for it and ended up unknowingly providing them what they wanted through their ignorance and fear.
Ask. Everyone has a "computer guy"...ask someone you trust who is knowledgeable. Not sure yet?? Ok, feel free to ask me.
Thank you for reading...if this was a help, please pass it on (like and share!).
Joseph Foster
joseph@fostercode.com
(844) 779-3274 ext. 700
www.fostercode.com
