The scam

It has been annoying for the last few months. My email is somehow leaked, and there are unauthorized attempts to login to my account every day. I can see the suspicious activities, but there is nothing I can do to stop it.šŸ˜”

I was unaware of such attack at first, until I received this email, from my email address.

You have been hacked!

“Hello pervert, Iā€™ve sent this message from your Microsoft account. ā€¦”

I was totally shocked, as it indicates that my account is compromised. However, when I continue reading, I know it is nothing but a scam. But the fact that it uses my email address haunts me, so I updated the passwords and changed my email address.

And today, I received a second one with the same words! So here I am, writing a post to repay the scam.šŸ¤¬

How is this possible?

The reason this scam works is probably because of the senderā€™s address. It is you so that they make you believe your account is compromised. Now we know it is fake, but how is this possible?

When you send an email, you are sending a SMTP request to the email server. So, as long as your request matches the description of SMTP protocol, you can literally send anything you want, even with a random sender. We canā€™t do it because our email clients refuse to do so, but it is feasible for those wicked client software. And we call such email with fake sender spoofed email.

For Outlook users, to unveil the nature of email, you can view the raw content with a few clicks shown below. Other email clients should have similar functions.

image-20250108225926571

This is an example email from Battle.net of Blizzard Entertainment. And you can find the sender in the message source.

image-20250108230159530

Although SMTP protocol doesnā€™t have identity validation, email server provider may add such protection. Normal emails, though may be classified to junks, have X-SID-Result: PASS. However, for spoofed email in our case, you will see FAILED here.

A tip for you. Each line you see in the source is called a header, which is a key-value pair. The keys start with ā€œX-ā€œ are usually extra headers added by the server, and the others are original headers comes from the email client. So you can see that most the ā€œX-ā€œ headers are related to Microsoft, as I use Outlook.

Appendix

Reference

Here are some posts on this scam from experts.

Scam email template

Below is the common template used by such email, with your email as the sender. Although I hate it, its language is quite impressive and convincing. I think if the victim does watch porn, he must be so frightened.

Hello pervert, Iā€™ve sent this message from your Microsoft account.

I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where Iā€™m getting at.

Itā€™s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, Iā€™ve learned about all aspects of your private life, but one is of special significance to me.

Iā€™ve recorded many videos of you jerking off to highly controversial porn videos. Given that the ā€œquestionableā€ genre is almost always the same, I can conclude that you have sick perversion.

I doubt youā€™d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos ā€“ on WhatsApp, on Telegram, on Skype, on email ā€“ everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.

Donā€™t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you.

Iā€™m some kind of God who sees everything. However, donā€™t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.

Transfer $1220 USD to my bitcoin wallet: 1JVMTu******************Y6g2

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure ā€“ my benefit is only money. Otherwise, I wouldnā€™t be writing to you, but destroy your life without a word in a second.

Iā€™ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, donā€™t worry, itā€™s very simple. Just google ā€œcrypto exchangeā€ and then it will be no harder than buying some useless stuff on Amazon.

I strongly warn you against the following:

* Do not reply to this email. I sent it from your Microsoft account.
* Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
* Donā€™t try to reset or destroy your devices.

As I mentioned above: Iā€™m monitoring all your activity, so you either agree to my terms or the videos are published.

Also, donā€™t forget that cryptocurrencies are anonymous, so itā€™s impossible to identify me using the provided address.

Good luck, my perverted friend. I hope this is the last time we hear from each other.

And some friendly advice: from now on, donā€™t be so careless about your online security.ā€

Epilogue

Although it is a scam, it has one thing to be true, that is donā€™t be so careless about your online security. Next time you see suspicious email, go search for it first before you believe any of the words in it.