I received this e-mail – apparently from myself – earlier this week. I have actually gotten many of these e-mails over the past few months. On the surface, my e-mail has obviously been hacked – after all, how else could the sender send an e-mail from my own account?
Here’s the problem… it was not sent from my account. To wit, let’s look at my Sent Items folder from that time slot:
I sent an e-mail at 3:55pm, and another at 10:42pm… nothing at 4:44pm.
I have been getting questions about phony e-mail for years; is there anything you can do about it? I am not a messaging expert, so I cannot speak authoritatively on the matter. What I can tell you is that sending an e-mail in someone else’s name is as easy as addressing a physical envelope with someone else’s return address. In other words… not very tough.
The villain in this story is trying to embarrass me into paying hush-money to keep some compromising videos and photos private. Sorry villain, I don’t think you have those compromising shots of me… and if you did, nobody would want to see them.
This is a variation on a very old scheme, and it relies heavily on people being gullible enough to pay up. I’m sure someone must pay, because there are a lot of people out there who are less technically savvy than my readers.
Why is this an effective scheme? Simple… it is likely that a very high percentage of e-mail users look at porn on the Internet; you do not have to be technically savvy to do that. Additionally, a high percentage of computers that they use have cameras. Add these facts together, and someone who knows less about computers than I do is going to think that some untraceable hacker has compromised every component of their system, has nude and sexual pictures of them, and for the reasonable sum of (fill in the number… I have received them from $650 to €1,500) will agree to not share them with everybody they know.
Is there any defense against getting these e-mails? No. In all likelihood, they will usually end up in your Junk Mail folder… but you are still going to get them. Is there any way to protect me from being compromised by malware that may actually do what these e-mails are saying they did? Sure… take the usual precautions, including firewalls, anti-malware, and don’t do stupid things like opening suspicious links or files that you receive by e-mail. Is there anything I should do when I get one of these e-mails? Sure… delete it. Go back to work, or whatever it is you were doing when you got it.
…And what should I do if it turns out that it was real, and the hackers send that e-mail to everyone I know? Ask how you look, and if they think you need to lose weight.