Caution: blackmail e-mails are going around
If you receive an e-mail that at first sight appears to come from your own e-mail address, do not panic! It does not necessarily mean that your e-mail account has been hacked. Here is what you need to do if you receive such an e-mail.
Anyone can send e-mails in your name
Current e-mail protocols do not verify the mail sender’s identity. Put simply: anyone can create an account in their e-mail program and send e-mails from this account. You could even enter firstname.lastname@example.org or email@example.com. The e-mail protocol does not check that the address exists or even whether you are entitled to use that e-mail address. This technique is called ‘spoofing’.
Have you received a blackmailing e-mail with your own e-mail address as sender? Do not panic, as these are usually ‘harmless’ spam messages.
Others can use your e-mail address just as easily as you do. When you receive an e-mail that appears at first sight to come from your own e-mail address, you do not need to get in a panic. It does not mean that hackers have broken into your e-mail account or have access to your mailboxes.
Purpose of these e-mails: spam, phishing, malware or blackmail
But why is the sender using these fake e-mail addresses? There can be various reasons for this…
Most misuse of someone’s e-mail address happens with addresses of organisations such as supermarkets, providers, etc. This usually involves ‘phishing’ e-mails, whose purpose is to forward spam or obtain financial or other information. You can read more about this type of e-mails in our previous blog on fake e-mails.
The latest wave of fake e-mails is misusing personal e-mail addresses with the aim of blackmailing you.
Characteristics of the latest blackmailing e-mails
- The sender sends you an e-mail with your personal e-mail address as sender and claims to have gained access to your e-mail account. Or even to have taken control of your computer.
- In some cases, the e-mail mentions a password that you have used for a particular website.
- The sender says you have been hacked because you have browsed an ‘adult site’ or similar.
- The sender is only prepared to return control of your mailbox to you, or to destroy incriminating material that has been obtained, after payment of a ransom, usually in bitcoins.
What should you do if you receive a blackmailing e-mail?
- Stay calm!
- The password was probably stolen in a large-scale data theft involving millions of e-mail addresses and passwords. Normally, you will have been notified about this theft and will have changed your password since then. Not sure about this? You can check whether your e-mail address was involved in any such theft at HaveIbeenPwned.
- Never give in to this kind of blackmail. The sender has no power over you whatsoever – after all, the e-mail contains no proof of what is being claimed. If you were to give in to the blackmail, you would merely expose yourself to further blackmail!
- This blackmailing e-mail is no proof whatsoever that your computer has been hacked. Signs that you could have been hacked are: your computer is slow or boots up very slowly; your antivirus has been switched off without your knowledge; your cursor moves independently or you start to see a lot of pop-ups.
- If in doubt, feel free to send your e-mail to us or call our helpdesk (free of charge).
General points to consider for assessing suspicious e-mails
- Study e-mail addresses and URLs carefully before clicking on them.That is really easy to do in your computer’s e-mail program: hover the cursor over a clickable link and the full web address will be displayed in the status bar. The full sender address in the ‘From’ line also usually gives a good indication: a mail from Telenet but with a sender address like firstname.lastname@example.org should immediately make you suspicious.
Tip: most e-mail clients and browsers allow you to activate the status bar via the ‘View’ menu.
- Be extra careful with e-mails you view on your smartphone.The ‘hover’ option is not available there! What you can do though: press and hold the e-mail address or link and choose the ‘copy’ option from the context menu. Paste the address or link into your memo app to view the underlying link.
- Protect your computer and smartphone with a good antivirus. If you accidentally click on an infected link, your antivirus should prevent the malware from taking effect.
- Keep your computer and smartphone up to date, regularly back up your data and use strong passwords.If anything does go wrong, it will then be easier to recover your device.
- Think about it: if something seems too good to be true, it probably is not! It is best to steer clear of links in e-mails that announce you have won prizes in competitions which you did not enter!