This Account Was Recently Infected! Email Extortion Scam
I recently got an email purportedly from my own account that began with “This Account Was Recently Infected!’ The full email is shown as an image below with the text in the description tag of the image reference. The text was contained in an an image file and since it spoofed my own account, my email client displayed the image. Concerned that my account had been hacked, I looked at the email source, and discovered that it was just a spoofed email originating from a server in Japan. I Googled the first sentence and found many hits for descriptions of the email scam and one that suggested reporting to the FBI.
Because it included a Bitcoin wallet ID, I decided to go ahead and report to the FBI. Finding the right site is not a trivial task, but I did end up filing a report.
Image of Email Extortion Text
The extortion email was presented as an image, which allowed it to get past SpamAssassin and the spam filtering in Thunderbird. It also made it impossible to cut and paste the Bitcoin wallet ID into the FBI report.
Headers from the Extortion Email
In most email clients, you can view the source of the email which will give you information on where the email may have originated. In this case, the header shows that the email started out in
intercom-45-29.pro which does not point to anything in DNSLytics, but
intercom.pro does point to Russian ownership. From the first server, it went to
max-luomo.com which is registered with a Japanese domain registrar. In any case, it is clear that the sender did not compromise my email account or server.
This is a hoax and a scam. Sadly, it is a part of life today.