How do scammers send you an email from your own account.

674 views
0

This has been happening for a little bit of time now. I receive an email from my own account and the message says I’ve been hacked. They also say they’ve made videos of me jerking off to weird porn and for a payment of several hundred in bitcoin they won’t release the video. I just erase the emails because I know its crap, but how do they make it seem to originate from my own account?

In: Technology

They forge the From header even though the actual from address is different. Fortunately it’s easy to detect and block mail like this.

Think of receiving an email like getting a letter in the mail. It’s fairly trivial and there’s often nothing enforcing someone from writing whatever name they want as the sender on the envelope.

Letters have envelopes, and you can write whatever you want on them. Emails have “headers” that contain information like the sender name/email, the subject, etc, and you can forge information in the headers just the same.

Edit: And to continue the envelope analogy, if I mailed you a letter but put your name/address as both the from and to addresses, there would be evidence that you didn’t send yourself the letter: the postmark would be from a different city or state. And the same thing with forged email headers – there is evidence in the headers that will clearly show you it was forged if you know what to look for.

Two options I can think of:

* **The most likely** is that it is simply an alias to their real email you are seeing. The way to verify the real email depends on the mail client, but generally hovering the email/right clicking to get extra details suffices.
* If not, your mail account may have been compromised, in which case you should change your password to your mail account and preferably your other online accounts, especially if you have similar passwords across websites. Running an AV scan prior to that can be a good idea in case you could suspect it to be the cause of a password leak.

Hey OP. I will give a brief explanation as to how an email can be sent with any email address, but most importantly I will give you the **actual reason you are receiving those emails** saying you have been hacked.

# 1) Sending an email from any email address

It is fairly simple: at no point does the SMTP protocol check if you indeed have the rights to use this email address to send an email. You can simply spoof the “FROM:” field of an email to send it with any email address and it will go through. However, most email clients will check the email address against the server from which it was sent, and tell you something is off.

# 2) Your credentials, like millions of other people’s, are part of the “[Collection #1](https://en.wikipedia.org/wiki/Collection_No._1)” data breach

Back in January of this year, a huge collection of passwords leaked out on hacking forums, under the names **Collection #1**, **Collection #2**, **Collection #3**, **Collection #4**, **Collection #5**.Containing more than 800 GB of data, this leak is a massive one. I managed to download it in full, and found out my old password was included in them, as well as a few different email addresses of mine, **more than 10 times**. Those passwords are from different sources: hacked platforms like LinkedIn, phishing, bruteforcing, etc.

Here is a screenshot of the 5 folders in my PC and their total size (I had to remove some for lack of space) :[http://puu.sh/DvLLd/f7fa4480fb.png](http://puu.sh/DvLLd/f7fa4480fb.png)

Using this collection, malicious people started sending emails using the method described in 1) to people, making them believe they were hacked. **I, too, received such emails**. In some of them was even included the password of mine that was leaked in the collection, clearly indicating where those malicious people are getting their information.

# 3) Useful links

To check if your email address appears in one of the several data leaks: [https://haveibeenpwned.com/](https://haveibeenpwned.com/)
To check if your password appears in one of them: [https://haveibeenpwned.com/Passwords](https://haveibeenpwned.com/Passwords)

Hope this will enlighten you a little bit, and don’t hesitate to ask any questions.