[Discuss] Hacked or Scam?
Dan Ritter
dsr at randomstring.org
Wed Jan 16 15:54:48 EST 2019
David Kramer wrote:
> I've gotten two of these emails so far saying my email is hacked. I get
> these kinds of emails all the time about a password that got exposed in a
> company breach, but I haven't used that password in a long time, so I'm not
> worried about that. Just making sure I should not be worried about this
> either. My mail server is a Linode node running postfix, amavix,
> spamassassin, and dovecot.
>
> Looking at the headers, it looks to me like they just sent an email to my
> server through their server like normal, not that it originated on my
> server. Using "last" I don't see any logins that were probably not me.
>
Laziest scam in existence:
1. Get a list of exposed email addresses and passwords.
2. Spam them all with this script.
3. Hope that someone will send in bitcoins.
4. Rinse and repeat.
Today I got three of them. I use tagged email addresses and
site-unique passwords, so I am... unconcerned.
If they only have email addresses, well, they just leave out
the bit about how they know this particular password and
substitute a bit about how "you know this is real because I
sent it from your email address!"
Lame.
-dsr-
More information about the Discuss
mailing list