Just got an interesting email, it's from my email address to my email address, has no visible content except in the subject line.
"Message has been processed :Your private information has been stolen because of suspicious events."
And in the correspondents field it has an old non-secure PW I used.
So obviously they've hacked someone's site to get that information but I'm unsure what the intent of the email is?
Any ideas?
Cheers
Yeah must have been an old one, I have since been to havibeenpwnd and secured anything they reported as breached so not sure what this one is about.
What's the senders address in the email header?
It's my email address.
The only other listed is a 'message id' <001e01d9db87$06fb442d$4301ec82@sqbeo>
I also put the header info into an analyser and got the following back.
"
Problem Icon DMARC Compliant (No DMARC Record Found)
Problem Icon SPF Alignment
Problem Icon SPF Authenticated
Problem Icon DKIM Alignment
Problem Icon DKIM Authenticated"
And a whole bunch of other stuff that went over my head. :)
I asked ChatGPT what that email address name meant and it looks like someone was hit by the same address, so be careful:
The string 001e01d9db87$06fb442d$4301ec82 does not have a hex prefix, and it contains symbols that are not valid in hex, such as $ and d. Therefore, it is not a hex string. It could be some other type of encoding or encryption, but without knowing the context or the algorithm, it is hard to decipher its meaning. A web search for this string does not yield any relevant results, except for a forum post where a user named EightImmortals received an email with this string in the subject line1. The email was apparently a scam that claimed that the recipient’s private information had been stolen because of suspicious events. The forum users suggested that the string was probably a random or hashed identifier that the scammers used to track their victims. Therefore, the string 001e01d9db87$06fb442d$4301ec82 does not have any pattern to it, and it is not hex. It is most likely a meaningless or malicious string that should be ignored or deleted.
Got to love the lack of info in the post.
The intent is for normies to see that their email address was used and somebody had their password and panic and go "ok sir, you are supreme haxxor, have some money not to bother me" ;)
Yeah normally but there was no other info in the mail which is what got me curious.
Had some thing similar last week and deleted. Header indicated it came from Hungary. From the password used it came from an Adobe breach years ago.
I had one of those a few years back. I was terrified for like an hour until google put my mind at ease.
"…Allow myself to introduce… myself…"
Quote - Austin Powers
Maybe it's when the scammer accidentally pressed send before they finished typing the rest of the email (the part that has the dodgy link or whatever) 😂
I think this is likely.
Another reason might be to see which addresses on a list bounce because they re no longer valid.
This is not likely. THey have bots/scripts sending these. No one can be bothered to send these one by one. Come on dudes!
probably an error in the script maybe.
it could have a hidden jpg or virus on it. Or maybe they will check whether you opened the email first before taking the next step.
So they wrote and executed their script incorrectly then? 🤷🏻♂️😂
Maybe but less likely. It's possible that's a script error during execution. Especially when they process millions of emails etc.
There is no way the scammer accidentally pressed 'send' as you said.
The deets are sold as bulk lots of thousands upwards.
@Naigrabzo: Bulk mailers can have a Send button as well.
The idea that someone might load in their address list, insert a field into the message editor and then accidentally hit send isn't that far fetched really. I would argue that it makes much more sense than someone doing an initial pass to see who opens a message before starting a real attack.
Or maybe they will check whether you opened the email first before taking the next step.
This seems the most likely reason I think.
Emails have a 1px invisible picture in them and when you load all the images, that pixel tells the email sender that you've opened the email. So might be a way to test validity of a list they have obtained.
Not sure on the email address spoofing though. I think I've had that too.
What value do they get from that info though? Are they going to prune the list of everyone who didn't load the pictures? Maybe the test message was blocked or wasn't convincing, if they use that as a basis for removing addresses from the list then they will be removing people who might have received/clicked a message with actual content.
Plus, why prune the list at all? Sending a spam message costs somewhere between practically nothing and actually nothing, if you have 10,000 addresses that are probably not receiving/acting on your spam, it's still worth sending to all of them because if even one of them does fall for it, you've probably recovered your costs.
And if you wanted to determine the value of a list of address-password combinations that you have, the absolute best way to drive the value down is to make the person aware that their password has been exposed. As soon as they receive the test message, they are going to start thinking about resetting passwords, and be less likely to believe scams which try to use the password as proof of validity.
@pscac001: I can think of a couple of reasons but in any case we are just speculating as OP asked for ideas on possible explanations.
it appears to me that they asked you to send them a bowl of curry chicken with a loaf of bread from woollies.
just respond to the emaill with - " thank you for the warning. please update my password to - reacharound69 - thank you"
and then report/block
Don't overthink it.
Someone is setting up to do a "I've hacked your computer and recorded you jerking it, send me money or I'll forward a video to all of your contacts" scam, but they aren't quite sure how the software works and they haven't written their extortion message yet, so they are doing a trial run with a couple of addresses and just a single field inserted into the body.
LOL this! Send em a D. pic in return and just say "I know you like watching me" ;)
Check the message source to confirm that is all it contains. They could also be trying to do a scam over several messages.
There's really only three potential attack vectors with malicious/spam emails:
As long as you haven't done either of those three things, a malicious email can't do anything to you, your accounts or data in and of itself.
Sender identity spoofing is absolutely trivial to do and you can modify an email header quite easily to give the impression that an email was sent from any mailbox, anywhere in the world at a particular time/date. See the legendary Emkei's Fake Mailer for proof.
Account credentials are exposed in hacks/breaches of well-known companies constantly these days and these credentials then end up being passed around by spammers/hackers on the dark web and compiled into giant databases of people's accounts which are then used to engineer further attacks/breaches/thefts. Check your accounts on haveibeenpwned.com and change your passwords accordingly.
Cheers
Good guy scumbag scammers: wants to remind you to secure your passwords