Can I tell where these emails came from?

  1. idahosurge's Avatar
    Posts : 43
    Win 10 Pro
       #1

    Can I tell where these emails came from?


    The past three to four weeks I have been getting emails that are sent to me from me. In other words the to and from email address are my email address. These emails are from someone who either hacked someone I knew or they just bought a bunch of email address off the dark web. The emails are just a bunch of BS and basically want me to pay a ransom for information they say they have, but actually do not.

    I got curious if it would be possible to find out who is sending them so I want to know if there is anyway I can find out who is actually sending them. If there is a better website to post these kinds of questions please let me know where it is. Below is the header information from two of them. In both I changed all my email addresses to
    Code:
    [email protected]
    _____________________________________________________
    Return-Path: [email protected]
    Received: from zm-mta00.neonova.net (LHLO zm-mta00.neonova.net)
    (137.118.45.14) by zm-mbs15.neonova.net with LMTP; Fri, 2 Nov 2018 16:31:32
    -0400 (EDT)
    Received: from smtp672.redcondor.net (smtp672.redcondor.net [208.80.206.72])
    by zm-mta00.neonova.net (Postfix) with ESMTPS id 336FE69FD8
    for <[email protected]>; Fri, 2 Nov 2018 16:32:17 -0400 (EDT)
    Received: from [186.119.119.226] ([186.119.119.226])
    by smtp672.redcondor.net ({ab9b8a0f-47dc-4027-bad5-230251ed7875})
    via TCP (inbound) with ESMTP id 20181102203131074_0672
    for <[email protected]>;
    Fri, 02 Nov 2018 20:31:31 +0000
    X-RC-FROM: <[email protected]>
    X-RC-RCPT: <[email protected]>
    Message-ID: <[email protected]>
    From: <[email protected]>
    To: <[email protected]>
    Subject: Change your password immediately. Your account has been hacked.
    Date: 2 Nov 2018 09:26:26 -0600
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="ibm852"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-MSMail-Priority: Normal
    Importance: Normal
    X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
    X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
    X-EsetId: 37303A2901EDF863677366
    
    ______________________________________________________
    
    Return-Path: [email protected]
    Received: from zm-mta02.neonova.net (LHLO zm-mta02.neonova.net)
    (137.118.45.16) by zm-mbs15.neonova.net with LMTP; Fri, 2 Nov 2018 09:34:39
    -0400 (EDT)
    Received: from smtp473.redcondor.net (smtp473.redcondor.net [208.80.204.73])
    by zm-mta02.neonova.net (Postfix) with ESMTPS id B32F561D39
    for <[email protected]>; Fri, 2 Nov 2018 09:34:40 -0400 (EDT)
    Received: from [175.125.196.143] ([175.125.196.143])
    by smtp473.redcondor.net ({6a37e3c6-627a-4a3f-9b85-f53a5f9acd7a})
    via TCP (inbound) with ESMTP id 20181102133428785_0473
    for <r[email protected]>;
    Fri, 02 Nov 2018 13:34:28 +0000
    X-RC-FROM: <[email protected]>
    X-RC-RCPT: <[email protected]>
    From: <[email protected]>
    To: <[email protected]>
    Subject: Change your password immediately. Your account has been hacked.
    Date: 3 Nov 2018 06:01:21 +0800
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="ibm852"
    Content-Transfer-Encoding: 8bit
    X-Mailer: Microsoft Office Outlook 11
    Thread-Index: Accwu6x7y5hrcul6cwu6x7y5hrcul6==
    X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514
    X-EsetId: 37303A2901EDF863677366
    _______________________________________________________________
    For anyone who is interested the actual email is posted below.


    __________________________________________________________
    -----Original Message-----
    From: [email protected] [mailto:[email protected]]
    Sent: Friday, November 2, 2018 10:26 AM
    To: [email protected]
    Subject: Change your password immediately. Your account has been hacked.


    I greet you!

    I have bad news for you.
    11/08/2018 - on this day I hacked your operating system and got full access to your account [email protected]


    It is useless to change the password, my malware intercepts it every time.

    How it was:
    In the software of the router to which you were connected that day, there was a vulnerability.
    I first hacked this router and placed my malicious code on it.
    When you entered in the Internet, my trojan was installed on the operating system of your device.

    After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

    A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
    But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
    I'm talking about sites for adults.

    I want to say - you are a big pervert. You have unbridled fantasy!

    After that, an idea came to my mind.
    I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
    After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

    I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
    I think $880 is a very small amount for my silence.
    Besides, I spent a lot of time on you!

    I accept money only in Bitcoins.
    My BTC wallet: 17vzpL7n29egdeJF1hvUE4tKV81MqsW4wF

    You do not know how to replenish a Bitcoin wallet?
    In any search engine write "how to send money to btc wallet".
    It's easier than send money to a credit card!

    For payment you have a little more than two days (exactly 50 hours).
    Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

    After payment, my virus and dirty photos with you self-destruct automatically.
    Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".

    I want you to be prudent.
    - Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
    - Do not try to contact me (this is not feasible, I sent you an email from your account)
    - Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

    P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
    This is a hacker code of honor.

    From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

    Don't be mad at me, everyone has their own work.
    Farewell.
      My Computer

  2. dalchina's Avatar
    Posts : 29,832
    Win 10 Pro (1903)
       #2

    Probably not- Whois reports (for example)
    2088020672.com is available*

    Buy This Domain - $12.99

    Whois Lookup & IP | Whois.net


    Received: from zm-mta00.neonova.net (LHLO zm-mta00.neonova.net)
    (137.118.45.14) by zm-mbs15.neonova.net with LMTP; Fri, 2 Nov 2018 16:31:32
    -0400 (EDT)
    Received: from smtp672.redcondor.net (smtp672.redcondor.net [208.80.206.72])

    Same for another IP address listed.
      My Computers

  3. z3r010's Avatar
    Posts : 9,895
    Windows 10 Workstation x64
       #3

    I'm getting 3 or 4 of these blackmail emails every day, they normally contain a password you have used on a site that has been hacked, all you can do is make sure you are not using that password anywhere any longer and delete the email as the spam it is.
      My Computers

  4. swarfega's Avatar
    Posts : 7,084
    Windows 10 Pro 64-bit
       #4

    Another tip is to use a password generator and paste it in rather than typing it to avoid keyloggers.
      My Computers

  5. jimbo45's Avatar
    Posts : 10,455
    Windows / Linux : Arch Linux
       #5

    Hi there

    Also don't forget --if you have your own domain(s) hosted anywhere usually it can come with an email server.

    When you set up the email accounts on these domains they can (user selectable in things like cPanel or whatever control software the hosting provider has for accessing and maintaining your domain) have a facility to forward any email received on to other email addresses as well so check if you are using hosted domains with the email servers built in.

    Using passwords in non standard Latin characters sets -- e.g Nordic, cyrllic etc as well can help -- ensure though when you login you have the correct keyboard mappings or you'll be locked out of your own systems !!!!.

    Sometimes you can have a bit of fun with this type of Spam -- reply say in Hebrew with an address (IP spoofing is easy enough these days --or use TOR) that looks like Mossad central or similar and say IP has been noted -- any more rubbish and appropriate action will be taken --this planet is too small for people like you to hide from us !! We have the resources to do whatever we like !!!!.

    I always remember replying to a stupid person who said my Windows were insecure and you had to pay 300 USD to fix it

    I merely (and don't usually bother with that type of rubbish anyway) but I'd had a pint or two of decent beer --said "My Windows are triple glazed, have proper security locks and have been certified as excellent after inspection by the Police so I don't need any help --now go and get Lost".

    Cheers
    jimbo
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:11.
Find Us




Windows 10 Forums