Help: I just received a mail from my own email, can't know if phishing or I'm hacked
I just received a mail from my own e-mail address, hosted on Gandi on my own domain name. It said that the sender has hacked me, used malware, keyloggers and RDP to get my passwords and copy all my files to his own computer, and took videos of me while watching adult content using my webcam (I never noticed the light turning on for it). Claims they've been doing this for a few months. Gives a bitcoin address and wants $1000 (a sum I can't and won't give, don't even have a fraction of it) in 48 hrs, or else will share the videos with my contacts. It said something about a pixel the message included.
I viewed the message from K-9 mail on android (which didn't tell anything about pixels or whatnot), and when I went back on my computer to check the headers and stuff, the message was deleted.
Now, is this some sort of phishing or or have I really been pwned? I feel like it's just phishing, but the message deleting itself kinda gave me shills of fear. I promptly changed my password for the mail account.
Thank you and @Wes a lot for quick replies. I shoudl have known better but I panicked when I saw the message deleted itself (I use POP3, but it did not deliver the message so maybe it has sth to do with headers, I will try to investigate when I am back home).
Common scam. It's been going around for the last six months or so.
Echoing what the others have said, it's a scam.
If they had that kind of access then they would probably just try to empty your bank account.
Interested to know where the email has gone (likely a simple explanation), keep us updated!
Procmail ate it, because the sender was dumb enough to include a
X-Spam-Level
header:I did not think of it because I don't run spamcheck on email since some time (don't really receive all that much spam luckily, and I have problems configuring spamassassin). I did use it in the past and have forgotten to disable it from procmailrc, so the filter matched and the mail was discarded:
When I
dig
that domain from theFrom
line:Whois:
Unfortunately I don't keep a verbose log for
mpop
(my pop3 client), so can't know more than this I guess. Maybe the outgoing server was checking for spam? Or maybe this was a trick pulled of to annoy the receiver?That Strato has abuse contacts, would contacting them be of any use?
Thanks! I just sent an email.
BTW thanks also for linking to DeepL, looks interesting!
Oh I should've updated, sorry. They told me to report to a different e-mail address, which I didn't get to yet b/c some some hassles last week. Will retry this week.
I also received a couple identical messages, from different domains, using different providers. I have retained the messages this time fixing my procmailrc (can share if interested).
Huh well there you go, mystery solved. I would follow up with their abuse contacts.
I started getting these emails shortly after Collection #1 (7 Jan 2019) was published. It contained 772,904,991 according to have i been pwned.