Below is an example of a new blackmail email that is appearing in Australian and New Zealanders inboxes. Blackmail emails are a popular way for criminals to make money. Previously the technique was to capture your attention by including information sourced through a known breach (in this case a previously used password) in the subject line. Now they are trying to trick you into believing your account has been hacked by sending you an email that seems to come from your own email account. This technique is known as ‘email spoofing’.

Email spoofing is when the sender of an email typically spam/forges/spoofs the email header "From" an address so the email being sent appears to have been sent from a legitimate email address that is not the spammers own address.

Reasons scammers do this:

To trick spam filters into allowing the email through by using a reputable email address. This way scammers can ensure their email goes to yours, friends or family member’s inboxes rather than their spam folder.
To prevent the bounce back emails from being received in the spammer's own inbox. Spammers may send their spam out to thousands of email addresses, and inevitably a lot of those emails are going to bounce. Since spammers don't want to receive hundreds of bounce back messages, this prevents that from happening.
To trick the recipient in to believing the email is from a legitimate source.

While there is no fool-proof way to prevent either type of abuse to your email address, you could adopt some "best practices" when it comes to your email security:

Update your email account password frequently.
Avoid using your primary email account for everything online. If you are signing up for something like a mailing list, contest, application form, or something similar, use a free throwaway email account like Gmail or Hotmail, something you don't mind deleting if it gets abused.
Only use your primary email to communicate with people you know or trust, this may include financial institutions.
Always run full virus scans on your computer (at least once a week).
Avoid using your email address in online blogs and posts. If you have to, try using (at) and (dot) com instead of @and.com to prevent malicious automations from harvesting your address.

The short answer is, not much. There are no definitive ways to prevent someone from harvesting your email address from the internet and using it for spam. Blocking your own email account may cause you more problems. If the spoofing is recurring and causing a lot of inconvenience, the best thing to do would be to delete the account and start over with a new email account (hence the recommendation regarding throw away email accounts). If you are getting relentlessly spammed, the attacks usually only last for a week or two, sometimes less. If it’s a one-off email like the example above, delete it and remain vigilant.

‍

BACK TO LATEST NEWS

Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.

Unpacked: Demystifying the Dark Net

Hidden behind the layers of the World Wide Web is a nefarious platform called the dark net that cannot be accessed by normal browsers.

A year in review & where we get our funding

It’s hard to believe that since 2014, IDCARE has responded to over 275,900 client engagements from people who experienced a cyber-enabled crime.

QLD Aftermath Report 2018

A summary of impacts identity and cyber-related crimes had on Queensland.

The Year that was: A record year for financial losses to cybercrime

CONTACT US

IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.