I got an email this morning claiming that my email account had been hacked. It was in the typical bad English, claimed to have my password, contacts, etc. and threatened consequences if I did not send him $1000. I got two of these emails, each with a different bitcoin wallet. 1PwL6D4NfF44eUrKik7GnxcS429Qrnz3UQ and 1FcCacS5pebEKMR6wtz7k98JEqbhfhCkDw.

One of the claims I found interesting was that it was supposedly sent from my account. Most people sending email don’t realize that there is a record of everywhere the email has been sent along with it. Just look at the properties and you will find something like this.

Outlook email properties

In this info I found a couple of reply addresses

The origin mail servers are also in it.
Received: from smtp-09.idc2.mandic.com.br (smtp-09d.idc2.mandic.com.br
by vade-backend3.dreamhost.com (Postfix) with ESMTP id A253140002808
Received: by smtp-09.smtp.mandic.prv (Postfix, from userid 490)
id 6C7CE7000492; Sat, 9 Mar 2019 12:33:24 -0300 (BRT)
Received: from smtp-09.idc2.mandic.com.br (ifsmtp2
by smtp-09.smtp.mandic.prv (Postfix) with ESMTPS id 64110700048F
Received: from thesuckmovie.spb.ru (unknown
by smtp-09.smtp.mandic.prv (Postfix) with ESMTPA id 18DB110001A6
X-Sender: atendimento at webracing.com.br

The person forged my address, but did not hack my mail server. The two emails showed different origins, so the person evidently keeps changing that to avoid being traced. The key piece of information though is that it did not come from my server, and my account was not hacked. Needless to say, I will not be sending $1000

Any unsolicited emails you get should be view with some skepticism. Phishing emails like this rely on panic and confusion. Generally I use pretty strong passwords, and encryption. I don’t use the same password on different services, so I wan’t real convinced that my account had been hacked. The other tip off is the broad strokes used to make an accusation. No specifics anywhere. Always remember if there is any doubt, investigate.