It looks like your morning, which wasn’t going too well already, has just taken a turn for the worse…

You’ve just checked your email only to discover a message in your inbox telling you that your computer has been hacked. Your heart sinks and you get a sick feeling in the pit of your stomach. You notice immediately the “from” field does indeed contain your own email address; this looks bad.

You continue to read the content and it doesn’t make for very pleasant reading. You’re told that your mailbox was hacked and through it, you’ve been infected with a virus (trojan). The attacker has been monitoring your online activity for some time and it’s too late to change your password because the virus intercepted your caching data and automatically saved access for him.

This hacker has also gained access to all your contacts, accounts, social media, email, browsing history, photos and more, and it gets worse. He’s also taken control of your camera and has been watching you while you were visiting adult sites.

email saying you've been hacked

Then comes the blackmail. Unless you cough up several hundred dollars via Bitcoin within 48 hours, he threatens to send a video of you to all the contacts in your address book, resulting in untold embarrassment.

If any of this sounds familiar, now or in the future – don’t panic!

But they have my email address and they’re sending from it

But really, do they? These types of spam emails are sent blindly to millions of unsuspecting people every day, and, in truth, fraudsters are just playing a numbers game based on psychology. Yes, it would be embarrassing if they had the ammunition necessary and they could do what they claim, but they don’t – and they can’t.

According to Statista’s latest figures, 56% of emails sent are spam. Now, if you combine this statistic with The Radicati Group’s prediction that by the end of this year the total number of emails sent daily will reach 246 billion, that means that 137 billion spam emails are sent every single day!

Global spam volume as percentage of total e-mail traffic from 2007 to 2018

You can clearly see that even if a small percentage of the 137 billion is purporting to have hacked your accounts, and even if only a small percentage of those result in a payment, there’s scope for these devious crooks to make a serious amount of money.

And that’s exactly what these fraudsters rely on – a very small percentage of less than tech-savvy recipients caving in to their demands and sending a few hundred dollars of Bitcoin (it’s invariably Bitcoin).

So, how do scammers get their hands on your email address in the first place, and how do they email you from it to give you the impression that you’ve been hacked?

How spammers get your email address

  • Harvesting

Fraudsters use software programs that scrape the internet for email addresses. Usually, they work by copying text containing the “@” symbol indicating it’s probably an email address.

  • Buy lists

Your email may well appear on a list that has been scraped from the web, and spammers buy these lists to use in their campaigns.

  • Brute force

Just like hackers, spammers use a program that makes a huge number of guesses at your password every second. As a rule of thumb, such a program running on a standard computer can make about 100,000 guesses per second. On a dedicated processing unit this number rises to 10,000,000 or even substantially more.

How they make it look like it comes from your email address, a.k.a. spoofing

Seeing an email from your own address may first look like you’ve been hacked, but the real explanation is more straightforward. You can put any address in the “from” field of an email, and it’s not restricted by email functionality itself. Only some providers disallow this – which means some don’t.

Precautions you can take to avoid spam emails

So, what can you do to prevent being pestered by spam emails in the first place? Here are a couple of suggestions:

  • Keep your email address close to your chest

Don’t announce your email address anywhere on the web unless absolutely essential. If you have to, consider using a disposable address or disguise it, such as myemail at email.com (don’t use the @ symbol).

  • Train your email’s spam filter

When you receive a spam email the temptation is to delete it immediately but doing so doesn’t educate your spam filter and you may well receive another email from the same spammer. Instead, select the mail and specifically tell your email client that it’s spam. This will help ensure you don’t get another email delivered from the same sender.

  • Never, ever respond to spam

Although it may be tempting to reply to a spam email with a healthy dose of venom, never succumb to the temptation. Simply mark the email as spam, and if it comes from someone you recognize (they may have been compromised), drop them an email separately to let them know.

And, as a drastic last resort…

  • Change your email address

If your email address is so compromised that spam is a major headache, you may have no option but to change your email address. It’s a pain, but if you’ve been caught out by spammers previously (clicked a link by mistake, for example) you may get overwhelmed by spam and have little choice.

You might also consider using a dedicated spam blocking software as a first line of defense. There are free and paid versions available such as SpamBully, MailWasher (good for mobile) and SpamSieve (good for Mac).

If you do happen to click on a link by mistake

Generally, with the type of email we’re discussing here, the spammer is after payment, and usually via Bitcoin. So, any link in the email will probably take you to a Bitcoin payment option.

However, you can never be too careful and if you do click on a suspicious link in error, disconnect from the internet immediately and run your antivirus checker. If you start to experience unusual symptoms such as your device’s hard drive spinning wildly, your browser suddenly changing, popups or other ads appearing, or your device slowing down dramatically, it’s a sure sign you may be infected with malware.

Remember, it’s all smoke and mirrors

So, next time you get an email saying you’ve been hacked, simply mark as spam and ignore. The “hacker” has absolutely nothing on you and is simply trying to trick you into parting with your money.

Unfortunately, a small percentage of recipients fall for the scam, but rest assured you don’t have to be one of them.