There seems to be an alarming number of scam email attempts going around lately, and a few of them in particular have people extremely concerned. Scam emails are nothing new, but we have had people contact us regarding a specific type of email that has been doing the rounds since August last year. There are a few variations of this email, however it will generally follow these main points:

  • Hello, I am a notorious hacker.
  • I have infected your computer with malware, and I have used this to get embarrassing footage of you via your webcam.
  • For proof, this is your password: *password here*
  • For further proof, I have sent this email from your own email account which I have also hacked. Check the sender address.
  • Deposit $xxx.xx amount of dollars into my Bitcoin wallet, or I will send the footage of you to everyone you know on social media and all the email addresses in your mailbox and ruin your life forever.

Without a doubt, the contents of the email are very disturbing when taken at face value. To the layperson it understandably sounds convincing. How could they know my password and send an email from my own account if what they were saying isn’t true?

How is an email sent from my own email address if they don’t really have access to the account?

This is due to a technique called ‘spoofing’, and it’s surprisingly easy to do. Spoofing is when somebody forges the from address of an email. This is one of the most common tactics used in phishing and spam emails. It’s very successful, and even if you know what to look out for, it may still catch you out on occasion.
You can confirm whether an email has been spoofed or not by checking the email’s “header”. If you’re not sure how to check the header of an email, MxToolBox have some great guides you can check out. You can then run the headers through their very useful ‘Email Header Analyzer’.

Here is a real life example header of a spoofed scam email. Please note that certain sections have been altered or removed for the privacy of the original recipient:

Delivered-To: joe@example.com
Received: from b1s3-1b-syd.hosting-services.net.au
by b1s3-1b-syd.hosting-services.net.au with LMTP id KJgNBTmM1FvU3TcAM3NUgg
for < joe@example.com >;
Received: from out06.smtpout.orange.fr ([193.252.22.215]:46953 helo=out.smtpout.orange.fr) < (This is a French IP address)
by b1s3-1b-syd.hosting-services.net.au with esmtps (TLSv1:DHE-RSA-AES128-SHA:128)
(envelope-from < joe@example.com >)
for joe@example.com;
Received: from ([113.172.60.79]) < (This is a Vietnamese IP address)

I have made bold the parts of the email header which shows it to be spoofed. What we’re looking for here is the IP address (the numbers in brackets). Once you have the IP address the email was sent from, you can then check it using a geolocation IP tool to identify the origin. Our servers are all based in Australia, so if it’s an IP address from a foreign country then it wasn’t sent from your own mail server.

What we’re trying to illustrate in the example header is that the email was first sent by someone with a Vietnamese IP address, which was then sent from a mail service in France into the inbox. In conclusion, the email was originally sent from someone else’s email address and not from the account it claims to be from.

Now, on to the other convincing aspect of this type of scam email.

How do they know my password?

The password may look familiar because of the frequent data breaches that large companies experience on an ongoing basis. These breaches can sometimes result in the leak of millions of user’s passwords to the public.

When you receive a scam email and it includes a familiar password that you have used before or still use, it’s likely that the scammer has just grabbed it from a data leak of passwords.

One of the best websites for checking whether you have been part of a data leak over the years is ‘Have I Been Pwned’. All you need to do is enter your email address. The tool will then return a list of sites and services that your email address has been leaked from (and potentially other information such as your password).

If your email shows up and you have not recently updated your password, please ensure that you do so as soon as possible. Anytime your password, or a password that you have used before, is emailed to you, you should immediately update that password wherever you use it.

Hopefully you can rest a little easier, knowing that these scam emails are usually nothing but a cheap trick. If you’re still in any doubt however, we are always here to put your mind at ease and investigate further for you. Please feel free to give us a call on 0426 998 755. And whatever you do, never deposit your hard-earned money into a scammer’s bitcoin wallet!

New eBook Launched

dande1st.com have published the ebook version of Takeaway – the Sale of the Government Printing Office which coincides with the 30th anniversary of the first Government Asset Sale in New Zealand when on January 24, 1990, the Crown and Graeme Hart of the Rank Group signed a Sale and Purchase Agreement for the Government Printing Office that was to come into effect on January 31, 1990.

The signing of the Sale and Purchase Agreement was the beginning of the end of a poorly conceived sale process that was drawn out over two years. But even following the signing of the agreement it took a further 10 months before the Crown were able to fully complete their obligations which would allow Rank full management of the business. But the Agreement signed on January 24 allowed for the Rank Group to take all the profits of the business even though they had only paid a small deposit and during that time the GPO sales turnover was more than the profit the Government made on the sale of this business asset.

To make matters worse for the Crown, Rank managed to get out of paying any interest on the balance of the money owing when they offered to help finalise issues that the government departments and consultants responsible were having. This amounted to Rank saving a further $1.5 million. Rank also were able to save over $2 million off their original bid for the business following an audit after the sale. The purchase of this Government asset was the springboard that was to launch Rank into the country’s wealthiest investment business that 30 years on is worth more than the national debt reduction the assets sales programme was supposed to achieve.

Takeaway – The sale of The Government Printing Office revisits the GPO in the 1980s of change and looks at what went wrong with the sale process and the effects and aftermath the sale created for the business, that years later triggered a Commission of Inquiry due to the very poor sale result that was less than the cost of the sale process itself and led to a profitable printing, publishing and stationery business being sold for much less than it was worth.

Available now as an ebook.

See also Publishing Page

Supporting Landing Page: Labours Mistakes