Lab Bot Email Hack Review Another Hack Scam {BEWARE}

Avoid being scammed by LAB Bot Email

Written by Tomas Meskauskas on 09 March 2020 (updated)

“LAB Bot” email scam removal guide

What is “LAB Bot Email”?

“LAB Bot” email is a scam message. Its misleading subject/title suggests that the email is from Amazon Delivery Support, however, it has nothing to do with this company. The message is not from Amazon or associates, and the content has no connection with them. The body of the message claims to be from a group of “data storage hackers” (a cyber criminal group), which has supposedly hacked the recipient’s cloud storage. This scam is furthered by the use of scare tactics, in this case the model is used to trick people into paying to prevent the criminals from misusing their data. In fact, the user’s device is not infected and data has not been compromised by these scammers.

The deceptive message alerts recipients not to ignore it, as it relates to their email account and cloud storage. It claims to be from a hacker group, which specializes in unauthorized access to this type of data storage. The email states that, as the users have received the message, they have already been hacked. These scammers claim to be software developers who have created a data-stealing application. This malicious program is allegedly capable of exfiltrating files from cloud storage via affected email accounts. The message then goes on to explain that there are various cloud storage services, which this fake malware can access, such as Google Drive, OneDrive, iCloud and similar. Unless users pay for the data “gathered” by this software, it is either publicized on a darknet forum and/or shared with all of the recipient’s email contacts. The publication of this compromising material can supposedly be prevented by transferring 0.20753 in the Bitcoin cryptocurrency (approximately $1600 USD at the time of writing) to the criminals’ Bitcoin wallet within five days. This scam proclaims that this is the only way to stop the process. To obtain the cryptowallet address, users are instructed to scan the QR code presented in the message with their mobile device. Furthermore, recipients are informed that the five-day countdown begins from the moment the message is opened, which is monitored with the aid of email trackers. Note that this scheme does not proliferate any malicious content, nor have users’ devices been infiltrated by malicious programs. Do not meet the demands of these cyber criminals – regardless of the validity of their claims, there are no guarantees that their promises will be fulfilled following payment.

To eliminate malware infections our security researchers recommend scanning your computer with Spyhunter.
▼ Download Spyhunter
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

“CVE-2020-10562”, “On this day I hacked your OS”, and “Hacker Who Has Access To Your Operating System” are examples of other scams similar to “LAB Bot” email. Deceptive emails have various models, defined as social engineering and scare tactics. Their purpose is to trick people into making payments, revealing personal information (e.g. banking credentials), infecting recipients’ devices with malware, and so on. The purpose of these schemes is to generate revenue for their designers.

How do spam campaigns infect computers?

Scam/Deceptive mail is sent during large scale spam campaigns. The emails are typically highlighted as “important”, “official”, “urgent” and similar. Infections are caused through dangerous files attached (or via links leading to them). The file formats come in a wide variety including, for example, Microsoft Office and PDF documents, archive (ZIP, RAR) and executables (.exe, .run), JavaScript, etc. When these infectious files are executed, run or otherwise opened, it initiates the infection process. I.e., opening these files triggers them to begin downloading/installing malware (e.g. trojans, ransomware, etc). System infections via malicious MS Office documents are started by enabling macro commands (i.e., enabling editing). In Microsoft Office versions released prior to 2020, however, infection is initiated the moment the document is opened.

How to avoid installation of malware

Do not open suspicious and/or irrelevant emails, especially those received from unknown senders (addresses). All attachments and links found in dubious mail must never be opened, due to the high risk of malware installation. If you use email services, run regular system scans to ensure that malicious content has not been installed onto devices through received messages. You are advised to use Microsoft Office versions released after 2020. The newer versions have “Protected View” mode, which prevents malicious macros from infecting systems when dangerous documents are opened. If you have already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.

Text presented in the “LAB Bot” email message:

Subject: Re: [ Amazon Delivery Support ] [ Notification ] Authorization Form Customer ID
[ Support ] – 8764337 bil ling-prob [email protected]

Please do not ignore this message, as it refers to your account **************** and cloud storage.
We are a group of data storage hackers.
If you receive this message, we’ve already hack you.
We are software developers (Login And Backup or often called LAB Bot).

Frequently asked questions (FAQs)
Q: What is the LAB Bot?
A: LAB is an automated application made by Bot using a special API request; the API can download all the data or files that are related to your cloud storage and send it to our server automatically via hacked email access.

Q: Definitely, you’ll think this is impossible!
A: Smartphones, Apple, Windows, etc. All have cloud storage data. Like Google with Gdrive, Microsoft with OneDrive, Apple with iCloud, and all cloud storage directly connected to an email account.

Q: Why should you care about LAB Bot?
A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot will accomplish its final task.
I.e., share backup data downloaded to the darknet forum publicly or to e-mail correspondence, contacts, social network, co-worker. (You certainly didn’t want everyone to see or know your private files (documents, nude photos, hot videos, or others).

Precisely what should you do?

To prevent all of this thing from happening, you need to send Bitcoin with the amount of 0.20753 Bitcoin – to my bitcoin wallet. (if you didn’t know this, search ‘how to buy bitcoin’ on Google.)

Scan the QR code with your phone to get the address.

So, to stop the LAB Bot process, it’s only in one way; “make payments through Bitcoin in the amount of 0,20753 Bitcoin”. You have five days to make a payment, and the time will start when this message opened; LAB Bot will know if you’ve already read the letter because it uses e-mail trackers.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task – usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user’s computer:

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Video showing how to start Windows 7 in “Safe Mode with Networking”:

Windows 8 users: Start Windows 8 is Safe Mode with Networking – Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened “General PC Settings” window, select Advanced startup. Click the “Restart now” button. Your computer will now restart into the “Advanced Startup options menu”. Click the “Troubleshoot” button, and then click the “Advanced options” button. In the advanced option screen, click “Startup settings”. Click the “Restart” button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Video showing how to start Windows 8 in “Safe Mode with Networking”:

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click “Restart” while holding “Shift” button on your keyboard. In the “choose an option” window click on the “Troubleshoot”, next select “Advanced options”. In the advanced options menu select “Startup Settings” and click on the “Restart” button. In the following window you should click the “F5” button on your keyboard. This will restart your operating system in safe mode with networking.

Video showing how to start Windows 10 in “Safe Mode with Networking”:

Extract the downloaded archive and run the Autoruns.exe file.

In the Autoruns application, click “Options” at the top and uncheck “Hide Empty Locations” and “Hide Windows Entries” options. After this procedure, click the “Refresh” icon.

Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose “Delete”.

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.

To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.

About the author:

Tomas Meskauskas – expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2020. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

How to avoid a Bitcoin blackmail scam

Share this page

“I know about the secret you are keeping from your wife and everyone else. You can ignore this letter, or pay me a $8600 confidentiality fee in Bitcoin”.

It’s enough to send shivers down anyone’s spine, but these chilling words are part of a new scam targeting men.

Here’s how it works. Scammers have been sending letters to men, demanding payments using bitcoin in exchange for keeping quiet about alleged affairs. The letter also explains how to use bitcoin to make the payment.

This is a criminal extortion attempt to separate people from their money.

If you — or someone you know — gets a letter like this, report it immediately to your local police, and the FBI .

Threats, intimidation and high-pressure tactics are classic signs of a scam. Learn how to stay ahead of clever crooks with these practical tips , and check out the ways you can keep your personal information secure .

Comments

I got the same email. How did you figure out they got your photo?

I got the same exact email yesterday.

I received virtually the same email that you did, though the Bitcoin address was different, and the password was “password” (which I’ve never used). It is disconcerting. I’m a senior woman who has never gone to a porn site. Plus, I use a desktop, and my camera/mike is plugged in only when it is in use. very rarely. I have no intention of sending the scammer any Bitcoin.

I found that exact email in my junk mail today. Also had threats of read receipt so would know when it was read. Also not to copy or notify anyone. I just deleted but will send to FBI if receive anything else.

I had the same exact thing old old password I reported to the FBI

I just got the same exact Email!

Got a similar piece a week ago. If they were truly going to threaten me they would have already done something. They made a claim about how they recorded me with my own webcam. I’m sorry, but its rather hard to record me with my webcam when its not even plugged into the computer! So yeah, 100% bogus.

And saying they can’t be tracked? I’m quite sure that the FBI has ways to track a bitcoin ‘address’.

i got one like this today, but on my work email. and the computer does not even have a web cam or microphone lol

My guess is, some large company got hacked by these thieves, they stole the usernames and passwords for thousands of innocent user accounts, and then they just spam these innocent people with these bitcoin threats via email. It’s the only explanation as to how they are obtaining passwords.

Same here.. it was tempting for me reply to the scammer – they had an old password also. My email address is usually mistaken as a male ID. Local police (Baltimore) could care less, there are too many murders and armed robberies around here, police don’t even care about property damage.

I found the same email in my spam folder yesterday. Also containing a password. My concern was how they got the password. I used that password for 6 accounts. I have since changed the passwords. 1 account was for Play On. 2 were local businesses and 3 were for sites that were larger and would have made the news if there was a known hack? Any similarities in your accounts/password?

I just received the exact same scam, they threaten to put a video of me watching porn onto social media if I don’t pay $762 in bitcoin in 24 hours. And, like you, they had an old password of mine that really worried me. Sorry I can’t help you as I too am looking for answers.

I just got the very same email. I first contacted my state’s Attorney General’s office and was told to report to FCC. Called the FCC and they said to contact the FTC. I’m going to contact my local FBI office.

The email that I just received is very similarly worded. Freaks me out.

I got the exact same one frannygranny. I’ve had a sleepless night worrying about it, because they did have a password i used to use a lot. And they claimed they had a video of me watching porn, that they’d send to all my contacts. It was not an ideal way to spend my birthday, putting on this brave face, yet worrying that an email would make all my friends laugh at me. I eventually ended up at the same conclusion as you. So what?

I Literally got that same email today. It said it would release my webcam to all my contacts of me watching porn. It said send 988.00 in bitcoins to not be released. It’s a scare tactic and scam. Seriously, don’t stress it.

Did anyone report it ?

its under investigation on the price with me was 978 my serice provider is looking into it

So has anyone actually been targeted with the alleged threats for not paying?

I experienced the same thing as everyone else here — Found the email in my spam folder. In y case, the old password was from Yahoo mail (about 20 years old). I recall a major breach of security at Yahoo a couple of years ago. I wonder if that is were the old passwords came from.

I think they took my old password from yahoo too.

You don’t understand. I never used bitcoin.It is the way the scammer demands payment; through bitcoin, in an attempt to remain anonymous. Here is what they said to me: “Thu‌s, I e‌xpe‌ct pa‌yme‌nt fro‌m yo‌u‌ i‌nte‌nde‌d fo‌r my qu‌i‌e‌t.

I be‌li‌e‌ve‌ $900 i‌s a‌n a‌ppro‌pri‌a‌te‌ pri‌ce‌ re‌ga‌rdi‌ng thi‌s!

Pa‌y wi‌th Bi‌tco‌i‌ns.

My BTC wa‌lle‌t i‌s 1P67uv2wEFCGZhU3DgH7azRxmrXc9kyX3g

If yo‌u‌ do‌ no‌t re‌a‌lly u‌nde‌rsta‌nd ho‌w to‌ do‌ thi‌s – su‌bmi‌t i‌n to‌ Go‌o‌gle‌ ‘ho‌w to‌ tra‌nsfe‌r mo‌ne‌y to‌ a‌ bi‌tco‌i‌n wa‌lle‌t’. It i‌s no‌t di‌ffi‌cu‌lt.”

This Bitcoin scam is not only targeting males! I am a female and have also received a similar threat. The email had somehow confiscated one of my passwords and threated to use pictures, etc. to make pornographic videos and posters using my face. They also demanded that I pay thousands of dollars in Bitcoin. I immediately recognized this as a scam, changed all sites using that password and did not respond. I wish I had kept the email and shared with the FBI. Thank you for telling us how to handle receipt of such and I will definitely report it to the FBI should I receive any similar emails.

I have received exactly the same email. I told them I was not a tech friendly guy and that they should send a paypal email as I do not know about how botcoin works. They never responded. Had they sent the paypal email, I would have reported to authorities.

I didn’t know to forward to FBI instead of deleting and holding my breath. Glad I read this!

I am going threw this right now. A few days ago it was my phone. Blocked. Claimed the porno crap n demanding $500. As if the fbi use vanilla cards to collect fees. I new something was wrong. Needless to say i had to get a new phone. Yesterday i got the email n the fool wants me to pay $7000.

Hi, I just got one of these e-mails. Question, did they actually block your phone? They’re saying they will block my phone, too. The password they said they had wasn’t valid though, but was very similar to one I’d used years and years ago. I reported this to the fbi, copied and pasted it right into the fbi website complaint form!

If they locked your phone, it may not be fake. Be careful, & report it to FBI.

I’m also a female that received the same type of scam email. They’re letting me off cheap though! They only want $900 for now but they will probably come back asking for more if I follow their instructions. If they want to plaster my 62 year old face all over the internet with porn let them! hahaha I don’t think anyone would find it very interesting.

Recently got email wanting Bitcoin ransom. Had my email name and pw.

I already have this and I find it helpful . You should of done this years ago. I tell people about the scams that you send out.

This hasn’t happened to me but i do file a lot of reports of scam numbers. I usually get them every day. A lot from other states. .

Thanks FTC, for your ongoing efforts! I received two of these scam emails within one week. While local law enforcement did not take a report, stating that since I had not suffered any loss there was nothing they could do, both the FTC and the FBI took my information. There has been no further action from the scammers. Keep up the good work, you guys!

Tell your local law enforcement to stop being lazy. Attempted crimes are still crimes regardless if they payout or not. Do they still investigate attempted murder if no one dies .. derp.

How can I make this as spam on my iPhone?

I just want to know how to report to FBI? Thank you.

Follow the link in this blog to www.fbi.gov/contact-us.

I am a female and received such a scam letter, stating that they had pics of me involved in sex acts and would expose me if I didn’t pay them thousands in Bitcoin. I didn’t think twice about informing the FTC. Wish I had know to forward the info to the FBI. But I am grateful the word is out to save people unnecessary grief.

I got a similar scam over a week ago but it was directed towards porn. I deleted it.

I’ve had this a few times now. I knew it was a scam immediately – but was concerned as they started the email with my password. I immediately changed the password.

After receiving one of these I immediately filed an on line report with the FBI and notified everyone on my mailing list that they could receive an email with a lot of pornography. I explained the attempt to blackmail me and the threats of the lowlife that thought that I was as dumb as he/she is. I have yet to hear back from the the scum that sent the blackmail.

My sister and co-worker received this e-mail. I will let them know. Thank You.

I received something similar to this. It tried to claim legitimacy by showing a one of my passwords (supposedly gathered by a keystroke logger and a hijacked webcam). I did some research and found that the password was an old LinkedIn password of mine from 4+ years ago, probably acquired through a LinkedIn data breach and sold to the extorter.

I ignored the threat email, since there was no way its claims were true. It was purely an attempt to scare me into complying with its demands.

Lesson: Change your passwords regularly, especially after reported data breaches. Also, keep your device’s protection software current. Do not immediately click on links or attachments in emails you receive. Take time to inspect them for authenticity. Do not panic if you receive an extortion email. Alert the appropriate authorities.

Thank you for informing me about all these scams. I get calls on my cell phone daily trying to get my credit card information by telling me that they are trying to give me a lower interest rate. How can I stop this? I am already on the no call list.

I’m 24 yrs old and a single male. So far, I’m still being attacked, their are many groups of unwanted people within my life, I’ve been receiving many letters of different checks and I haven’t succeeded any of my financial goals. I’m exhausted of trying to report each problem after many attempts in contacting the FBI and you guys and NOTHING in return. I know there’s something fishy going on and all I’d like is my happy life back.. With a happy future. Please, I’d like to start a new ch. In my life because this is just stupid. Like at least a deal or something.

I am NOT the guy to sabotage. I got great knowledge so hire me asap and let’s collaborate

P.s. . get a load of this, the more I continuesly get attacked/bully etc., VALUE goes down. Its a long story/lesson to type right now but, the facts are there.. Just look at specific statistics since 2020, there’s no need for stalking but more like pay me and lets get this show on the road..

Just received a letter in the mail demanding payment in botcoin, person whom sent it indicates he was doing a job in my hometown, much of the wording similar to other scams i have read about, again with the bitcoin account, why is it that bitcoin, being used by these scammers, cant shut these accounts down, how is it that a currency that is supposed to be the future of exchange allowing criminals such as these low life jerks to operate? This just gives bitcoin a very bad name and shows that its not ready for public use and as long as bitcoin exchanges allow this it casts a dark shadow on the value of its utility as a currency alternative. And where is the IRS on all this money exchanging? Illegal activities are still income that must be reported so there is both a criminal and a tax crime going on here.

SCAM WATCH

Hacking occurs when a scammer gains access to your personal information by using technology to break into your computer, mobile device or network.

Common examples of hacking methods

• Malware & ransomware – malware tricks you into installing software that allows scammers to access your files and track what you are doing, while ransomware demands payment to ‘unlock’ your computer or files.
• Exploiting security weaknesses – weaknesses can include reused and easily guessed passwords, out of date anti-virus software, and unsecured WiFi and Bluetooth connections.

Payment redirection scams – if you are a business, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They will provide you with a new bank account number and ask that all future payments are processed accordingly. The scam is often only detected when your regular supplier asks why they have not been paid. Example: John updated supplier details and it ended up costing thousands.

Once scammers have hacked your computer or mobile device they can access your personal information, change your passwords, and restrict access to your system. They will use the information they obtain to commit fraudulent activities, such as identity theft or they could obtain direct access to your banking and credit card details.

Warning signs

• You are unable to log in to your computer or mobile device, or your email, social media and other online accounts.
• You notice new icons on your computer screen, or your computer is not as fast as it normally is.
• Files on your computer have been moved or deleted.
• Pop-up boxes start appearing on your computer screen. These may offer to help ‘fix’ your computer, or a simply have a button that says ‘close’.
• You have an unexpectedly large phone data or internet bill.
• You notice that amounts of money go missing from your bank account without any explanation.
• You suspect that your mobile phone number has been ported without your consent, after you notice that your phone is showing ‘SOS only’ where the reception bars usually appear.

Protect yourself

• Always keep your computer security up to date with anti-virus and anti-spyware software, and a good firewall. Only buy a computer and anti-virus software from a reputable source.
• Use your security software to run a virus check if you think your computer’s security has been compromised. If you still have doubts, contact your anti-virus software provider or a computer specialist.
• Secure your networks and devices, and avoid using public computers or WiFi hotspots to access or provide personal information.
• Choose passwords and PINs that would be difficult for others to guess, and update them regularly. Do not save them on your phone or computer.
• Do not open attachments or click on links in emails or social media messages you’ve received from strangers – just press delete.
• Be wary of free downloads and website access, such as music, games, movies and adult sites. They may install harmful programs without you knowing.
• Do not use software that auto-completes online forms.
• Visit Stay Smart Online for tips on how to protect your personal and financial information online.

Have you been scammed?

If you think you have provided your account details, passport, tax file number, licence, Medicare or other personal identification details to a scammer, contact your bank, financial institution, or other relevant agencies immediately.

We encourage you to report scams to the ACCC via the report a scam page. This helps us to warn people about current scams, monitor trends and disrupt scams where possible.

Spread the word to your friends and family to protect them.

Has a Hacker Really Hacked My Email Account?

A scam claims your email account has been hacked, possibly even including a password you’ve used. Don’t be fooled.

The questionable email message that this person was reporting describes how this person’s account had been hacked, how changing the password wouldn’t help, and that it was being held for ransom to be paid in Bitcoin. And, indeed, it appeared to be “From:” this person’s email address.

Variations of this scam even include a password — a password that you’ve actually used.

Even so, “complete BS” is very accurate.

Though, if there is a password, then there is one thing you should do.

Summary

• These messages are nothing more than spam

Examples

Here’s an example of what was reported (I replaced the email address with my own – it was indeed the email address of the person asking):

And another, this time from my own spam folder, including a password:

In this example, “arealpassword” represents an actual password I have indeed used in the past — just not for that email account.

There are additional variations, often playing up the adult website angle, or even claiming to have recorded a video that they threaten to release if you don’t pay.

It’s spam, pure and simple

These messages really are nothing more than spam. Mark them as such and move on.

More correctly, they’re a scam: they’re trying to fool you into paying when there’s absolutely no reason to.

Messages like this are sent to thousands upon thousands of email addresses every day. Just like spam. If you have multiple email addresses, you’ll probably see them across many accounts.

I have dozens of email addresses and I get dozens and dozens of these messages. If Gmail hasn’t already identified them as spam, I mark them as such and move on.

The messages lie

These messages garner attention because they try to scare you by lying about what they know.

• They did not hack your email.
• They did not send the message using your account.
• They did not plant a virus on your machine to monitor password changes.
• They did not record video of you watching online video 1 .
• They do not actually have the password to your email account.

If you take away all these lies, there’s nothing left except spam.

Related

Yes, “From: spoofing” is a thing. Chances are even you can do it. More here: “From” Spoofing: How Spammers Send Email that Looks Like It Came from You.

But, they sent “From:” my email address!

The messages only look like they came from your email address.

In reality, using a technique called “From: spoofing“, the hackers simply crafted an email with your email address in the “From:” line and sent it using their own servers, hacked servers, or botnet

“From: spoofing” is nothing new. Spammers have been doing it for years. If you look closely at your spam, you’ll probably see messages “From:” people you know that they didn’t send. That’s because they didn’t. The spammers did, and simply made it look like your friend sent it.

This particular ruse is no different. It’s spam.

Related

But they included a password I actually used!

This is what made the original wave of this spam so unique: it included actual passwords associated with the email address they were sending the scam to. Note that the passwords were not necessarily the actual email account password; they were passwords associated with the account.

Blame breaches. Specifically, if you’ve ever had an account at an online service that suffered a data breach, the password you used at that service might have been exposed at that time.

Here’s the sequence of events:

• You have an email account with a password. Say “[email protected]” with a password “kbrPMkey4AYnfu7fCX5E”. 2
• You have an account at somerandomservice.com using an email address — “[email protected]” – and a password — “arealpassword”.
• Somerandomservice.com suffers a data breach and their account database is stolen.
• Somerandomservice.com used poor security, making it possible for the hackers to see both the email address (“[email protected]”) and the password (“arealpassword”).

That’s it. That password is “associated with” your email address because you used it somewhere. It is not the actual email account password.

But it does get your attention. (I know it got mine the first time I saw it.)

One thing to do: change passwords exposed in breaches

Whenever a password you use is somehow exposed in a data breach, it’s important to stop using that password. Anywhere. That’s why the breached service will immediately instruct or force you to change your password.

If you’re using the same password anywhere else, you should change it there as well, to a password unique to that specific account.

Hackers know we’re lazy and often use the same password across multiple different accounts. That’s why when a password is discovered “in the wild,” it’s still a serious thing. Hackers often try that password (along with your email address) at a variety of online services, just in case you reused it there.

This scam has actually done you a small favor: it’s identified a password that you should no longer use anywhere. It’s shown you that this password has been discovered “in the wild”.

Podcast audio

Video Narration

Related Posts

Footnotes & references

1 : A specific type of online video that I’m reluctant to label because it seems to affect email deliverability and search result placement when I do. Let’s just say it’s a type of video many people would find embarrassing.

2 : Before you ask, of course that’s not my password.

New Here?

Of course I strongly recommend you search the site — there’s a ton of information just waiting for you.

Finally, if you just can’t find what you’re looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

Leo Who?

49 comments on “Has a Hacker Really Hacked My Email Account?”

I loved this article as I have been getting these emails. Another one says it is from Canada Post
but really is not and asks you to download an invoice in a format that cannot be opened by any program.

Really enjoy your newsletters
Thank you

“But it does get your attention. (I know it got mine the first time I saw it.)” – Yup. You certainly have a “What the hell?” moment. It’s one of the clever scams and, I suspect, dupes a fair number of people.

Personally I find it interesting that they’re willing to make the assumption that people can figure out how to make a payment in bitcoin. I guess they only need a couple…

Amen to that — I wouldn’t even begin to know how to acquire any Bitcoin — nor even to know where I should look to gain that information. (Nor am I interested.)

I get these critical security alerts from Google and cannot figure out how to shut down the “gtempaccount” since I didn’t really set it up and Google does not let me log in to delete it (they don’t recognize me as the owner, even though I use passwords I have used to log in to my ACTUAL Google Apps For Your Domain account (legacy, non-paid) The scary part is that they “used your password”:
Sign-in attempt was blocked
myname%[email protected]
Someone just used your password to try to sign in to your account from a non-Google app.

Thanks for the article. I got one of these emails and expected it was a scam, but seeing an old password that you have used can make you stop and think. I would not have seen it, except I was looking through my spam folder for another email that I thought I missed. I suspect it was a yahoo or facebook breach that released my old password to cyberspace.

I get these also and it’s interesting how they ask for some odd ball amount of money.
There isn’t much you can do to prevent spoofing, but there are a couple of methods that may help minimize these or send them directly to the spam folder. These methods would depend on your email provider and they may not be available with free web mail accounts, although gmail seems to have a default SPF (see below).

(1) Look up “Sender Policy Framework” or SPF. This is a protocol build into email servers that’s designed to reject emails whose real sender IP address doesn’t match the “From” address’s domain. This would be the case for a spoofed From address. There are many good explanations for SPF online, such as https://support.google.com/a/answer/33786 or https://postmarkapp.com/blog/explaining-spf.

You can find out the real sender’s ISP IP address in the full email header. For example, I know that my spoofed emails come from an ISP in Brazil. In gmail, to see the SPF setting, open an email, click on the 3-dot menu at the top right, and select “Show Original” in the context menu. On the page that opens, to see the full email header, click the “Download Original” link.

(2) If your email provider allows you to set up a blacklist of email domains, you can use the information in the email header to blacklist the sender IP address or domain. This will send these types of email to the spam folder.

(3) If you find the sender’s ISP you can send an email to its “abuse” email address, attaching one of the spoofed emails (with full header). This last item will just make you feel good, but won’t really do much to stop the spoofed emails.

I also received on Oct.20,2020 such an e-mail with the request of paying (in bitcoin) $ 878 (?). It seemed to come from an old friend of mine and quoted, for my recognized real e-mail address a password which I don’t recognize at all (possibly one I used once only and is now just forgotten). I phoned my old friend and explained him what had occurred. Afterwards I treated the e-mail as SPAM. Thanks a lot, Leo, for your wonderful lessons.

I have also received a couple of these. One quoted a password (which I immediately recognized as an old old password and was spelled wrongly anyway).
They both indicated they had recorded me on my webcam – good luck with that, I don’t actually own one.
I treated them with the contempt they deserved and ignored them.

I suspect the ‘random’ ransom has something to do with the fluctuating value of bitcoins, but i could be wrong.

One of the reasons I don’t have a monitor with a webcam and/or microphone.

And yes, I’ve had a couple of “emails” over the last 10 years or so threatening to release video of me “abusing myself” and I better pay up or they’ll release it to the authorities yada yada yada… ha ha, yeah right. If only “I could” abuse myself. Medical issues most certainly preclude me from obliging them on that. LOL

God article. I recently ran into another version using my phone. Calls reporting that they were from one of my email providers kept leaving messages stating that my account had been hacked and to all to reset my account info. Failure to do so claimed that my access would be terminated. This followed a few emails with similar claims that had arrived. The emails may or may not have been from the same source.I had deleted them once I considered them phishing. The frequency of the calls increased over about 6 weeks, apparently terminating on the last day where about 6-7 calls came in. his last date masked the calls as from my own phone number. I did contact the provider via an access provided by them not the caller. They verified that they do not make such calls or email notices.

Yep, these are coming in many different forms via email and phone. It’s annoying, but best ignored or marked as spam if that’s an option. Thanks!

i received this kind of scam. but it’s actually contains my current password. i used the email for daily life and it actually had my adress. i don’t know what i should do. should i stop using those account?

No need to stop using the account. Just change the password and recovery information on all websites which use that password. Actually, you shouldn’t use the same password on more than one site. Breaches like that put all websites with that password at risk.

NO Just change your password if you’re at all concerned, and otherwise ignore the scam completely.

I got the same spam. I reported it to Spam Cop and naturally it didn’t come from my ISP but one in Brazil. It’s called ‘spoofing” Frankly I don’t have a clue how to PAY FOR ANYTHING with Bitcoins.

Honestly that’s one of the things that surprises me about this spam: the average user has no idea what Bitcoin is, or how to pay using it. I guess the hope is that someone will get so freaked out by the threat that they’ll figure something out and do it poorly, in a hurry, or whatever, without realize that once paid there’s ZERO recourse.

I just wonder how many people fell into this cheap trap, just because they are threatened by “having visited an adult site” … If many indeed, then this would be very sad for our world …
In my opinion, all this bitcoin issue should have never been allowed to come into living, because it only facilitates illegal activities of all kinds.
Any kind of technology should be kept under severe control.

A few months ago I received such a spoofed email, without a password but with details they claimed to have collected for some months “while they had access” to my account. One claim was that they had recorded porn that I had watched with added footage of how I reacted to the porn. They wanted me to pay them a few hunderd euro in bitcoin. It was not difficult to decide what I should do: since I never watch porn and have my webcam permanently covered with black adhesive tape when I don’t actually use it, the claim was evidently spurious and I simply deleted the blackmail message.
Bitcoin! I’ve never even tried to do anything with bitcoin. No idea how that works… They demand bitcoin for their own safety, but don’t realise that not many people know how to use it. Especially the people who fall for their scam.

I surely appreciate your article on this, Leo! I got one of these messages two months ago with a password I had used on the email account previously not currently. I foolishly had used that same password though on multiple other sites. The scammer demanded I not message him (or her) back because it was not negotiable and there was nothing I could do about it because they already knew everything including Facebook friends, all my passwords to bank accounts, etc. due to having installed a keylogger so they knew when I had read their demand message. They gave me 48 hours to pay the ransom of $1,400.00 in Bitcoin. Also said he had a video as you mentioned but I knew that wasn’t possible since I have never removed the black tape I covered the camera with when I bought the computer. That led me to wonder how much they really knew about me, if anything. So I knew better than to pay and I immediately started changing all the passwords and recovery info for each site I could remember using the one they knew about. Even decided that if they really had installed a keylogger, I had to change all my passwords besides the one they listed. I’ve been busy since that’s a LOT of passwords! Your article has eased my mind substantially, Leo. Thanks again!!

Anyone who is somewhat smart can figure out Bitcoin in an hour of Googling.

I received these messages. I can not for the life of me access my gmail account. I can not even access my registration and other domain hosting companies. I never changed this information. I am very willing to provide my domain name and have anyone look it up.

I did have g suite. When I canceled g suite, the mess began! I am at my wits end. I have hired hackers but never heard from them again. I was scammed! Live and learn. I do want to know how to get my domain and email account back.

Is there any advice?

Thanks for a very useful article, Leo. I just received two of these emails in my Junk folder. The password they know of mine is one I use for sites where security is not very important, like newspaper comments or online forums. I’ve used it for literally dozens of sites going back fifteen years, and it would be a lot of work to change them all. Do you think I really need to?

Yes. And you’d be surprised … often those accounts you think don’t need much security really do. Don’t reuse passwords.

I received 10 of these emails and blocked them but they keep sending it from a different email accounts because they found out that i blocked them. They have one of my passwords. I closed my email account. They are sending sometimes three emails per day.

Can a hacker steal my contacts and record me on my phone.

If they manage to get access to your phone, or you have malware on your phone, then just like a computer hackers can do anything.

One thing to be aware of is if a hacker did have access to your email with the password they probably did login and change the Proxy settings so they can read anything you send from their server. Why would they do this, to monitor any financial or monetary things they may be able to use against you.

Marking these mails as spams on my official email address for a long time now. But recently I have noticed that emails from my address have started turning up in spam folders. Gmail says that often mails from (my email address) have been reported as spam. I do not use my mail for marketing or anything. Could it be that me reporting the spoofing as spam has resulted in Gmail to consider it as spam?

If the spam comes “from” your email address — whether you sent it or not (i.e. it was spoofed) — then I would assume marking it as spam might well act as a strike against your email address. Google has to know that this kind of spoofing is going on, so it can’t be a huge negative hit, though.

Hi,
I received a email saying that my Operating System had been hacked and that the hacker has access to my webcam and microphone. He said that he would send false information to all my contacts unless I paid him.
I have no intention of paying him but how should I proceed with this?

That’s exactly what the article you just commented on answers. Please read it. Mark the message as spam, and move on.

The person asked “…Do you have any advice what I should do about this?”

You replied with “Nothing.”

Most people know what you meant by “Nothing”. Some people seeing “Nothing” might interpret it to mean you have no advice and they stop reading because they’re in a hurry to get to their next e-mail.

“A specific type of online video that I’m reluctant to label because it seems to affect email deliverability and search result placement when I do.”

Really ? Just using the word I think you refrained from using affects your blog’s performance in search engines, and email deliverability for your own messages ? Wow !

SEO and spam filtering are a bitch. But that brings up a question: If certain key words can negatively affect your SEO, wouldn’t comments on the page have the same effect?

I have a yahoo personal email account that I haven’t accessed for 3 years. I don’t remember the password at all. I have tried everything but still cannot get the right password. The secondary email attached to the email account is wrong (one letter added by mistake), and there is no phone number attached to the email account.

Is there a way to access my email?

No. It has very likely been closed for lack of use.
A One-step Way to Lose Your Account … Forever
You might try opening a new account with that old name. You won’t get your older emails back but you should be able to receive and newer emails sent to that address if it works.
What Does It Mean that Yahoo! Is Releasing Email Addresses?

A few minutes ago I received an email from “Hacker Team” is a non-reply account. I was really scared, because they ask for 800 USD bitcoins, and if I do they won’t publish a video of me watching porn or something… It also says that I only have a maximum of two days to deposit the bitcoins, should I change my passwords?

PLEASE read the article you just commented on — it addresses EXACTLY this situation.

So, I’m getting damaging messages from a gmail account. I need them to stop. How can I stop them? How can I found out who’s sending? Some hacker guy wants me to pay him bitcoin and he guarantees he will have results. I don’t even know if this is legal or if I can trust him.

It sounds like ordinary spam. He’s definitely not trustworthy; he’s a scammer. Mark it as spam so your spam filter learns to recognize it.

You cannot. Mark them as spam and move on.

I got an e-mail yesterday, but not about passwords… the guy says my cameras are compromised, and that I’ve been caught on a adult site.. and has a video of myself masturbating to that video…and he demands U$S 1500 in bitcoin, or else the video will be shared to every single contact I have in Outlook

the funniest things were…
1- the dude wrote the whole note with different symbols and punctuation signs to pretend he was in the matrix or something…
2- I don’t really think people have contacts in outlook anymore (specially with social media)
1- I don’t even have webcam

hi, I received an email from a hacker. I don’t know what to believe. I’m terrified. It says I’ve been recorded and that I have 50 hours to pay since the moment I read the email. What do I do? Although it also says that I’ve been hacked by a trojan virus while I was searching some inapropiate websites. This email was sent to me in august 22 of 2020 and I found it just now. Is this an spam ? I’m worried beacuse the hacker says the he will get a notification when I read the email. Please help me. I may also add that this email was sent to me through a university account( the university uses hotmail). How is that possible? and that’s why I’m scared.

Please read the article you just commented on. It addresses this exact scenario. (TL;DR: it’s just spam, ignore it.)

Leave a reply:

Before commenting please:

• Read the article.
• Comment on the article.
• No personal information.
• No spam.

Comments violating those rules will be removed. Comments that don’t add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Remove LAB Bot Amazon email scam

Be leery of a new Bitcoin extortion scam doing the rounds which involves a scary LAB Bot cloud storage hack theme and impersonates Amazon billing support.

What is the LAB Bot – [email protected] email scam?

LAB Bot is a fictitious name of a hacking crew used as a scare element in a new massive email hoax. The first part of the spoof term stands for “Login And Backup” and supposedly denotes a malicious application that easily accesses a victim’s cloud storage, downloads their files, and transmits the data to the criminals without raising red flags. The misleading messages look like they come from Amazon, with their subject line saying: “[Amazon Delivery Support] [Notification] Authorization Form Customer ID [Support]”. This is part of the crooks’ strategy to feign legitimacy so that that victim at least reads the email. In fact, though, the stratagem is absolutely unrelated to the e-commerce giant. Although the sender’s email address displayed in the message is [email protected] (the spelling may vary), it actually comes from another source – here are some of the most frequently reported strings shown in the “From” field

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

The con artists in charge of this scam boil their brainwashing down to a purported compromise of the recipient’s cloud storage. This recent breach has presumably enabled the self-proclaimed hackers to get hold of the person’s data kept in the cloud. To prevent this information, including sensitive materials, from being leaked into the open Internet, the user is instructed to submit a ransom in Bitcoin to the black hats.

There is no uniform size of the ransom demanded from the targets of this fraud. It’s in the range of 0.16 – 0.22 BTC, which is worth about $1,200 – $1,600. The alleged hackers provide a deadline for the payment, emphasizing that the LAB Bot malware is preconfigured to execute its mission in five days after the message is received unless the full amount of money is paid. What will happen otherwise? The malefactors try to convince the user that all their personal documents, photos, and videos – some of which could be “naughty” – will be made public. In particular, according to the email, the info will be sent to the victim’s social media contacts and colleagues. To know when the message was originally opened and perused, the wrongdoers claim to leverage email trackers. The email body in this blackmail scenario is as follows:

Please do not ignore this message, as it refers to your account [recipient’s email address] and cloud storage.
We are a group of data storage hackers.
If you receive this message, we’ve already hack you.
We are software developers (Login And Backup or often called LAB Bot).

Frequently asked questions (FAQs)
Q: What is the LAB Bot?
A: LAB is an automated application made by Bot using a special API request; the API can download all the data or files that are related to your cloud storage and send it to our server automatically via hacked email access.

Q: Definitely, you’ll think this is impossible!
A: Smartphones, Apple, Windows, etc. All have cloud storage data. Like Google with Gdrive, Microsoft with OneDrive, Apple with iCloud, and all cloud storage directly connected to an email account.

Q: Why should you care about LAB Bot?
A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot all cloud storage directly connected to an email account.

Q: Why should you care about LAB Bot?
A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot will accomplish its final task. I.e., share backup data downloaded to the darknet forum publicly or to e-mail correspondence, contacts, social network, co-worker. (You certainly didn’t want everyone to see or know your private files (documents, nude photos, hot videos, or others).

Precisely what should you do?

To prevent all of this thing from happening, you need to send Bitcoin with the amount of 0.23275 Bitcoin – to my bitcoin wallet address. (if you didn’t know this, search ‘how to buy bitcoin’ on Google.)

BTC address: [QR code]

Scan the QR code with your phone to get the address.

So, to stop the LAB Bot process, it’s only in one way; “make payments through Bitcoin in the amount of 0,23275 Bitcoin”. You have five days to make a payment, and the time will start when this message opened; LAB Bot will know if you’ve already read the letter because it uses e-mail trackers.

Upon initial look-through, the LAB Bot Amazon email scam seems to resemble the rest of the Bitcoin frauds in circulation that are mostly copycats of one another. However, there are a few unique characteristics that make it stand out. First of all, sextortion isn’t as clearly implied here and the message is mostly about the victim’s personal information in general without a focus on embarrassing content only. Secondly, the swindlers use an all-new feature to let the recipients know which BTC address to send the funds to. It’s a QR code embedded right in the email. This approach doesn’t really narrow down the potential victim audience because most people either use a QR scanner app already or can easily install it anytime if they need it. Furthermore, the concise FAQ based structure is kind of a novelty on the email scam threat map.

Whereas some people actually estimate the value of their in-the-cloud data as highly as that, falling for LAB Bot email scam and paying up to 0.22 Bitcoin for nondisclosure of the purportedly stolen data is a mistake. The entirety of information provided in this email is a bluff zeroing in on gullible users. As previously mentioned, the source email address is spoofed and has nothing to do with Amazon. Also, there is no such thing as the LAB Bot hacking group or application utilizing some super-secret API request that opens the door to any cloud storage. It is nothing but an element of the intimidation chain. All in all, if you receive this email you can safely ignore and delete it.

There is just one little thing you might want to check, though. Your email address somehow ended up on the scammers’ list of potential victims. This could be an outcome of an earlier data dump ensuing from a breach of a major service provider’s network, or your computer may have been exposed to spyware that collected some PII (personally identifiable information) such as contact details. Use the steps below to ascertain that you’re good to go and no malicious code is lurking inside your machine.

Automated removal of malware related to LAB Bot Amazon email scam

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.