1st Place! Best Binary Broker 2020!
Best Choice for Beginners — Free Education + Free Demo Acc!
Sign-up and Get Big Bonus:
2nd place! Good choice!
Avoid being scammed by LAB Bot Email
Written by Tomas Meskauskas on 09 March 2020 (updated)
“LAB Bot” email scam removal guide
What is “LAB Bot Email”?
“LAB Bot” email is a scam message. Its misleading subject/title suggests that the email is from Amazon Delivery Support, however, it has nothing to do with this company. The message is not from Amazon or associates, and the content has no connection with them. The body of the message claims to be from a group of “data storage hackers” (a cyber criminal group), which has supposedly hacked the recipient’s cloud storage. This scam is furthered by the use of scare tactics, in this case the model is used to trick people into paying to prevent the criminals from misusing their data. In fact, the user’s device is not infected and data has not been compromised by these scammers.
The deceptive message alerts recipients not to ignore it, as it relates to their email account and cloud storage. It claims to be from a hacker group, which specializes in unauthorized access to this type of data storage. The email states that, as the users have received the message, they have already been hacked. These scammers claim to be software developers who have created a data-stealing application. This malicious program is allegedly capable of exfiltrating files from cloud storage via affected email accounts. The message then goes on to explain that there are various cloud storage services, which this fake malware can access, such as Google Drive, OneDrive, iCloud and similar. Unless users pay for the data “gathered” by this software, it is either publicized on a darknet forum and/or shared with all of the recipient’s email contacts. The publication of this compromising material can supposedly be prevented by transferring 0.20753 in the Bitcoin cryptocurrency (approximately $1600 USD at the time of writing) to the criminals’ Bitcoin wallet within five days. This scam proclaims that this is the only way to stop the process. To obtain the cryptowallet address, users are instructed to scan the QR code presented in the message with their mobile device. Furthermore, recipients are informed that the five-day countdown begins from the moment the message is opened, which is monitored with the aid of email trackers. Note that this scheme does not proliferate any malicious content, nor have users’ devices been infiltrated by malicious programs. Do not meet the demands of these cyber criminals – regardless of the validity of their claims, there are no guarantees that their promises will be fulfilled following payment.
|Name||LAB Bot Email Scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud.|
|Fake Claim||Scammers claims to have infected the user’s device and exfiltrated data from cloud storage.|
|Ransom Amount||0.20753 BTC|
|Disguise||The message is disguised as a Customer ID Authorization Form from Amazon Delivery Support|
|Symptoms||Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer.|
|Distribution methods||Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.|
|Damage||Loss of sensitive private information, monetary loss, identity theft.|
|Removal||What Do Spam Filters Look At? – Spam filters can be incredibly sophisticated or very simple. I’ll look at some of the characteristics of email that spam filters can check.|
|Email Hacked? 7 Things You Need to Do NOW – Email account theft is rampant. If it happens to you, there are several steps you need to take — not only to recover your account, but to prevent it from being easily hacked again.|
|How Do I Route My Email through Gmail? – Gmail can be used to handle email for almost any email address. I’ll show you how to route your email through Gmail, and why it’s worth considering.|
|How Do I Stop All this Spam? – Sometimes, it seems like spam is a tidal wave of junk that threatens to make email completely unusable. While you can’t stop spam, you can manage it very well with a good spam filter.|
Footnotes & references
1 : A specific type of online video that I’m reluctant to label because it seems to affect email deliverability and search result placement when I do. Let’s just say it’s a type of video many people would find embarrassing.
2 : Before you ask, of course that’s not my password.
Of course I strongly recommend you search the site — there’s a ton of information just waiting for you.
Finally, if you just can’t find what you’re looking for, ask me!
Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.
Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.
49 comments on “Has a Hacker Really Hacked My Email Account?”
I loved this article as I have been getting these emails. Another one says it is from Canada Post
but really is not and asks you to download an invoice in a format that cannot be opened by any program.
Really enjoy your newsletters
“But it does get your attention. (I know it got mine the first time I saw it.)” – Yup. You certainly have a “What the hell?” moment. It’s one of the clever scams and, I suspect, dupes a fair number of people.
Personally I find it interesting that they’re willing to make the assumption that people can figure out how to make a payment in bitcoin. I guess they only need a couple…
Amen to that — I wouldn’t even begin to know how to acquire any Bitcoin — nor even to know where I should look to gain that information. (Nor am I interested.)
I get these critical security alerts from Google and cannot figure out how to shut down the “gtempaccount” since I didn’t really set it up and Google does not let me log in to delete it (they don’t recognize me as the owner, even though I use passwords I have used to log in to my ACTUAL Google Apps For Your Domain account (legacy, non-paid) The scary part is that they “used your password”:
Sign-in attempt was blocked
Someone just used your password to try to sign in to your account from a non-Google app.
Thanks for the article. I got one of these emails and expected it was a scam, but seeing an old password that you have used can make you stop and think. I would not have seen it, except I was looking through my spam folder for another email that I thought I missed. I suspect it was a yahoo or facebook breach that released my old password to cyberspace.
I get these also and it’s interesting how they ask for some odd ball amount of money.
There isn’t much you can do to prevent spoofing, but there are a couple of methods that may help minimize these or send them directly to the spam folder. These methods would depend on your email provider and they may not be available with free web mail accounts, although gmail seems to have a default SPF (see below).
(1) Look up “Sender Policy Framework” or SPF. This is a protocol build into email servers that’s designed to reject emails whose real sender IP address doesn’t match the “From” address’s domain. This would be the case for a spoofed From address. There are many good explanations for SPF online, such as https://support.google.com/a/answer/33786 or https://postmarkapp.com/blog/explaining-spf.
You can find out the real sender’s ISP IP address in the full email header. For example, I know that my spoofed emails come from an ISP in Brazil. In gmail, to see the SPF setting, open an email, click on the 3-dot menu at the top right, and select “Show Original” in the context menu. On the page that opens, to see the full email header, click the “Download Original” link.
(2) If your email provider allows you to set up a blacklist of email domains, you can use the information in the email header to blacklist the sender IP address or domain. This will send these types of email to the spam folder.
(3) If you find the sender’s ISP you can send an email to its “abuse” email address, attaching one of the spoofed emails (with full header). This last item will just make you feel good, but won’t really do much to stop the spoofed emails.
I also received on Oct.20,2020 such an e-mail with the request of paying (in bitcoin) $ 878 (?). It seemed to come from an old friend of mine and quoted, for my recognized real e-mail address a password which I don’t recognize at all (possibly one I used once only and is now just forgotten). I phoned my old friend and explained him what had occurred. Afterwards I treated the e-mail as SPAM. Thanks a lot, Leo, for your wonderful lessons.
I have also received a couple of these. One quoted a password (which I immediately recognized as an old old password and was spelled wrongly anyway).
They both indicated they had recorded me on my webcam – good luck with that, I don’t actually own one.
I treated them with the contempt they deserved and ignored them.
I suspect the ‘random’ ransom has something to do with the fluctuating value of bitcoins, but i could be wrong.
One of the reasons I don’t have a monitor with a webcam and/or microphone.
And yes, I’ve had a couple of “emails” over the last 10 years or so threatening to release video of me “abusing myself” and I better pay up or they’ll release it to the authorities yada yada yada… ha ha, yeah right. If only “I could” abuse myself. Medical issues most certainly preclude me from obliging them on that. LOL
God article. I recently ran into another version using my phone. Calls reporting that they were from one of my email providers kept leaving messages stating that my account had been hacked and to all to reset my account info. Failure to do so claimed that my access would be terminated. This followed a few emails with similar claims that had arrived. The emails may or may not have been from the same source.I had deleted them once I considered them phishing. The frequency of the calls increased over about 6 weeks, apparently terminating on the last day where about 6-7 calls came in. his last date masked the calls as from my own phone number. I did contact the provider via an access provided by them not the caller. They verified that they do not make such calls or email notices.
Yep, these are coming in many different forms via email and phone. It’s annoying, but best ignored or marked as spam if that’s an option. Thanks!
i received this kind of scam. but it’s actually contains my current password. i used the email for daily life and it actually had my adress. i don’t know what i should do. should i stop using those account?
No need to stop using the account. Just change the password and recovery information on all websites which use that password. Actually, you shouldn’t use the same password on more than one site. Breaches like that put all websites with that password at risk.
NO Just change your password if you’re at all concerned, and otherwise ignore the scam completely.
I got the same spam. I reported it to Spam Cop and naturally it didn’t come from my ISP but one in Brazil. It’s called ‘spoofing” Frankly I don’t have a clue how to PAY FOR ANYTHING with Bitcoins.
Honestly that’s one of the things that surprises me about this spam: the average user has no idea what Bitcoin is, or how to pay using it. I guess the hope is that someone will get so freaked out by the threat that they’ll figure something out and do it poorly, in a hurry, or whatever, without realize that once paid there’s ZERO recourse.
I just wonder how many people fell into this cheap trap, just because they are threatened by “having visited an adult site” … If many indeed, then this would be very sad for our world …
In my opinion, all this bitcoin issue should have never been allowed to come into living, because it only facilitates illegal activities of all kinds.
Any kind of technology should be kept under severe control.
A few months ago I received such a spoofed email, without a password but with details they claimed to have collected for some months “while they had access” to my account. One claim was that they had recorded porn that I had watched with added footage of how I reacted to the porn. They wanted me to pay them a few hunderd euro in bitcoin. It was not difficult to decide what I should do: since I never watch porn and have my webcam permanently covered with black adhesive tape when I don’t actually use it, the claim was evidently spurious and I simply deleted the blackmail message.
Bitcoin! I’ve never even tried to do anything with bitcoin. No idea how that works… They demand bitcoin for their own safety, but don’t realise that not many people know how to use it. Especially the people who fall for their scam.
I surely appreciate your article on this, Leo! I got one of these messages two months ago with a password I had used on the email account previously not currently. I foolishly had used that same password though on multiple other sites. The scammer demanded I not message him (or her) back because it was not negotiable and there was nothing I could do about it because they already knew everything including Facebook friends, all my passwords to bank accounts, etc. due to having installed a keylogger so they knew when I had read their demand message. They gave me 48 hours to pay the ransom of $1,400.00 in Bitcoin. Also said he had a video as you mentioned but I knew that wasn’t possible since I have never removed the black tape I covered the camera with when I bought the computer. That led me to wonder how much they really knew about me, if anything. So I knew better than to pay and I immediately started changing all the passwords and recovery info for each site I could remember using the one they knew about. Even decided that if they really had installed a keylogger, I had to change all my passwords besides the one they listed. I’ve been busy since that’s a LOT of passwords! Your article has eased my mind substantially, Leo. Thanks again!!
Anyone who is somewhat smart can figure out Bitcoin in an hour of Googling.
I received these messages. I can not for the life of me access my gmail account. I can not even access my registration and other domain hosting companies. I never changed this information. I am very willing to provide my domain name and have anyone look it up.
I did have g suite. When I canceled g suite, the mess began! I am at my wits end. I have hired hackers but never heard from them again. I was scammed! Live and learn. I do want to know how to get my domain and email account back.
Is there any advice?
Thanks for a very useful article, Leo. I just received two of these emails in my Junk folder. The password they know of mine is one I use for sites where security is not very important, like newspaper comments or online forums. I’ve used it for literally dozens of sites going back fifteen years, and it would be a lot of work to change them all. Do you think I really need to?
Yes. And you’d be surprised … often those accounts you think don’t need much security really do. Don’t reuse passwords.
I received 10 of these emails and blocked them but they keep sending it from a different email accounts because they found out that i blocked them. They have one of my passwords. I closed my email account. They are sending sometimes three emails per day.
Can a hacker steal my contacts and record me on my phone.
If they manage to get access to your phone, or you have malware on your phone, then just like a computer hackers can do anything.
One thing to be aware of is if a hacker did have access to your email with the password they probably did login and change the Proxy settings so they can read anything you send from their server. Why would they do this, to monitor any financial or monetary things they may be able to use against you.
Marking these mails as spams on my official email address for a long time now. But recently I have noticed that emails from my address have started turning up in spam folders. Gmail says that often mails from (my email address) have been reported as spam. I do not use my mail for marketing or anything. Could it be that me reporting the spoofing as spam has resulted in Gmail to consider it as spam?
If the spam comes “from” your email address — whether you sent it or not (i.e. it was spoofed) — then I would assume marking it as spam might well act as a strike against your email address. Google has to know that this kind of spoofing is going on, so it can’t be a huge negative hit, though.
I received a email saying that my Operating System had been hacked and that the hacker has access to my webcam and microphone. He said that he would send false information to all my contacts unless I paid him.
I have no intention of paying him but how should I proceed with this?
That’s exactly what the article you just commented on answers. Please read it. Mark the message as spam, and move on.
The person asked “…Do you have any advice what I should do about this?”
You replied with “Nothing.”
Most people know what you meant by “Nothing”. Some people seeing “Nothing” might interpret it to mean you have no advice and they stop reading because they’re in a hurry to get to their next e-mail.
“A specific type of online video that I’m reluctant to label because it seems to affect email deliverability and search result placement when I do.”
Really ? Just using the word I think you refrained from using affects your blog’s performance in search engines, and email deliverability for your own messages ? Wow !
SEO and spam filtering are a bitch. But that brings up a question: If certain key words can negatively affect your SEO, wouldn’t comments on the page have the same effect?
I have a yahoo personal email account that I haven’t accessed for 3 years. I don’t remember the password at all. I have tried everything but still cannot get the right password. The secondary email attached to the email account is wrong (one letter added by mistake), and there is no phone number attached to the email account.
Is there a way to access my email?
No. It has very likely been closed for lack of use.
A One-step Way to Lose Your Account … Forever
You might try opening a new account with that old name. You won’t get your older emails back but you should be able to receive and newer emails sent to that address if it works.
What Does It Mean that Yahoo! Is Releasing Email Addresses?
A few minutes ago I received an email from “Hacker Team” is a non-reply account. I was really scared, because they ask for 800 USD bitcoins, and if I do they won’t publish a video of me watching porn or something… It also says that I only have a maximum of two days to deposit the bitcoins, should I change my passwords?
PLEASE read the article you just commented on — it addresses EXACTLY this situation.
So, I’m getting damaging messages from a gmail account. I need them to stop. How can I stop them? How can I found out who’s sending? Some hacker guy wants me to pay him bitcoin and he guarantees he will have results. I don’t even know if this is legal or if I can trust him.
It sounds like ordinary spam. He’s definitely not trustworthy; he’s a scammer. Mark it as spam so your spam filter learns to recognize it.
You cannot. Mark them as spam and move on.
I got an e-mail yesterday, but not about passwords… the guy says my cameras are compromised, and that I’ve been caught on a adult site.. and has a video of myself masturbating to that video…and he demands U$S 1500 in bitcoin, or else the video will be shared to every single contact I have in Outlook
the funniest things were…
1- the dude wrote the whole note with different symbols and punctuation signs to pretend he was in the matrix or something…
2- I don’t really think people have contacts in outlook anymore (specially with social media)
1- I don’t even have webcam
hi, I received an email from a hacker. I don’t know what to believe. I’m terrified. It says I’ve been recorded and that I have 50 hours to pay since the moment I read the email. What do I do? Although it also says that I’ve been hacked by a trojan virus while I was searching some inapropiate websites. This email was sent to me in august 22 of 2020 and I found it just now. Is this an spam ? I’m worried beacuse the hacker says the he will get a notification when I read the email. Please help me. I may also add that this email was sent to me through a university account( the university uses hotmail). How is that possible? and that’s why I’m scared.
Please read the article you just commented on. It addresses this exact scenario. (TL;DR: it’s just spam, ignore it.)
Leave a reply:
Before commenting please:
- Read the article.
- Comment on the article.
- No personal information.
- No spam.
Comments violating those rules will be removed. Comments that don’t add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
Remove LAB Bot Amazon email scam
Be leery of a new Bitcoin extortion scam doing the rounds which involves a scary LAB Bot cloud storage hack theme and impersonates Amazon billing support.
What is the LAB Bot – [email protected] email scam?
LAB Bot is a fictitious name of a hacking crew used as a scare element in a new massive email hoax. The first part of the spoof term stands for “Login And Backup” and supposedly denotes a malicious application that easily accesses a victim’s cloud storage, downloads their files, and transmits the data to the criminals without raising red flags. The misleading messages look like they come from Amazon, with their subject line saying: “[Amazon Delivery Support] [Notification] Authorization Form Customer ID [Support]”. This is part of the crooks’ strategy to feign legitimacy so that that victim at least reads the email. In fact, though, the stratagem is absolutely unrelated to the e-commerce giant. Although the sender’s email address displayed in the message is [email protected] (the spelling may vary), it actually comes from another source – here are some of the most frequently reported strings shown in the “From” field
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
The con artists in charge of this scam boil their brainwashing down to a purported compromise of the recipient’s cloud storage. This recent breach has presumably enabled the self-proclaimed hackers to get hold of the person’s data kept in the cloud. To prevent this information, including sensitive materials, from being leaked into the open Internet, the user is instructed to submit a ransom in Bitcoin to the black hats.
There is no uniform size of the ransom demanded from the targets of this fraud. It’s in the range of 0.16 – 0.22 BTC, which is worth about $1,200 – $1,600. The alleged hackers provide a deadline for the payment, emphasizing that the LAB Bot malware is preconfigured to execute its mission in five days after the message is received unless the full amount of money is paid. What will happen otherwise? The malefactors try to convince the user that all their personal documents, photos, and videos – some of which could be “naughty” – will be made public. In particular, according to the email, the info will be sent to the victim’s social media contacts and colleagues. To know when the message was originally opened and perused, the wrongdoers claim to leverage email trackers. The email body in this blackmail scenario is as follows:
Please do not ignore this message, as it refers to your account [recipient’s email address] and cloud storage.
We are a group of data storage hackers.
If you receive this message, we’ve already hack you.
We are software developers (Login And Backup or often called LAB Bot).
Frequently asked questions (FAQs)
Q: What is the LAB Bot?
A: LAB is an automated application made by Bot using a special API request; the API can download all the data or files that are related to your cloud storage and send it to our server automatically via hacked email access.
Q: Definitely, you’ll think this is impossible!
A: Smartphones, Apple, Windows, etc. All have cloud storage data. Like Google with Gdrive, Microsoft with OneDrive, Apple with iCloud, and all cloud storage directly connected to an email account.
Q: Why should you care about LAB Bot?
A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot all cloud storage directly connected to an email account.
Q: Why should you care about LAB Bot?
A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot will accomplish its final task. I.e., share backup data downloaded to the darknet forum publicly or to e-mail correspondence, contacts, social network, co-worker. (You certainly didn’t want everyone to see or know your private files (documents, nude photos, hot videos, or others).
Precisely what should you do?
To prevent all of this thing from happening, you need to send Bitcoin with the amount of 0.23275 Bitcoin – to my bitcoin wallet address. (if you didn’t know this, search ‘how to buy bitcoin’ on Google.)
BTC address: [QR code]
Scan the QR code with your phone to get the address.
So, to stop the LAB Bot process, it’s only in one way; “make payments through Bitcoin in the amount of 0,23275 Bitcoin”. You have five days to make a payment, and the time will start when this message opened; LAB Bot will know if you’ve already read the letter because it uses e-mail trackers.
Upon initial look-through, the LAB Bot Amazon email scam seems to resemble the rest of the Bitcoin frauds in circulation that are mostly copycats of one another. However, there are a few unique characteristics that make it stand out. First of all, sextortion isn’t as clearly implied here and the message is mostly about the victim’s personal information in general without a focus on embarrassing content only. Secondly, the swindlers use an all-new feature to let the recipients know which BTC address to send the funds to. It’s a QR code embedded right in the email. This approach doesn’t really narrow down the potential victim audience because most people either use a QR scanner app already or can easily install it anytime if they need it. Furthermore, the concise FAQ based structure is kind of a novelty on the email scam threat map.
Whereas some people actually estimate the value of their in-the-cloud data as highly as that, falling for LAB Bot email scam and paying up to 0.22 Bitcoin for nondisclosure of the purportedly stolen data is a mistake. The entirety of information provided in this email is a bluff zeroing in on gullible users. As previously mentioned, the source email address is spoofed and has nothing to do with Amazon. Also, there is no such thing as the LAB Bot hacking group or application utilizing some super-secret API request that opens the door to any cloud storage. It is nothing but an element of the intimidation chain. All in all, if you receive this email you can safely ignore and delete it.
There is just one little thing you might want to check, though. Your email address somehow ended up on the scammers’ list of potential victims. This could be an outcome of an earlier data dump ensuing from a breach of a major service provider’s network, or your computer may have been exposed to spyware that collected some PII (personally identifiable information) such as contact details. Use the steps below to ascertain that you’re good to go and no malicious code is lurking inside your machine.
Automated removal of malware related to LAB Bot Amazon email scam
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
1st Place! Best Binary Broker 2020!
Best Choice for Beginners — Free Education + Free Demo Acc!
Sign-up and Get Big Bonus:
2nd place! Good choice!