Scam claiming my account has been hacked and asks for Bitcoins

I moved this post here and retitled it as it was a new question and one of our rules is "one question per thread."

I don't know of a way to block these scams as there are rarely keywords in the Subject that you would want to filter on.

Not only have I received many in English, I also speak French and German so I've received some in those languages also.  They all make the same claim.  In my case, it was a password phished three years ago and changed within 20 minutes.  The email headers show that my account was forged/spoofed and that the email did not come from the server that handles my email account.  Here's an example from one of the 30+ such scams I've received over the last nine months.

  Received: from [223.230.70.31] (port=49104 helo=abts-ap-dynamic-31.70.230.223.airtelbroadband.in)
 by mail.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
 (envelope-from <account@domain.com>)
 id 1g8Xg2-0002U0-15
 for account@domain.com; Fri, 05 Oct 2018 16:30:26 -0500

In this case, the .in means the email was sent from an infected computer in India.  If your headers don't include something telltale like that, I would go to https://www.ip2location.com/demo to see that 223.230.70.31 is in Hyderabad, India.

My guess is that anyone reading this should change their password, but that it's extremely unlikely that they were hacked in the fashion suggested by the email.

You can get a free account at https://bitcoinwhoswho.com/ and then report the Bitcoin address where the scammer told you to send money.

Cheers - Bob

I moved this post here and retitled it as it was a new question and one of our rules is "one question per thread."

I don't know of a way to block these scams as there are rarely keywords in the Subject that you would want to filter on.

Not only have I received many in English, I also speak French and German so I've received some in those languages also.  They all make the same claim.  In my case, it was a password phished three years ago and changed within 20 minutes.  The email headers show that my account was forged/spoofed and that the email did not come from the server that handles my email account.  Here's an example from one of the 30+ such scams I've received over the last nine months.

  Received: from [223.230.70.31] (port=49104 helo=abts-ap-dynamic-31.70.230.223.airtelbroadband.in)
 by mail.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
 (envelope-from <account@domain.com>)
 id 1g8Xg2-0002U0-15
 for account@domain.com; Fri, 05 Oct 2018 16:30:26 -0500

In this case, the .in means the email was sent from an infected computer in India.  If your headers don't include something telltale like that, I would go to https://www.ip2location.com/demo to see that 223.230.70.31 is in Hyderabad, India.

My guess is that anyone reading this should change their password, but that it's extremely unlikely that they were hacked in the fashion suggested by the email.

You can get a free account at https://bitcoinwhoswho.com/ and then report the Bitcoin address where the scammer told you to send money.

Cheers - Bob