Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 2435 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scam claiming my account has been hacked and asks for Bitcoins

minis

hy , 

how can I block this kind of mail  in sophos 

""  *********has been hacked, change your password ASAP

 H​el​lo​,

A​s ​yo​u ​ma​y ​ha​ve​ n​ot​ic​ed​, ​I ​se​nt​ t​hi​s ​em​ai​l ​fr​om​ y​ou​r ​em​ai​l ​ac​co​un​t ​(i​f ​yo​u ​di​dn​'t​ s​ee​, ​ch​ec​k ​th​e ​fr​om​ e​ma​il​ i​d)​. ​In​ o​th​er​ w​or​ds​, ​I ​ha​ve​ f​ul​lc​ce​ss​ t​o ​yo​ur​ e​ma​il​ a​cc​ou​nt​.

I​ i​nf​ec​te​d ​yo​u ​wi​th​ a​ m​al​wa​re​ a​ f​ew​ m​on​th​s ​ba​ck​ w​he​n ​yo​u ​vi​si​te​d ​an​ a​du​lt​ s​it​e,​ a​nd​ s​in​ce​ t​he​n,​ I​ h​av​e ​be​en​ o​bs​er​vi​ng​ y​ou​r ​ac​ti​on​s.​

T​he​ m​al​wa​re​ g​av​e ​me​ f​ul​l ​ac​ce​ss​ a​nd​ c​on​tr​ol​ o​ve​r ​yo​ur​ s​ys​te​m,​ m​ea​ni​ng​, ​I ​ca​n ​se​e ​ev​er​yt​hi​ng​ o​n ​yo​ur​ s​cr​ee​n,​ t​ur​n ​on​ y​ou​r ​ca​me​ra​ o​r ​mi​cr​op​ho​n ​an​d ​yo​u ​wo​n'​t ​ev​en​ n​ot​ic​e ​ab​ou​t ​it​.

​I ​al​so​ h​av​e ​ac​ce​ss​ t​o ​al​l ​yo​ur​ c​on​ta​ct​s. ""

 

best regards 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to DouglasFoster

    This works!  Thanks, Doug!  I can't believe that I missed the fact that the Expression Filter no longer just applies to the Subject.

    Unfortunately, when they did that, they didn't include the From: field in the header: In Anti-Spam, Expression-check everything after DATA or include From.  Well, well, well - according to that suggestion I made almost four years ago, I apparently knew then that the content was covered by the Expression Filter.

    Again, Doug, I can't tell you how glad I am that you're participating here!

    Cheers - Bob

    PS You will want to use [B|b]itcoin to ensure that you get both bitcoin and Bitcoin.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    I use a webhost for my email needs and light webhosting.

    The rule below helps filter out most of this garbage that appears to be coming from myself.

    Basically it checks the headers to see if contains the name of my domain (domain.com), AND does NOT contain "107."  This is the first octet of my public ip.  If this evaluation is true then the email did not originate from my network and gets delivered into the spam folder.

    There are some caveats to this.  Cell phone service is att based so it too will start with the 107.  Say if I sent an email to myself from a verizon or comcast ip, it would get flagged as spam.

Unfiltered HTML