Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
how can I block this kind of mail in sophos
"" *********has been hacked, change your password ASAP
Hello, As you may have noticed, I sent this email from your email account (if you didn't see, check the from email id). In other words, I have fullccess to your email account. I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won't even notice about it. I also have access to all your contacts. ""
I moved this post here and retitled it as it was a new question and one of our rules is "one question per thread."
I don't know of a way to block these scams as there are rarely keywords in the Subject that you would want to filter on.
Not only have I received many in English, I also speak French and German so I've received some in those languages also. They all make the same claim. In my case, it was a password phished three years ago and changed within 20 minutes. The email headers show that my account was forged/spoofed and that the email did not come from the server that handles my email account. Here's an example from one of the 30+ such scams I've received over the last nine months.
Received: from [126.96.36.199] (port=49104 helo=abts-ap-dynamic-188.8.131.52.airtelbroadband.in) by mail.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from <firstname.lastname@example.org>) id 1g8Xg2-0002U0-15 for email@example.com; Fri, 05 Oct 2018 16:30:26 -0500
In this case, the .in means the email was sent from an infected computer in India. If your headers don't include something telltale like that, I would go to https://www.ip2location.com/demo to see that 184.108.40.206 is in Hyderabad, India.
My guess is that anyone reading this should change their password, but that it's extremely unlikely that they were hacked in the fashion suggested by the email.
You can get a free account at https://bitcoinwhoswho.com/ and then report the Bitcoin address where the scammer told you to send money.
Cheers - Bob
I am using an expression search to block messages using the phrase Bitcoin.
In reply to DouglasFoster:
This works! Thanks, Doug! I can't believe that I missed the fact that the Expression Filter no longer just applies to the Subject.
Unfortunately, when they did that, they didn't include the From: field in the header: In Anti-Spam, Expression-check everything after DATA or include From. Well, well, well - according to that suggestion I made almost four years ago, I apparently knew then that the content was covered by the Expression Filter.
Again, Doug, I can't tell you how glad I am that you're participating here!
PS You will want to use [B|b]itcoin to ensure that you get both bitcoin and Bitcoin.
In reply to BAlfson:
I use a webhost for my email needs and light webhosting.
The rule below helps filter out most of this garbage that appears to be coming from myself.
Basically it checks the headers to see if contains the name of my domain (domain.com), AND does NOT contain "107." This is the first octet of my public ip. If this evaluation is true then the email did not originate from my network and gets delivered into the spam folder.
There are some caveats to this. Cell phone service is att based so it too will start with the 107. Say if I sent an email to myself from a verizon or comcast ip, it would get flagged as spam.