Probable email hacking?

[Jonzjob]

We have just had an email supposedly from an old family friend. She claimed that she couldn't talk on the phone because of a bad bout of laryingitis. Quote

"I'm unable to speak over the phone due to a serious throat pain caused by laryngitis. Let me know once this gets you, I need a favour to ask.
Best wishes, Pam"

It came originally with the friends full name and what looked like the correct address. Correct apart from '[email protected] when it should have been [email protected].

I didn't smell a rat then and answered it asking what the favour was? She asked if we shop on amazon? then the rat started to appear especially when my sis-in-law had the same email and mailed us to ask if we had had it? I checked our other email addresses and found the same message on 3 out of the 4 of them, the forth being the only one our friend wouldn't have.

We have a MacBook Air M2 on Sonoma, an iMac M1 on Ventura and an ols iMac on High Sierra. I have blocked the sender and it shows as blocked on both the new Macs, but not on the older one and I can't find out how to do it? I would have thought the it would have blocked everything on this IP?

We then had a look at the blocked senders again and now it shows the correct address with our friend's initial, surname and a single 01@ btinternet.com. The address has changed to the correct address! How the **** can it do that?

It seems obvious that our friend's email has been hacked! I tried phoning but all I got was her answerphone and I left her a message, but I can't send her a warning email because the 'low-life thugs' will just get it!

For us it's important to warn her, BUT has it done anything nasty to our Macs and is there a way that I can check? A quick answer would be lovely as I am quite worried over this.

 

[ferrarr]

I don't think your friend was hacked. The email you received was just a phishing scam.

Your Macs should be ok, unless someone you don't know/trust, had access to them?

 

[Raz0rEdge]

This is a classic phishing scheme that people receive through email or SMS. These scammers have had good luck with SMS when they end up getting a finance person at a company and the SMS claims to be from the CEO or some senior person. I read about one case where the finance person handed over many 10s of thousands of dollars thinking it was a valid request.

I'll restate my general stance on online communication, trust no-one. Especially anyone asking for a favor, money, etc. Reach out to them yourself in a manner in which you can confirm their identity and go from there.

 

[Jonzjob]

Thank you for your very prompt reply Bob and Ashwin. What is worrying me is that the only address our friend hasn't got is the onle one that didn't get the email.

Phishing? Possible, but to get 3 emails to 3 different addresses at the same time is pushing the odds a bit surely? And if they have 3 addresses then why not the forth?

It appears that our friends incorrect email address changed after I had replied to what I thought was our friend. I didn't pick up on the 'not so good' language either.

I tried phoning her again and she answered this time and told me that she had been hacked. She is getting a M/soft savvy friend in to check things out for her today.

I usually spot things like this and NEVER open links in emails and I love playing the phone clowns along. Now, I can see that I will have to be even more careful

Don't forget also that my sis-in-law had the same at the same time.

 

[Raz0rEdge]

The scammers aren't doing this manually. This is all done through automated software that is capable of creating and sending these emails in bulk.

Additionally, this is a very low margin game they're playing. The system is guessing and trying to fool a small handful of folks by sending out millions of messages. But the people who fall for the trick end up being lucrative enough of a game that the scammers stick to it.

My aunt has fallen for these schemes repeatedly and has handed over a few thousand dollars until her husband and children took away her accounts. She now has a shared account that everyone can see and her access to any accounts with money requires my uncle to agree to it.

 

[Jonzjob]

What a lovely world we live in???

 

[Raz0rEdge]

Indeed. But just to show you how lucrative this CAN be. A similar phishing/social engineering attack was performed on an IT individual at a large healthcare switch in the US in Feb/March. They were able to get credentials which allowed them to get access to various internal systems and eventually access to pretty much all the data.

The culprits managed to download about 6 TB of data and then immediately sent a ransom request to the company. The company then switched off their entire system putting the a portion of the US healthcare system in chaos with no announcement. They were down from that particular outage for nearly 3 weeks.

At the end, they slowly began to come back up and then news about them having paid around $22 million to the ransomware group became public. Well, there being no honor between thieves, the attack was performed by 2 groups. Group 1 got the money, but didn't share with group 2. Group 2 also has the data and is now ransoming the company for their own payday. The company will have no choice but to pay and not deal with another outage, so this is quite an expensive hit for the company because an employee got lax..

 

[Randy B. Singer]

We have just had an email supposedly from an old family friend. She claimed that she couldn't talk on the phone because of a bad bout of laryingitis. Quote

"I'm unable to speak over the phone due to a serious throat pain caused by laryngitis. Let me know once this gets you, I need a favour to ask.

That's nothing more than a very common (and very effective) phishing scam. See:

https://news.sophos.com/en-us/2020/...-urgently-check-your-facts-before-paying-out/

Your computer isn't infected with anything, and your family friend hasn't personally been hacked. The bad guys got all of your family friend's contact information from the dark Web. That information was gathered through several mass hackings of services like Facebook and Yahoo, which was re-sold to the bad guys phishing you on the dark Web. There is nothing that you can do about it other than to be educated and careful and aware. It's important not to get paranoid. You aren't being specially singled out for hacking, and there is no malware involved.

By the way, this sort of phishing scam often entirely leaves out any computers. The bad guys can call and try to use this exact scam on you over the telephone.

 

[Jonzjob]

Ta for the reassurance randy, and everyone else too.

The one thing that hasn't been touched in the answers here is how was the email address changed from

jilldoe1010 at gmail.com to jdoe10 at btinternet.com? Obviously not the real addresses, but it shows the change.

This changed on the emails that we had already recieved.

 

[ferrarr]

What is the full email and what did it change to? IE, [email protected] or [email protected]

 

[Jonzjob]

Not the same name, but

patbrown0101 @ gmail.com changed to pbrown01 @ btinternet.com Obviously there were no spaces and the bt address was the correct one. I would have thought that I had read it wrong the first time I saw it, but SWMBO saw it too and agreed that it had definitely changed.

 

[Rod]

"I need a favour to ask." would have got me wondering because the correct English would have been, "I need to ask a favour."