Below is an example of a new blackmail email that is appearing in Australian and New Zealanders inboxes. Blackmail emails are a popular way for criminals to make money. Previously the technique was to capture your attention by including information sourced through a known breach (in this case a previously used password) in the subject line. Now they are trying to trick you into believing your account has been hacked by sending you an email that seems to come from your own email account. This technique is known as ‘email spoofing’.
Email spoofing is when the sender of an email typically spam/forges/spoofs the email header "From" an address so the email being sent appears to have been sent from a legitimate email address that is not the spammers own address.
Reasons scammers do this:
To trick spam filters into allowing the email through by using a reputable email address. This way scammers can ensure their email goes to yours, friends or family member’s inboxes rather than their spam folder.
To prevent the bounce back emails from being received in the spammer's own inbox. Spammers may send their spam out to thousands of email addresses, and inevitably a lot of those emails are going to bounce. Since spammers don't want to receive hundreds of bounce back messages, this prevents that from happening.
To trick the recipient in to believing the email is from a legitimate source.
While there is no fool-proof way to prevent either type of abuse to your email address, you could adopt some "best practices" when it comes to your email security:
Update your email account password frequently.
Avoid using your primary email account for everything online. If you are signing up for something like a mailing list, contest, application form, or something similar, use a free throwaway email account like Gmail or Hotmail, something you don't mind deleting if it gets abused.
Only use your primary email to communicate with people you know or trust, this may include financial institutions.
Always run full virus scans on your computer (at least once a week).
Avoid using your email address in online blogs and posts. If you have to, try using (at) and (dot) com instead of @and.com to prevent malicious automations from harvesting your address.
The short answer is, not much. There are no definitive ways to prevent someone from harvesting your email address from the internet and using it for spam. Blocking your own email account may cause you more problems. If the spoofing is recurring and causing a lot of inconvenience, the best thing to do would be to delete the account and start over with a new email account (hence the recommendation regarding throw away email accounts). If you are getting relentlessly spammed, the attacks usually only last for a week or two, sometimes less. If it’s a one-off email like the example above, delete it and remain vigilant.
IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations. We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page. If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Social Services’ Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers. A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.