Someone hacked my email address for a ransom. I'm sharing my story about a bitcoin ransom email, sent from my own email account, and how we took care of it.
Photo by Jens Kreuter on Unsplash
Let me tell you what happened to me and then I'll share some steps to go through if it happens to you.
Someone Hacked My Email Address for a Ransom
Last month, on a Saturday, I was checking my email for something. It's rare that I check my business email over the weekend, because I really try my best to have a good work/life balance. But, whatever; I was checking my email for something and there was an email in my inbox with the words...
You've been hacked.
We all get spam emails but this immediately jumped out to me because it wasn't filtered through my spam filter and it came from my own email account.
It was a Ransom Email From My Email Address!
When I opened it, the sender proceeded to say that they had my hosting information for my site and that they were tracking my movements (meaning, whether I had opened and read their email) through a tracker that was embedded in the email. I had 24 hours to respond to the bitcoin ransom that they were demanding. It really looked like someone hacked my email account.
I don't know how to express the feeling of panic and dread. It all seemed very legitimate. It was showing the email from and to me, from my email address, and showing my profile picture. It looked exactly how it looks when I send myself an email.
Since it was the weekend, Luke was home. I know I had a deer-in-the-headlights type of look on my face. I blurted out that I had been hacked and the hacker was demanding a bitcoin ransom.
At this point, Luke just took over. For those of you who don't know, he's been a software engineer for quite a while and, in his day job, he writes code and implements protections (against this type of thing) for a large company.
I got lucky! The "hacker" has probably made money off this scam before and I feel so lucky that I wasn't actually hacked.
I would have never known what steps to go through if I would have been by myself and I'm sure most of you don't either. So, if this ever happens to you... now you are going to know because I'm giving you the steps.
What to do if someone spoofs your email address?
- Don't panic. An email isn't proof of anything. Take a deep breath.
- Next, we need to see try to find out if what the email claims is true. In this case, they said they had access to our web hosting account (where this site lives). Our goal would be to verify whether or not they had access.
- To do that, try to log in to your account (web hosting, in this case). If you can log in, change your password. If you can enable additional security features (like "two factor auth"), do it. The email claimed that they had access to our account. If that was true, they would have logged in and changed the password (so we could not log in anymore and so they would have control of the account). Because we were able to log in, we confirmed they did NOT actually have access to the account.
- Most likely, at this point, you're all done. If you're feeling generous, consider reporting the email (or other communication from "the hacker") to the authorities. If you're in the U.S., that's CISA. It's easy. In most cases, you just forward the email to their email address.
- If you're not able to log in to your account, you should call the company (web hosting company, in this case), explain the email and see if they can help you recover the account. They should either be able to help or will be able to provide what your next steps should be (likely contacting local law enforcement).
Here's my cute hubby, who literally saved the day when this happened.
I held it together during the hour that it took him to change things; but, afterwards, I just started crying and crying. It was rough. To think about someone endangering my business or extorting me for money is icky. It feels so bad and it makes me angry that there are people who do this and succeed. So, share and save this post if you are in the online community because I don't want you to feel powerless if this happens to you.
Also, if you want even more blogging tips, I did a podcast episode called Decor Blogging Behind the Scenes. In it, I talk about the tools that help me keep this blog running and more.
Robin from Frugal Family Times
What a nightmare, Ashley! So glad you’ve got an in house tech advisor in Luke. Thanks for sharing this - I feel better equipped if this happens to me. Off to make sure I have two factor authentication set up for EVERYTHING!
Ashley Mayes
Oh my goodness, it was the absolute worst. I felt so lucky that Luke knew what to do and just wanted to share. Yes, check it now!!
Julie
My husband and I were randomly getting emails like that on our company email addresses. They said weird things like "I'm watching what you do through your webcam and I'm going to share with everyone if you don't pay me". It was creepy but we contacted our web company and they were able to block those eventually.
Ashley Mayes
I've gotten spammy one's in the past for sure and haven't been bothered by it, but this one was really intense. Glad to know that you guys were able to take care of yours!!