"Your account was hacked!" Scam Emails - How to remove

Emails that start with “Your account was hacked!”, “This account was infected!”, and similar calls are sent by scammers who pretend to have hacked people’s computers. The scammers do this in hopes of tricking people into paying them money. You’re not in danger and your computer is not infected, but you may need to change some passwords.

In short about the “Your account was hacked!” scam:

Type of threat	Scam, ransomware.
How to recognize the scam	Threats and demands for money, strange spelling errors, your own email used as the sender address, the cryptocurrency address has been reported before.
Reasons for receiving the “Your account was hacked!” scam emails	Email address and other data being leaked or stolen from a website.
How to deal with “Your account was hacked!” scam emails	Report the emails, report the Bitcoin address, make sure your passwords are unique and your accounts are secure, scan your computer for malware (with Combo Cleaner for Mac, Spyhunter for PC, etc.), find out how your password was leaked.

“Your account was hacked!” – scam emails

The text

You may receive one or more “Your account was hacked!” emails in your inbox. The sender can be an unknown email, your contact, or even yourself. Don’t trust the sender address. Scammers can fake the sender email very easily, it’s called email spoofing.

“Your account was hacked!” emails are a template that scammers use to scare people. Common phrases to start the email with include:

• “Hi, this account is now infected!”,
• “Hi, your account is hacked!”,
• “This account was hacked.”,
• “I’m a hacker you cracked your email.”

The “Your account was hacked!” scam emails are always a little different from each other. They need to be, in order to get around spam filters. Email service providers automatically put suspicious emails in your spam folder or just block them. To get around these filters, scammers change, add, or delete symbols, and misspell words.

Here is an example of a “Your account was hacked!” email. Look at all the missing spaces and strange wording:

Hi, this account has been hacked! It will be good idea to change your password right away! You might not know anything about me and you really are probably wondering why you are reading this electronic message, proper? I’mhacker who exploitedyour email boxand all devicesseveral months ago. You should not try out to contact me or look for me, in fact it’s hopeless, because I forwarded you this message using YOUR account that I’ve hacked. You should not try out to get in touch with me or seek for me, it’s not possible, because I directed you an email using YOUR hacked account. You have entered passwords on the web-sites you visited, and I already caught all of them. Of course, you’ll be able to modify them, or already modified them. What actually I have done? I compiled a reserve copy of your device. Of all files and personal contacts. Good, in my view, 1000 USD is a reasonable amount of money for this little riddle. You will make the deposit by bitcoins (if you don’t recognize this, go searching “how to purchase bitcoin” in Google). My bitcoin wallet address: —

That quote above is just an example. Any email that is more or less like that is suspicious.

Threats and ransom

But don’t let them scare you. “Your account was hacked!” emails are nothing more than empty threats. The same email text is used by many different scammers and wannabe cybercriminals. Scammers copy the same text and then make minor changes. Then, they send it out to multiple addresses, hoping to scare people into paying money.

Here are a few notes that “Your account was hacked!” scams usually hit:

• Sending you an old password of yours. You may have replaced this password a while ago, or it might still be in use. It might be paired with a username.
• Claiming to have infected your computer. Saying that they can see everything you do on your device.
• Some of the “Your account was hacked!” emails also go into sextortion territory. They claim to have recorded you watching adult videos. More on that in the post about the Save Yourself scam.
• Saying that they have copies of all of your files.
• Threatening to reveal personal or compromising information about you to all of your email contacts, family, friends, and job.
• Asking for money, often around $1000.

This is why “Your account was hacked!” scams are sometimes referred to as ransomware: they’re made to force people to pay money. In reality, the scammer does not have any information on you. If they showed you your password, then they have it, but nothing besides that. They’re bluffing. Do not pay the ransom, don’t contact the scammer, and don’t reveal any information about yourself to them. Let them think that their email was blocked.

How to deal with the “Your account was hacked!” scam

Leaked password

If “Your account was hacked!” email included a password of yours, don’t be scared: it means very little.

Passwords are used to secure online accounts. Good, secure sites will hash your password and turn it into a random-looking string. It’s impossible to recover your password from this string. This hashed password is then stored in the site’s database. This is why sites never send you your old password when you forget it: they don’t know it.

Some sites are much less secure and they store plain passwords in readable text.

Any site can accidentally leak its database, get infected, hacked, etc. It happens. There’s this site, Haveibeenpwned.com, that collects the breaches. When a breach happens, hackers may release the stolen data for free, or sell it online.

If your email was leaked by a few sites, you may notice a lot more spam. If your passwords were leaked, and if they were not hashed, then they could be used in a scam like “Your account was hacked!”.

You’re not at fault here. Hackers are at fault for stealing data. The robbed site is at fault for not noticing the theft and/or not telling you about it.

The point is, even if the scammer has a password of yours, your computer was probably not infected with anything.

Reporting the scam

If the “Your account was hacked!” email includes a cryptocurrency (usually Bitcoin) address, you can look it up online. An address is a unique identifier. If anyone else has encountered the same address, they might have posted some information about it. There are sites specifically for collecting reports on malicious use of Bitcoin addresses, such as Bitcoinabuse.com.

You can report the cryptocurrency address that came in the “Your account was hacked!” email, this will help other people avoid being scammed. And you should, if you haven’t deleted it yet, mark the “Your account was hacked!” letter as spam in your email client. This will help its filters recognize the scam and protect other people.

Securing yourself

If “Your account was hacked!” included a password that you use, time to change it. You should also always use 2-step verification when it’s possible. This means that you’ll get a warning if someone tries to log in to your account from a new device.

It is possible for keyloggers, data-stealing browser extensions, and other malware (such as the Sphinx trojan) to infect computers and steal data. Malware can come in spam emails (be suspicious of emails that require you to download a file or click a link), bundled with free programs, downloaded by pirated files and cracking tools. You can use antivirus apps (like Combo Cleaner for macOS, Spyhunter for Windows, etc.) to scan files and to protect your computer. You can also use a password manager to secure your passwords. Finally, you should always be skeptical of any email or website that tries to scare you. Don’t let scammers take advantage of you.

Automatic Malware removal tools