Hey there!

I'm using individual email addresses (and forwarding) for every single service I'm using, including itch.io, and I just received spam to a mail address which is otherwise not publicly available. Maybe there is some way to get the email address of an account here on itch.io I'm not aware of, maybe there is some security issue worth looking into! Anyway, it's one of those common bitcoin blackmail mails. Here is an excerpt:

Hello!

Have you recently noticed that I have e-mailed you from your account?

Yes, this simply means that I have total access to your device.

For the last couple of months, I have been watching you.

Still wondering how is that possible? Well, you have been infected with malware [...]

It then proceeds to ask to send bitcoins to a certain wallet.

The reason I'm writing here is to inform the itch.io staff as well as ask the community if they encountered the same spam recently sent to their itch.io address (in case they have a unique one for itch.io like me). I also want people who may be less tech-savvy and searching the email text publicly to hopefully land here, so they know that this is total bullshit.

Thanks!
Steven

Just checked my spam folder, and there's a message like that. Good catch! It doesn't mean anything, of course, since the From field is set manually by the sending application, and can have anything in it. But it does leave the question of how scammers got your burner address. Mine's probably on a ton of spam lists.

Did they get yours from your website, what kind of email site hosting do you have? Domain  emails have  their own server and is is always recommended to separate them in case of problems from one of them.  Also i check your email and it is very easy to sent bots because it lacks protection:

More infomation can be found here: https://www.emailonacid.com/blog/article/email-marketing/email-authentication-pr...

Thanks for sharing, No Time To Play!

Thank you for taking the time to answer, firecat! I'm using allinkl for my website and mail and as far as I'm aware of, they are on different servers. Of course it's easy to guess my forwarding mails, but that's unlikely someone would do that for such a broad spam. My public address is info@stevencolling.com and the spam there is of course expected. As of now, every time I got such spam mails at one of my addresses which are specific to a service I'm using, there was always a broader security issue revealed days later (Patreon and Dropbox come to my mind, and more). Thanks for the heads up regarding email security, I should read myself into it and check if I can setup or activate more protective measures! :)

Again, my itch.io-related address is not public, as far as I'm aware of, and I'm just curious if there is an issue and someone may have gathered other information beyond email addresses, that's all.