I am seeing a number of extortion emails where the hacker has gotten my
email address and an old password from "the dark web". (Probably one of
many lists that are out there from one of the many mega-hacks that have
occurred.)
Is there a way to check for a specific 1-2 words in the body being
repeated > n times? The emails seem to be camouflaging their body with
random HTML and encoding chars. But they like to repeat my old username
and an old password a large number of times pretty clearly (I guess to
get our attention).
If I can check for these terms (individually would be fine), I think I
could setup some meta rules that would score the number of hits in
ranges. Once or twice would probably be no score. 3-5 times would be a
reasonable score. >5 hits would be an almost automatic spam score.
Please help, apparently this person "knows everything about me" :)
-AJ
