More Sexual Blackmail phishing scam coming from Mexico
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Jun 2022 22:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o62sa-000BhR-MW
for dave@doctor.nl2k.ab.ca;
Mon, 27 Jun 2022 22:31:12 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Jun 2022 22:31:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 187.184.159.99.cable.dyn.cableonline.com.mx ([187.184.159.99]:53146)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o60Bs-000Erq-1L
for doctor@nl2k.ab.ca;
Mon, 27 Jun 2022 19:39:06 -0600
Message-ID: <51E95153F9E9EBFB43FBF953434151E9@XM95O7O>
From:
To:
Subject: There is an overdue payment under your name. Please, settle your debts ASAP.
Date: 27 Jun 2022 14:29:31 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi! Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you
for internet browsing. Shortly after, I started recording all int [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[187.184.159.99 listed in dnsbl.sorbs.net]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nl2k.ab.ca;ip=187.184.159.99;r=doctor.nl2k.ab.ca]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
3.6 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 BITCOIN_XPRIO Bitcoin + priority
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} There is an overdue payment under your name. Please, settle your debts ASAP.
Hi!
Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you for internet browsing.
Shortly after, I started recording all internet activities done by you.
Below is the sequence of events of how that happened:
Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).
As you can see, I managed to log in to your email account without breaking a sweat: (doctor@nl2k.ab.ca).
Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.
To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).
I know, you may be thinking now that I'm a genius.
With help of that useful software, I am now able to gain access to all the controllers located in your devices (e.g., video camera, keyboard, microphone and others).
As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.
Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.
My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),
hence it remains undetected by any antivirus software installed in your PC or device.
So, I guess now you finally understand the reason why I could never be caught until this very letter...
During the process of your personal info compilation, I could not help but notice that you are a huge admirer and regular guest of websites with adult content.
You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.
Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role and compiling them in special videos
that expose your masturbation sessions, which end with you cumming.
In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends, colleagues, and relatives of yours.
Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.
I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,
(you certainly know what I mean) it will completely ruin your reputation.
However, don't worry, there is still a way to resolve this:
You need to carry out a $1190 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.
Afterwards, we can forget about this unpleasant accident. Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts.
Mark my words, I never lie.
That is a great bargain with a low price, I assure you, because I have spent a lot of effort while recording
and tracking down all your activities and dirty deeds during a long period of time.
In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.
Here is my bitcoin wallet for your reference: 1EKdS2BjXd8BzYtsu8U9nQmpcygCjGCjZx
>From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).
The following list contains things you should definitely abstain from doing or even attempting:
> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).
> Abstain from trying to call or report to police or any other security services. In addition, it's a bad idea if you want to share it with your friends,
hoping they would help. If I happen to find out (knowing my awesome skills, it can be done effortlessly,
because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.
> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.
> Abstain from reinstalling your OS on devices or throwing them away. That would not solve the problem as well,
since all your personal videos are already uploaded and stored at remote servers.
Things you may be confused about:
> That your funds transfer won't be delivered to me.
Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,
since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).
> That I am going to share your dirty videos after receiving money transfer from you.
Here you need to trust me, because there is absolutely no point to still bother you after receiving money.
Moreover, if I really wanted all those videos would be available to public long time ago!
I believe we can still handle this situation on fair terms!
Here is my last advice to you... in future you better ensure you stay away from this kind of situations!
My advice - don't forget to regularly update your passwords to feel completely secure.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Jun 2022 22:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1o62sa-000BhR-MW
for dave@doctor.nl2k.ab.ca;
Mon, 27 Jun 2022 22:31:12 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Jun 2022 22:31:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 187.184.159.99.cable.dyn.cableonline.com.mx ([187.184.159.99]:53146)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1o60Bs-000Erq-1L
for doctor@nl2k.ab.ca;
Mon, 27 Jun 2022 19:39:06 -0600
Message-ID: <51E95153F9E9EBFB43FBF953434151E9@XM95O7O>
From:
To:
Subject: There is an overdue payment under your name. Please, settle your debts ASAP.
Date: 27 Jun 2022 14:29:31 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi! Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you
for internet browsing. Shortly after, I started recording all int [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[187.184.159.99 listed in dnsbl.sorbs.net]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nl2k.ab.ca;ip=187.184.159.99;r=doctor.nl2k.ab.ca]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
3.6 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 BITCOIN_XPRIO Bitcoin + priority
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} There is an overdue payment under your name. Please, settle your debts ASAP.
Hi!
Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you for internet browsing.
Shortly after, I started recording all internet activities done by you.
Below is the sequence of events of how that happened:
Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).
As you can see, I managed to log in to your email account without breaking a sweat: (doctor@nl2k.ab.ca).
Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.
To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).
I know, you may be thinking now that I'm a genius.
With help of that useful software, I am now able to gain access to all the controllers located in your devices (e.g., video camera, keyboard, microphone and others).
As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.
Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.
My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),
hence it remains undetected by any antivirus software installed in your PC or device.
So, I guess now you finally understand the reason why I could never be caught until this very letter...
During the process of your personal info compilation, I could not help but notice that you are a huge admirer and regular guest of websites with adult content.
You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.
Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role and compiling them in special videos
that expose your masturbation sessions, which end with you cumming.
In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends, colleagues, and relatives of yours.
Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.
I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,
(you certainly know what I mean) it will completely ruin your reputation.
However, don't worry, there is still a way to resolve this:
You need to carry out a $1190 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.
Afterwards, we can forget about this unpleasant accident. Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts.
Mark my words, I never lie.
That is a great bargain with a low price, I assure you, because I have spent a lot of effort while recording
and tracking down all your activities and dirty deeds during a long period of time.
In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.
Here is my bitcoin wallet for your reference: 1EKdS2BjXd8BzYtsu8U9nQmpcygCjGCjZx
>From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).
The following list contains things you should definitely abstain from doing or even attempting:
> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).
> Abstain from trying to call or report to police or any other security services. In addition, it's a bad idea if you want to share it with your friends,
hoping they would help. If I happen to find out (knowing my awesome skills, it can be done effortlessly,
because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.
> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.
> Abstain from reinstalling your OS on devices or throwing them away. That would not solve the problem as well,
since all your personal videos are already uploaded and stored at remote servers.
Things you may be confused about:
> That your funds transfer won't be delivered to me.
Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,
since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).
> That I am going to share your dirty videos after receiving money transfer from you.
Here you need to trust me, because there is absolutely no point to still bother you after receiving money.
Moreover, if I really wanted all those videos would be available to public long time ago!
I believe we can still handle this situation on fair terms!
Here is my last advice to you... in future you better ensure you stay away from this kind of situations!
My advice - don't forget to regularly update your passwords to feel completely secure.