x-rated blackmail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 26 Jul 2023 12:26:12 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qOjCU-000ERh-2s
for dave@doctor.nl2k.ab.ca;
Wed, 26 Jul 2023 12:25:30 -0600
Resent-From: The Doctor
Resent-Date: Wed, 26 Jul 2023 12:25:30 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [203.162.29.57] (port=40868 helo=mail2.khanhhoa.net.vn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qOhwJ-0008t0-2D
for sales@nk.ca;
Wed, 26 Jul 2023 11:04:49 -0600
Received: from mail.khanhhoa.net.vn by mail2.khanhhoa.net.vn (MDaemon PRO v13.0.5)
with ESMTP id md50006090397.msg
for; Thu, 27 Jul 2023 00:02:03 +0700
X-Spam-Processed: mail2.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:03 +0700
(not processed: message from trusted or authenticated source)
X-Authenticated-Sender: relay@khanhhoa.net.vn
X-Return-Path: info@thnhatrang.vn
X-Envelope-From: info@thnhatrang.vn
X-MDaemon-Deliver-To: sales@nk.ca
X-MDAV-Result: clean
X-MDAV-Processed: mail.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:01 +0700
Received: from mail.thnhatrang.vn by mail.khanhhoa.net.vn (MDaemon PRO v13.0.5)
with ESMTP id md50010750186.msg
for; Thu, 27 Jul 2023 00:02:00 +0700
X-Spam-Processed: mail.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:00 +0700
(not processed: message from trusted or authenticated source)
Reply-To: sales@nk.ca
From: sales@nk.ca
To: sales@nk.ca
Subject: Hey what are you doing ? you forgot to pay your bills #sales-556504
Date: 27 Jul 2023 01:02:14 +0800
Message-ID: <20230727010214.A55CBFAC96215A95@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 5.2
X-Spam_score_int: 52
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. How are you? I know, it’s unpleasant to start the conversation
with bad news, but I have no choice. Few months ago, I have gained access
to your devices that used by you for internet browsing. Afterwards, I coul
[...]
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[203.162.29.57 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[203.162.29.57 listed in wl.mailspike.net]
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
4.2 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.5 PDS_BTC_ID FP reduced Bitcoin ID
Subject: {SPAM?} Hey what are you doing ? you forgot to pay your bills #sales-556504
X-Antivirus: AVG (VPS 230726-4, 7/26/2023), Inbound message
X-Antivirus-Status: Clean
Hi. How are you?
I know, it=E2=80=99s unpleasant to start the conversation with bad news, bu=
t I have no choice.
Few months ago, I have gained access to your devices that used by you for i=
nternet browsing.
Afterwards, I could track down all your internet activities.
Here is the history of how it could become possible:
At first, I purchased from hackers the access to multiple email accounts (n=
owadays, it is a really simple thing to do online).
As result, I could easily log in to your email account sales@nk.ca.
One week later, I installed Trojan virus in Operating Systems of all device=
s of yours, which you use to open email.
Frankly speaking, it was rather straightforward (since you were opening the=
links from your inbox emails).
Everything ingenious is quite simple. (o_0)!
My software enables me with access to all controllers inside devices of you=
rs, like microphone, keyboard and video camera.
I could easily download to my servers all your private info, including the =
history of web browsing and photos.
I can effortlessly gain access to all your messengers, social networks acco=
unts, emails, contact list as well as chat history.
Virus of mine constantly keeps refreshing its signatures (because it is dri=
ver-based), and as result remains unnoticed by your antivirus.
Hence, you can already guess why I stayed undetected all this while.
As I was gathering information about you, I couldn=E2=80=99t help but notic=
e that you are also a true fan of adult-content websites.
You actually love visiting porn sites and browsing through kinky videos, wh=
ile pleasuring yourself.
I could make a few dirty records with you in the main focus and montaged se=
veral videos showing the way you reach orgasm while masturbating with joy.
=
If you are still uncertain regarding the seriousness of my intentions,
it only requires several mouse clicks for me to forward your videos to all =
your relatives, as well as friends and colleagues.
I can also make those vids become accessible by public.
I honestly think that you do not really want that to happen, considering th=
e peculiarity of videos you like to watch,
(you obviously know what I mean) all that kinky content can become a reason=
of serious troubles for you.
However, we can still resolve this situation in the following manner:
Everything you are required to do is a single transfer of $955 USD to my ac=
count (or amount equivalent to bitcoin depending on exchange rate at the mo=
ment of transfer),
and once the transaction is complete, I will straight away remove all the d=
irty content exposing you.
After that, you can even forget that you have come across me. Moreover, I s=
wear that all the harmful software will be removed from all devices of your=
s as well.
Make no doubt that I will fulfill my part.
This is really a great deal that comes at a reasonable price, given that I =
have used quite a lot of energy to check your profile as well as traffic ov=
er an extended period of time.
If you have no idea about bitcoin purchase process =E2=80=93 it can be stra=
ightforwardly done by getting all the necessary information online.
Here is my bitcoin wallet provided below: bc1q8k2z7u5s9mx0jzcvtfmawg33drhue=
v5dj6uds7
You should complete the abovementioned transfer within 48 hours (2 days) af=
ter opening this email.
The following list contains actions you should avoid attempting:
#Do not try calling police as well as other security forces. In addition, a=
bstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete=
control of all your devices) =E2=80=93 your kinky video will end up being =
available to public right away.
#Do not try searching for me =E2=80=93 there is absolutely no reason to do =
that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It i=
s pointless as well, since all your videos have already been uploaded to re=
mote servers.
The following list contains things you should not be worried about:
#That your money won=E2=80=99t reach my account.
=E2=80=93 Rest assured, the transactions can be tracked, hence once the tra=
nsaction is complete,
I will know about it, because I continuously observe all your activities (m=
y trojan virus allows me to control remotely your devices, same as TeamView=
er).
#That I still will share your kinky videos to public after you complete mon=
ey transfer.
=E2=80=93 Trust me, it=E2=80=99s pointless for me to continue troubling you=
r life. If I really wanted, I would make it happen already!
Let=E2=80=99s make this deal in a fair manner!
Owh, one more thing=E2=80=A6in future it is best that you don=E2=80=99t inv=
olve yourself in similar situations any longer!
One last advice from me =E2=80=93 recurrently change all your passwords fro=
m all accounts.=20
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 26 Jul 2023 12:26:12 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qOjCU-000ERh-2s
for dave@doctor.nl2k.ab.ca;
Wed, 26 Jul 2023 12:25:30 -0600
Resent-From: The Doctor
Resent-Date: Wed, 26 Jul 2023 12:25:30 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [203.162.29.57] (port=40868 helo=mail2.khanhhoa.net.vn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from
id 1qOhwJ-0008t0-2D
for sales@nk.ca;
Wed, 26 Jul 2023 11:04:49 -0600
Received: from mail.khanhhoa.net.vn by mail2.khanhhoa.net.vn (MDaemon PRO v13.0.5)
with ESMTP id md50006090397.msg
for
X-Spam-Processed: mail2.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:03 +0700
(not processed: message from trusted or authenticated source)
X-Authenticated-Sender: relay@khanhhoa.net.vn
X-Return-Path: info@thnhatrang.vn
X-Envelope-From: info@thnhatrang.vn
X-MDaemon-Deliver-To: sales@nk.ca
X-MDAV-Result: clean
X-MDAV-Processed: mail.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:01 +0700
Received: from mail.thnhatrang.vn by mail.khanhhoa.net.vn (MDaemon PRO v13.0.5)
with ESMTP id md50010750186.msg
for
X-Spam-Processed: mail.khanhhoa.net.vn, Thu, 27 Jul 2023 00:02:00 +0700
(not processed: message from trusted or authenticated source)
Reply-To: sales@nk.ca
From: sales@nk.ca
To: sales@nk.ca
Subject: Hey what are you doing ? you forgot to pay your bills #sales-556504
Date: 27 Jul 2023 01:02:14 +0800
Message-ID: <20230727010214.A55CBFAC96215A95@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 5.2
X-Spam_score_int: 52
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. How are you? I know, it’s unpleasant to start the conversation
with bad news, but I have no choice. Few months ago, I have gained access
to your devices that used by you for internet browsing. Afterwards, I coul
[...]
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[203.162.29.57 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[203.162.29.57 listed in wl.mailspike.net]
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
4.2 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.5 PDS_BTC_ID FP reduced Bitcoin ID
Subject: {SPAM?} Hey what are you doing ? you forgot to pay your bills #sales-556504
X-Antivirus: AVG (VPS 230726-4, 7/26/2023), Inbound message
X-Antivirus-Status: Clean
Hi. How are you?
I know, it=E2=80=99s unpleasant to start the conversation with bad news, bu=
t I have no choice.
Few months ago, I have gained access to your devices that used by you for i=
nternet browsing.
Afterwards, I could track down all your internet activities.
Here is the history of how it could become possible:
At first, I purchased from hackers the access to multiple email accounts (n=
owadays, it is a really simple thing to do online).
As result, I could easily log in to your email account sales@nk.ca.
One week later, I installed Trojan virus in Operating Systems of all device=
s of yours, which you use to open email.
Frankly speaking, it was rather straightforward (since you were opening the=
links from your inbox emails).
Everything ingenious is quite simple. (o_0)!
My software enables me with access to all controllers inside devices of you=
rs, like microphone, keyboard and video camera.
I could easily download to my servers all your private info, including the =
history of web browsing and photos.
I can effortlessly gain access to all your messengers, social networks acco=
unts, emails, contact list as well as chat history.
Virus of mine constantly keeps refreshing its signatures (because it is dri=
ver-based), and as result remains unnoticed by your antivirus.
Hence, you can already guess why I stayed undetected all this while.
As I was gathering information about you, I couldn=E2=80=99t help but notic=
e that you are also a true fan of adult-content websites.
You actually love visiting porn sites and browsing through kinky videos, wh=
ile pleasuring yourself.
I could make a few dirty records with you in the main focus and montaged se=
veral videos showing the way you reach orgasm while masturbating with joy.
=
If you are still uncertain regarding the seriousness of my intentions,
it only requires several mouse clicks for me to forward your videos to all =
your relatives, as well as friends and colleagues.
I can also make those vids become accessible by public.
I honestly think that you do not really want that to happen, considering th=
e peculiarity of videos you like to watch,
(you obviously know what I mean) all that kinky content can become a reason=
of serious troubles for you.
However, we can still resolve this situation in the following manner:
Everything you are required to do is a single transfer of $955 USD to my ac=
count (or amount equivalent to bitcoin depending on exchange rate at the mo=
ment of transfer),
and once the transaction is complete, I will straight away remove all the d=
irty content exposing you.
After that, you can even forget that you have come across me. Moreover, I s=
wear that all the harmful software will be removed from all devices of your=
s as well.
Make no doubt that I will fulfill my part.
This is really a great deal that comes at a reasonable price, given that I =
have used quite a lot of energy to check your profile as well as traffic ov=
er an extended period of time.
If you have no idea about bitcoin purchase process =E2=80=93 it can be stra=
ightforwardly done by getting all the necessary information online.
Here is my bitcoin wallet provided below: bc1q8k2z7u5s9mx0jzcvtfmawg33drhue=
v5dj6uds7
You should complete the abovementioned transfer within 48 hours (2 days) af=
ter opening this email.
The following list contains actions you should avoid attempting:
#Do not try calling police as well as other security forces. In addition, a=
bstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete=
control of all your devices) =E2=80=93 your kinky video will end up being =
available to public right away.
#Do not try searching for me =E2=80=93 there is absolutely no reason to do =
that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It i=
s pointless as well, since all your videos have already been uploaded to re=
mote servers.
The following list contains things you should not be worried about:
#That your money won=E2=80=99t reach my account.
=E2=80=93 Rest assured, the transactions can be tracked, hence once the tra=
nsaction is complete,
I will know about it, because I continuously observe all your activities (m=
y trojan virus allows me to control remotely your devices, same as TeamView=
er).
#That I still will share your kinky videos to public after you complete mon=
ey transfer.
=E2=80=93 Trust me, it=E2=80=99s pointless for me to continue troubling you=
r life. If I really wanted, I would make it happen already!
Let=E2=80=99s make this deal in a fair manner!
Owh, one more thing=E2=80=A6in future it is best that you don=E2=80=99t inv=
olve yourself in similar situations any longer!
One last advice from me =E2=80=93 recurrently change all your passwords fro=
m all accounts.=20