More Sexual Blackmail phishing scam coming from Iran

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 May 2022 08:07:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqbMG-0003VU-MF

for dave@doctor.nl2k.ab.ca;

Mon, 16 May 2022 08:06:00 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 May 2022 08:06:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [37.129.19.218] (port=21971)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqayL-000IeX-DH

for doctor@nk.ca;

Mon, 16 May 2022 07:41:23 -0600

Message-ID: <040371256376157918463038@nk.ca>

From:

To:

Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=

Date: 16 May 2022 20:49:46 +0300

MIME-Version: 1.0

Content-type: multipart/alternative;

boundary="---3AB885F38007CEF674493F4CCB023AB8"

X-Mailer: Pdupofn qmagx

X-Spam_score: 11.6

X-Spam_score_int: 116

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi. I have bad news for you. Unfortunately, something bad

happened. One of your credentials was compromised, and that led to a chain

of events that I will explain to you now. Using your password, our team got

access to your email. We downloaded all data, and with some [...]



Content analysis details: (11.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nk.ca;ip=37.129.19.218;r=doctor.nl2k.ab.ca]

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

4.5 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.5 XM_RANDOM X-Mailer apparently random

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=



This is a multi-part message in MIME format.



-----3AB885F38007CEF674493F4CCB023AB8

Content-type: text/plain;

charset="iso-8859-1"

Content-transfer-encoding: quoted-printable



Hi.

I have bad news for you. Unfortunately, something bad happened.



One of your credentials was compromised, and that led to a chain of =

events that I will explain to you now.

Using your password, our team got access to your email. We downloaded =

all data, and with some effort used it to get access to your backup =

files.

Nothing could have prevented this.



The data that we have downloaded, contains your personal photos and =

videos, chats, documents, emails, contacts, your browsing history, =

notes, social media history and more, including some deleted files.



I am sure that you dont want any part of your private information to be =

seen by other people. And you can stop this.

If we dont get what we are asking for, we will use this information =

against you.



If you are not sure of what can be done, just imagine what would happen =

if we use your email and phone number to send the most private and =

damaging content to your contacts.

That would be very damaging to you.



However, there is a solution. You can avoid this mess by paying a fee to =

delete the files we have.

So let's make this simple. You pay $1500 USD, and there will be nothing =

to worry about. No chats, no photos, nothing.



Use Bitcoin to make the transfer. Wallet address is =

1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =

you made the payment immediately.

You have 2 days to make the transfer, that's reasonable.

Take care.



-----3AB885F38007CEF674493F4CCB023AB8

Content-type: text/html;

charset="iso-8859-1"

Content-transfer-encoding: quoted-printable






charset=3Diso-8859-1">





Hi.


I have bad news for you. Unfortunately, something bad happened.



One of your credentials was compromised, and that led to a chain of =

events that I will explain to you now.


Using your password, our team got access to your email. We downloaded =

all data, and with some effort used it to get access to your backup =

files.


Nothing could have prevented this.



The data that we have downloaded, contains your personal photos and =

videos, chats, documents, emails, contacts, your browsing history, =

notes, social media history and more, including some deleted =

files.



I am sure that you dont want any part of your private information to be =

seen by other people. And you can stop this.


If we dont get what we are asking for, we will use this information =

against you.



If you are not sure of what can be done, just imagine what would happen =

if we use your email and phone number to send the most private and =

damaging content to your contacts.


That would be very damaging to you.



However, there is a solution. You can avoid this mess by paying a fee to =

delete the files we have.


So let's make this simple. You pay $1500 USD, and there will be nothing =

to worry about. No chats, no photos, nothing.



Use Bitcoin to make the transfer. Wallet address is =

1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =

you made the payment immediately.


You have 2 days to make the transfer, that's reasonable.


Take care.


-----3AB885F38007CEF674493F4CCB023AB8--





Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA