More Sexual Blackmail phishing scam coming from Iran

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 18 May 2022 16:04:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrRln-000NhN-3C

for dave@doctor.nl2k.ab.ca;

Wed, 18 May 2022 16:03:51 -0600

Resent-From: The Doctor

Resent-Date: Wed, 18 May 2022 16:03:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [5.119.3.141] (port=39502 helo=[5.233.140.189])

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrQYF-000Jq7-Hm

for sales@nk.ca;

Wed, 18 May 2022 14:45:52 -0600

Message-ID: <85E58B9531EBFB2F4F213F9B415185E5@5BU5WV8T5>

From:

To:

Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=

Date: 19 May 2022 03:36:22 +0300

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_0048_01D86B1D.0377FB1E"

X-Priority: 3

X-MSMail-Priority: Normal

Importance: Normal

X-Mailer: Microsoft Windows Live Mail 16.4.3505.912

X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi. I have bad news for you. Unfortunately, something bad

happened. One of your credentials was compromised, and that led to a chain

of events that I will explain to you now. Using your password, our team got

access to your email. We downloaded all data, and with some [...]



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=5.119.3.141;r=doctor.nl2k.ab.ca]

2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam

(FTSDMCXX/boundary variant) + no rDNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

0.0 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_XPRIO Bitcoin + priority

0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=



This is a multi-part message in MIME format.



------=_NextPart_000_0048_01D86B1D.0377FB1E

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi.

I have bad news for you. Unfortunately, something bad happened.



One of your credentials was compromised, and that led to a chain of =

events that I will explain to you now.

Using your password, our team got access to your email. We downloaded =

all data, and with some effort used it to get access to your backup =

files.

Nothing could have prevented this.



The data that we have downloaded, contains your personal photos and =

videos, chats, documents, emails, contacts, your browsing history, =

notes, social media history and more, including some deleted files.



I am sure that you dont want any part of your private information to be =

seen by other people. And you can stop this.

If we dont get what we are asking for, we will use this information =

against you.



If you are not sure of what can be done, just imagine what would happen =

if we use your email and phone number to send the most private and =

damaging content to your contacts.

That would be very damaging to you.



However, there is a solution. You can avoid this mess by paying a fee to =

delete the files we have.

So let's make this simple. You pay $1500 USD, and there will be nothing =

to worry about. No chats, no photos, nothing.



Use Bitcoin to make the transfer. Wallet address is =

1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =

you made the payment immediately.

You have 2 days to make the transfer, that's reasonable.

Take care.



------=_NextPart_000_0048_01D86B1D.0377FB1E

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable











Hi.


I have bad news for you. Unfortunately, something bad happened.



One of your credentials was compromised, and that led to a chain of =

events that I will explain to you now.


Using your password, our team got access to your email. We downloaded =

all data, and with some effort used it to get access to your backup =

files.


Nothing could have prevented this.



The data that we have downloaded, contains your personal photos and =

videos, chats, documents, emails, contacts, your browsing history, =

notes, social media history and more, including some deleted =

files.



I am sure that you dont want any part of your private information to be =

seen by other people. And you can stop this.


If we dont get what we are asking for, we will use this information =

against you.



If you are not sure of what can be done, just imagine what would happen =

if we use your email and phone number to send the most private and =

damaging content to your contacts.


That would be very damaging to you.



However, there is a solution. You can avoid this mess by paying a fee to =

delete the files we have.


So let's make this simple. You pay $1500 USD, and there will be nothing =

to worry about. No chats, no photos, nothing.



Use Bitcoin to make the transfer. Wallet address is =

1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =

you made the payment immediately.


You have 2 days to make the transfer, that's reasonable.


Take care.




------=_NextPart_000_0048_01D86B1D.0377FB1E--





Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA