Sexual blackmail phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 10 Jul 2022 16:22:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oAfId-000Pf0-Lx

for dave@doctor.nl2k.ab.ca;

Sun, 10 Jul 2022 16:21:11 -0600

Resent-From: The Doctor

Resent-Date: Sun, 10 Jul 2022 16:21:11 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.250.243.7] (port=55415 helo=WIN-H6T81LSS9CP.home)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oAaAT-0008pv-1Z

for doctor@nl2k.ab.ca;

Sun, 10 Jul 2022 10:52:30 -0600

Received: from mail.baccionline.com ([20.212.17.154]) by home with

MailEnable ESMTPA; Sun, 10 Jul 2022 19:50:11 +0300

Reply-To: doctor@nl2k.ab.ca

From: doctor@nl2k.ab.ca

To: doctor@nl2k.ab.ca

Subject: Bill for Payment #1161015

Date: 10 Jul 2022 09:50:09 -0700

Message-ID: <20220710095009.68DDFD4790B87E63@nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/plain;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 10.6

X-Spam_score_int: 106

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi. How are you? I know, it’s unpleasant to start the conversation

with bad news, but I have no choice. Few months ago, I have gained access

to your devices that used by you for internet browsing. Afterwards, I coul

[...]



Content analysis details: (10.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.0 HELO_LH_HOME No description available.

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[185.250.243.7 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[185.250.243.7 listed in wl.mailspike.net]

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

DNSWL was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[185.250.243.7 listed in list.dnswl.org]

0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.8 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

0.5 PDS_BTC_ID FP reduced Bitcoin ID

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

Subject: {SPAM?} Bill for Payment #1161015



Hi. How are you?



I know, it=E2=80=99s unpleasant to start the conversation with bad news, bu=

t I have no choice.

Few months ago, I have gained access to your devices that used by you for i=

nternet browsing.

Afterwards, I could track down all your internet activities.



Here is the history of how it could become possible:

At first, I purchased from hackers the access to multiple email accounts (n=

owadays, it is a really simple thing to do online).

As result, I could easily log in to your email account doctor@nl2k.ab.ca.



One week later, I installed Trojan virus in Operating Systems of all device=

s of yours, which you use to open email.

Frankly speaking, it was rather straightforward (since you were opening the=

links from your inbox emails).

Everything ingenious is quite simple. (o_0)!



My software enables me with access to all controllers inside devices of you=

rs, like microphone, keyboard and video camera.

I could easily download to my servers all your private info, including the =

history of web browsing and photos.

I can effortlessly gain access to all your messengers, social networks acco=

unts, emails, contact list as well as chat history.

Virus of mine constantly keeps refreshing its signatures (because it is dri=

ver-based), and as result remains unnoticed by your antivirus.



Hence, you can already guess why I stayed undetected all this while.



As I was gathering information about you, I couldn=E2=80=99t help but notic=

e that you are also a true fan of adult-content websites.

You actually love visiting porn sites and browsing through kinky videos, wh=

ile pleasuring yourself.

I could make a few dirty records with you in the main focus and montaged se=

veral videos showing the way you reach orgasm while masturbating with joy.

=



If you are still uncertain regarding the seriousness of my intentions,

it only requires several mouse clicks for me to forward your videos to all =

your relatives, as well as friends and colleagues.

I can also make those vids become accessible by public.

I honestly think that you do not really want that to happen, considering th=

e peculiarity of videos you like to watch,

(you obviously know what I mean) all that kinky content can become a reason=

of serious troubles for you.



However, we can still resolve this situation in the following manner:

Everything you are required to do is a single transfer of $900 USD to my ac=

count (or amount equivalent to bitcoin depending on exchange rate at the mo=

ment of transfer),

and once the transaction is complete, I will straight away remove all the d=

irty content exposing you.

After that, you can even forget that you have come across me. Moreover, I s=

wear that all the harmful software will be removed from all devices of your=

s as well.

Make no doubt that I will fulfill my part.



This is really a great deal that comes at a reasonable price, given that I =

have used quite a lot of energy to check your profile as well as traffic ov=

er an extended period of time.

If you have no idea about bitcoin purchase process =E2=80=93 it can be stra=

ightforwardly done by getting all the necessary information online.



Here is my bitcoin wallet provided below: bc1qhuz2x7pceg5el4y94v888em625cgn=

mn3aewmcd



You should complete the abovementioned transfer within 48 hours (2 days) af=

ter opening this email.



The following list contains actions you should avoid attempting:

#Do not try calling police as well as other security forces. In addition, a=

bstain from sharing this story with your friends.

After I find out (be sure, I can easily do that, given that I keep complete=

control of all your devices) =E2=80=93 your kinky video will end up being =

available to public right away.

#Do not try searching for me =E2=80=93 there is absolutely no reason to do =

that. Moreover, all transactions in cryptocurrency are always anonymous.

#Do not try reinstalling the OS on your devices or throwing them away. It i=

s pointless as well, since all your videos have already been uploaded to re=

mote servers.



The following list contains things you should not be worried about:

#That your money won=E2=80=99t reach my account.

=E2=80=93 Rest assured, the transactions can be tracked, hence once the tra=

nsaction is complete,

I will know about it, because I continuously observe all your activities (m=

y trojan virus allows me to control remotely your devices, same as TeamView=

er).

#That I still will share your kinky videos to public after you complete mon=

ey transfer.

=E2=80=93 Trust me, it=E2=80=99s pointless for me to continue troubling you=

r life. If I really wanted, I would make it happen already!



Let=E2=80=99s make this deal in a fair manner!



Owh, one more thing=E2=80=A6in future it is best that you don=E2=80=99t inv=

olve yourself in similar situations any longer!

One last advice from me =E2=80=93 recurrently change all your passwords fro=

m all accounts.=20



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA