Sexual blackmail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Jul 2022 16:22:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oAfId-000Pf0-Lx
for dave@doctor.nl2k.ab.ca;
Sun, 10 Jul 2022 16:21:11 -0600
Resent-From: The Doctor
Resent-Date: Sun, 10 Jul 2022 16:21:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.250.243.7] (port=55415 helo=WIN-H6T81LSS9CP.home)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oAaAT-0008pv-1Z
for doctor@nl2k.ab.ca;
Sun, 10 Jul 2022 10:52:30 -0600
Received: from mail.baccionline.com ([20.212.17.154]) by home with
MailEnable ESMTPA; Sun, 10 Jul 2022 19:50:11 +0300
Reply-To: doctor@nl2k.ab.ca
From: doctor@nl2k.ab.ca
To: doctor@nl2k.ab.ca
Subject: Bill for Payment #1161015
Date: 10 Jul 2022 09:50:09 -0700
Message-ID: <20220710095009.68DDFD4790B87E63@nl2k.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 10.6
X-Spam_score_int: 106
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. How are you? I know, it’s unpleasant to start the conversation
with bad news, but I have no choice. Few months ago, I have gained access
to your devices that used by you for internet browsing. Afterwards, I coul
[...]
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 HELO_LH_HOME No description available.
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[185.250.243.7 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[185.250.243.7 listed in wl.mailspike.net]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
DNSWL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[185.250.243.7 listed in list.dnswl.org]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.8 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.5 PDS_BTC_ID FP reduced Bitcoin ID
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
Subject: {SPAM?} Bill for Payment #1161015
Hi. How are you?
I know, it=E2=80=99s unpleasant to start the conversation with bad news, bu=
t I have no choice.
Few months ago, I have gained access to your devices that used by you for i=
nternet browsing.
Afterwards, I could track down all your internet activities.
Here is the history of how it could become possible:
At first, I purchased from hackers the access to multiple email accounts (n=
owadays, it is a really simple thing to do online).
As result, I could easily log in to your email account doctor@nl2k.ab.ca.
One week later, I installed Trojan virus in Operating Systems of all device=
s of yours, which you use to open email.
Frankly speaking, it was rather straightforward (since you were opening the=
links from your inbox emails).
Everything ingenious is quite simple. (o_0)!
My software enables me with access to all controllers inside devices of you=
rs, like microphone, keyboard and video camera.
I could easily download to my servers all your private info, including the =
history of web browsing and photos.
I can effortlessly gain access to all your messengers, social networks acco=
unts, emails, contact list as well as chat history.
Virus of mine constantly keeps refreshing its signatures (because it is dri=
ver-based), and as result remains unnoticed by your antivirus.
Hence, you can already guess why I stayed undetected all this while.
As I was gathering information about you, I couldn=E2=80=99t help but notic=
e that you are also a true fan of adult-content websites.
You actually love visiting porn sites and browsing through kinky videos, wh=
ile pleasuring yourself.
I could make a few dirty records with you in the main focus and montaged se=
veral videos showing the way you reach orgasm while masturbating with joy.
=
If you are still uncertain regarding the seriousness of my intentions,
it only requires several mouse clicks for me to forward your videos to all =
your relatives, as well as friends and colleagues.
I can also make those vids become accessible by public.
I honestly think that you do not really want that to happen, considering th=
e peculiarity of videos you like to watch,
(you obviously know what I mean) all that kinky content can become a reason=
of serious troubles for you.
However, we can still resolve this situation in the following manner:
Everything you are required to do is a single transfer of $900 USD to my ac=
count (or amount equivalent to bitcoin depending on exchange rate at the mo=
ment of transfer),
and once the transaction is complete, I will straight away remove all the d=
irty content exposing you.
After that, you can even forget that you have come across me. Moreover, I s=
wear that all the harmful software will be removed from all devices of your=
s as well.
Make no doubt that I will fulfill my part.
This is really a great deal that comes at a reasonable price, given that I =
have used quite a lot of energy to check your profile as well as traffic ov=
er an extended period of time.
If you have no idea about bitcoin purchase process =E2=80=93 it can be stra=
ightforwardly done by getting all the necessary information online.
Here is my bitcoin wallet provided below: bc1qhuz2x7pceg5el4y94v888em625cgn=
mn3aewmcd
You should complete the abovementioned transfer within 48 hours (2 days) af=
ter opening this email.
The following list contains actions you should avoid attempting:
#Do not try calling police as well as other security forces. In addition, a=
bstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete=
control of all your devices) =E2=80=93 your kinky video will end up being =
available to public right away.
#Do not try searching for me =E2=80=93 there is absolutely no reason to do =
that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It i=
s pointless as well, since all your videos have already been uploaded to re=
mote servers.
The following list contains things you should not be worried about:
#That your money won=E2=80=99t reach my account.
=E2=80=93 Rest assured, the transactions can be tracked, hence once the tra=
nsaction is complete,
I will know about it, because I continuously observe all your activities (m=
y trojan virus allows me to control remotely your devices, same as TeamView=
er).
#That I still will share your kinky videos to public after you complete mon=
ey transfer.
=E2=80=93 Trust me, it=E2=80=99s pointless for me to continue troubling you=
r life. If I really wanted, I would make it happen already!
Let=E2=80=99s make this deal in a fair manner!
Owh, one more thing=E2=80=A6in future it is best that you don=E2=80=99t inv=
olve yourself in similar situations any longer!
One last advice from me =E2=80=93 recurrently change all your passwords fro=
m all accounts.=20
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Jul 2022 16:22:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oAfId-000Pf0-Lx
for dave@doctor.nl2k.ab.ca;
Sun, 10 Jul 2022 16:21:11 -0600
Resent-From: The Doctor
Resent-Date: Sun, 10 Jul 2022 16:21:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.250.243.7] (port=55415 helo=WIN-H6T81LSS9CP.home)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oAaAT-0008pv-1Z
for doctor@nl2k.ab.ca;
Sun, 10 Jul 2022 10:52:30 -0600
Received: from mail.baccionline.com ([20.212.17.154]) by home with
MailEnable ESMTPA; Sun, 10 Jul 2022 19:50:11 +0300
Reply-To: doctor@nl2k.ab.ca
From: doctor@nl2k.ab.ca
To: doctor@nl2k.ab.ca
Subject: Bill for Payment #1161015
Date: 10 Jul 2022 09:50:09 -0700
Message-ID: <20220710095009.68DDFD4790B87E63@nl2k.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 10.6
X-Spam_score_int: 106
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. How are you? I know, it’s unpleasant to start the conversation
with bad news, but I have no choice. Few months ago, I have gained access
to your devices that used by you for internet browsing. Afterwards, I coul
[...]
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 HELO_LH_HOME No description available.
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[185.250.243.7 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[185.250.243.7 listed in wl.mailspike.net]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
DNSWL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[185.250.243.7 listed in list.dnswl.org]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.8 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.5 PDS_BTC_ID FP reduced Bitcoin ID
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
Subject: {SPAM?} Bill for Payment #1161015
Hi. How are you?
I know, it=E2=80=99s unpleasant to start the conversation with bad news, bu=
t I have no choice.
Few months ago, I have gained access to your devices that used by you for i=
nternet browsing.
Afterwards, I could track down all your internet activities.
Here is the history of how it could become possible:
At first, I purchased from hackers the access to multiple email accounts (n=
owadays, it is a really simple thing to do online).
As result, I could easily log in to your email account doctor@nl2k.ab.ca.
One week later, I installed Trojan virus in Operating Systems of all device=
s of yours, which you use to open email.
Frankly speaking, it was rather straightforward (since you were opening the=
links from your inbox emails).
Everything ingenious is quite simple. (o_0)!
My software enables me with access to all controllers inside devices of you=
rs, like microphone, keyboard and video camera.
I could easily download to my servers all your private info, including the =
history of web browsing and photos.
I can effortlessly gain access to all your messengers, social networks acco=
unts, emails, contact list as well as chat history.
Virus of mine constantly keeps refreshing its signatures (because it is dri=
ver-based), and as result remains unnoticed by your antivirus.
Hence, you can already guess why I stayed undetected all this while.
As I was gathering information about you, I couldn=E2=80=99t help but notic=
e that you are also a true fan of adult-content websites.
You actually love visiting porn sites and browsing through kinky videos, wh=
ile pleasuring yourself.
I could make a few dirty records with you in the main focus and montaged se=
veral videos showing the way you reach orgasm while masturbating with joy.
=
If you are still uncertain regarding the seriousness of my intentions,
it only requires several mouse clicks for me to forward your videos to all =
your relatives, as well as friends and colleagues.
I can also make those vids become accessible by public.
I honestly think that you do not really want that to happen, considering th=
e peculiarity of videos you like to watch,
(you obviously know what I mean) all that kinky content can become a reason=
of serious troubles for you.
However, we can still resolve this situation in the following manner:
Everything you are required to do is a single transfer of $900 USD to my ac=
count (or amount equivalent to bitcoin depending on exchange rate at the mo=
ment of transfer),
and once the transaction is complete, I will straight away remove all the d=
irty content exposing you.
After that, you can even forget that you have come across me. Moreover, I s=
wear that all the harmful software will be removed from all devices of your=
s as well.
Make no doubt that I will fulfill my part.
This is really a great deal that comes at a reasonable price, given that I =
have used quite a lot of energy to check your profile as well as traffic ov=
er an extended period of time.
If you have no idea about bitcoin purchase process =E2=80=93 it can be stra=
ightforwardly done by getting all the necessary information online.
Here is my bitcoin wallet provided below: bc1qhuz2x7pceg5el4y94v888em625cgn=
mn3aewmcd
You should complete the abovementioned transfer within 48 hours (2 days) af=
ter opening this email.
The following list contains actions you should avoid attempting:
#Do not try calling police as well as other security forces. In addition, a=
bstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete=
control of all your devices) =E2=80=93 your kinky video will end up being =
available to public right away.
#Do not try searching for me =E2=80=93 there is absolutely no reason to do =
that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It i=
s pointless as well, since all your videos have already been uploaded to re=
mote servers.
The following list contains things you should not be worried about:
#That your money won=E2=80=99t reach my account.
=E2=80=93 Rest assured, the transactions can be tracked, hence once the tra=
nsaction is complete,
I will know about it, because I continuously observe all your activities (m=
y trojan virus allows me to control remotely your devices, same as TeamView=
er).
#That I still will share your kinky videos to public after you complete mon=
ey transfer.
=E2=80=93 Trust me, it=E2=80=99s pointless for me to continue troubling you=
r life. If I really wanted, I would make it happen already!
Let=E2=80=99s make this deal in a fair manner!
Owh, one more thing=E2=80=A6in future it is best that you don=E2=80=99t inv=
olve yourself in similar situations any longer!
One last advice from me =E2=80=93 recurrently change all your passwords fro=
m all accounts.=20
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments