sexual blackmail phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 06 Sep 2022 14:35:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oVfH7-0007wF-Rv

for dave@doctor.nl2k.ab.ca;

Tue, 06 Sep 2022 14:34:25 -0600

Resent-From: The Doctor

Resent-Date: Tue, 6 Sep 2022 14:34:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 170-239-229-151.amnet.net.br ([170.239.229.151]:56231)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oVexL-000657-56

for root@nk.ca;

Tue, 06 Sep 2022 14:14:04 -0600

From:

To:

Subject: Waiting for the payment.

Date: 6 Sep 2022 13:02:30 -0400

Message-ID: <003401d8c213$030346e9$698bc085$@nk.ca>

MIME-Version: 1.0

Content-Type: text/plain;

charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Mailer: Microsoft Outlook 14.0

Thread-Index: Acg07fcacg07fcacg07fcacg07fcac==

Content-Language: en

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Have you recently noticed that I have e-mailed you

from your account? Yes, this simply means that I have total access to your

device. For the last couple of months, I have been watching you. Still wondering

how is that possible? Well, you have been infected with malware originating

from an adult website that you visited. You may not [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.0 TVD_RCVD_IP Message was received from an IP address

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[170.239.229.151 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[170.239.229.151 listed in psbl.surriel.com]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=170.239.229.151;r=doctor.nl2k.ab.ca]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Waiting for the payment.



Hello!

Have you recently noticed that I have e-mailed you from your account?

Yes, this simply means that I have total access to your device.



For the last couple of months, I have been watching you.

Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.



With help of the Trojan Virus, I have complete access to a PC or any other device.

This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.



You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.



I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.

Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.

I can also share access to all your e-mail correspondence and messengers that you use.



All you have to do to prevent this from happening is - transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").



My bitcoin address (BTC Wallet) is: 1P3eUgQzL12tDo2oh9csyo7HFxLer8vJsG



After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.

You have 2 days (48 hours) to complete this transaction.

Once you open this e-mail, I will receive a notification, and my timer will start ticking.



Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.

I have been working on this for a very long time by now; I do not give any chance for a mistake.



If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA