Sexual Blackmail phishing originating from Croatia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 16:04:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nrRlj-000Ngw-7I
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 16:03:47 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 16:03:47 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 93-141-69-47.adsl.net.t-com.hr ([93.141.69.47]:15832)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nrQKi-000JHm-AM
for doctor@nk.ca;
Wed, 18 May 2022 14:31:53 -0600
From:
To:
Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
Date: 18 May 2022 23:20:24 +0100
Message-ID: <003001d86b07$067754c4$12f317b9$@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_002D_01D86B07.067377DA"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac8t9bkg9r3t3hq18t9bkg9r3t3hq1==
Content-Language: en-us
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. I have bad news for you. Unfortunately, something bad
happened. One of your credentials was compromised, and that led to a chain
of events that I will explain to you now. Using your password, our team got
access to your email. We downloaded all data, and with some [...]
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[93.141.69.47 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[93.141.69.47 listed in bb.barracudacentral.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nk.ca;ip=93.141.69.47;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 PDS_BTC_ID FP reduced Bitcoin ID
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
This is a multi-part message in MIME format.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
(filtered medium)">
link=3D"#0563C1" vlink=3D"#954F72">
class=3DMsoNormal>Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted =
files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 16:04:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nrRlj-000Ngw-7I
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 16:03:47 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 16:03:47 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 93-141-69-47.adsl.net.t-com.hr ([93.141.69.47]:15832)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1nrQKi-000JHm-AM
for doctor@nk.ca;
Wed, 18 May 2022 14:31:53 -0600
From:
To:
Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
Date: 18 May 2022 23:20:24 +0100
Message-ID: <003001d86b07$067754c4$12f317b9$@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_002D_01D86B07.067377DA"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac8t9bkg9r3t3hq18t9bkg9r3t3hq1==
Content-Language: en-us
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. I have bad news for you. Unfortunately, something bad
happened. One of your credentials was compromised, and that led to a chain
of events that I will explain to you now. Using your password, our team got
access to your email. We downloaded all data, and with some [...]
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[93.141.69.47 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[93.141.69.47 listed in bb.barracudacentral.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nk.ca;ip=93.141.69.47;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 PDS_BTC_ID FP reduced Bitcoin ID
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
This is a multi-part message in MIME format.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
(filtered medium)">
link=3D"#0563C1" vlink=3D"#954F72">
class=3DMsoNormal>Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted =
files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments