Sexual Blackmail phishing scam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 May 2022 06:42:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuvlT-000LXw-QG

for dave@doctor.nl2k.ab.ca;

Sat, 28 May 2022 06:41:55 -0600

Resent-From: The Doctor

Resent-Date: Sat, 28 May 2022 06:41:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 200-96-105-125.user3p.brasiltelecom.net.br ([200.96.105.125]:43570)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuryB-0004I1-W4

for sales@nk.ca;

Sat, 28 May 2022 02:38:54 -0600

Message-ID: <6291B53C.5040009@nk.ca>

Date: Sat, 28 May 2022 01:38:04 -0400

From:

User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0

MIME-Version: 1.0

To:

Subject: You have an outstanding payment. Debt settlement required.

Content-Type: text/plain; charset=ISO-8859-2; format=flowed

Content-Transfer-Encoding: 8bit

X-Spam_score: 16.6

X-Spam_score_int: 166

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (16.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP

address

[200.96.105.125 listed in dnsbl.sorbs.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[200.96.105.125 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[200.96.105.125 listed in psbl.surriel.com]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=200.96.105.125;r=doctor.nl2k.ab.ca]

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_ID FP reduced Bitcoin ID

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.6 BITCOIN_SPAM_02 BitCoin spam pattern 02

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address

1.6 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (sales@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1490 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1FToadJPpfWv9GxwAY2L7Uv3bvJHtNCCQV



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA