Blackmail Scam

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Blackmail Scam

Post by blueriver » 2019-02-17 20:49

I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.

I have known for some time that the email account is now known to spammers
and have stopped using months ago. I have only kept it running to get
messages from those not yet notified or address changed, etc.

I do not believe they even know the password for the account.

Please let me know what you think.

EDIT: took out my emai address

Here is the header and the text:

Return-Path: hongy@zjzs.net
Received: from zjzs.net (Unknown [115.236.10.201]) by xxxxxx.net with ESMTP ; Sun, 17 Feb 2019 11:42:56 -0500
Received: from [168-181-109-1.verdante.com.br] (unknown [45.165.68.2]) by mailsvr (Coremail) with SMTP id AQAAfwCnrg79jmlcPcj0AQ--.43594S9; Mon, 18 Feb 2019 00:42:54 +0800 (CST)
Date: Sun, 17 Feb 2019 17:42:54 +0100
X-CSA-Complaints: whitelist-complaints@zjzs.net
To: xxxxxx@xxxxxx.com
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
X-Sender-Info: hongy@zjzs.net
Organization: Kotrobnlvoocrvcg
List-Help: http://pvjnxewssat.com/yg/zdacw/sqiqdlqljoxq
X-Sender: <hongy@zjzs.net>
From: <xxxxxx@xxxxxx.com>
Subject: xxxxxx
Abuse-Reports-To: abuse@mail.zjzs.net
Message-ID: <t6con1ts-0tky-ebrp-rx56-pio3z4wg4rgb>
X-aid: 1817867015
X-CM-TRANSID: AQAAfwCnrg79jmlcPcj0AQ--.43594S9
X-Coremail-Antispam: 1UD129KBjvJXoW7uw48XFWrZFyUAFWxury7trb_yoW8uF4fpF WFyr1DCFyktF4kJas29w1xAw40y395trWY9a43GrZ0kwn8WrySgr1Ikw1Y934furs3AryY vws8Z3Z8Z3ZFq3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUMjb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI 8067AKxVWUWwA2048vs2IY020Ec7CjxVAFwI0_Jrv_JF4l8cAvFVAK0II2c7xJM28CjxkF 64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcV CY1x0267AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY 1x0267AKxVW0oVCq3wAa7VA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW0oVCq3VA2z4x0Y4 vE2Ix0cI8IcVAFwI0_tr0E3s0E7I0Y6sxI4wAa7VA2z4x0Y4vE2Ix0cI8IcVCY1x0267AK xVW0oVCq3VA2z4x0Y4vEx4A2jsIE14v26rxl6s0q6x02cVCv0xWlnx0E84ACjcxK6xIIjx v20xvEc7CjxVAFwI0_GcCE3s0E7I0Y6sxI4wAa7VCE64xvF2IEb7IF0Fy264xvF2IEb7IF 0Fy264kE64k0F2IE7I0Y6sxI4wAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082 IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv 7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcVAKI48JM4xvF2 IEb7IF0Fy264kE64k0F24lFcxC0VAYjxAxZF0Ex2IqxwAKzVCY07xG64k0F24lc2xSY4AK 6IIF6r1l42xK82IYc2Ij64vIr41l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x 0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2 zVAF1VAY17CE14v26r1j6r15MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_tr0E3s 1lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4UJVWxJr1lIxAIcVCF04k26cxKx2IYs7xG6r1j 6r1xMIIF0xvEx4A2jsIE14v26r4UJVWxJr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr 1UMVCEFcxC0VAYjxAxZFUvcSsGvfC2KfnxnUUI43ZEXa7IU5j_MDUUUUU==
Sender: hongy@zjzs.net
X-CM-SenderInfo: 5krqw5w62m62goqh3/




This account was hacked! Renew the password right away!
You probably do not heard about me and you are most likely wanting to know for what reason you're receiving this email, proper?
I'mhacker who crackedyour emailand systemseveral months ago.
Do not make an attempt to talk to me or alternatively find me, it is definitely not possible, since I directed you this message using YOUR account that I've hacked.
I have build in malware soft on the adult videos (porn) website and suppose you visited this site to have a good time (you realize what I want to say).
When you have been taking a look at movies, your browser began operating like a RDP (Remote Control) having a keylogger that provided me access to your display and webcam.
Afterward, my software programgatheredall information.
You have entered passwords on the web-sites you visited, and I caught all of them.
Needless to say, you could possibly modify them, or perhaps already modified them.
However it does not matter, my spyware renews information every 5 minutes.
And what I have done?
I compiled a backup of every your device. Of all files and contact lists.
I created a dual-screen movie. The 1st part presents the video you were watching (you've got a very good preferences, wow...), the 2nd part reveals the tape from your camera.
What actually do you have to do?
Great, in my opinion, 1000 USD will be a good price for our very little riddle. You'll make the deposit by bitcoins (in case you don't know this, search “how to buy bitcoin” in any search engine).
My bitcoin wallet address:
1GXBRWZaTqTEvxY2NzfdrMwYbPHqfWNNYE
(It is cAsE sensitive, so just copy and paste it).
Important:
You have only 48 hours to perform the payment. (I built in an exclusive pixel in this e-mail, and at this moment I know that you have read through this email).
To tracethe reading of a letterand the activityin it, I usea Facebook pixel. Thanks to them. (That whichis usedfor the authorities might actually helpus.)

In the event I fail to get bitcoins, I'll undoubtedly offer your videofile to each of your contacts, along with family members, colleagues, etc?

User avatar
SorenR
Senior user
Senior user
Posts: 2988
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-17 21:55

We get a couple of them every week... SCAM!

Those of our laptops with cams have stickers on them so that's how we know. Also some of them claim to have a "webbug/tracker" in the email so the scammer will know if we read it... BOOOO... They forgot... :mrgreen:

Delete it and forget it...

OTOH... Better check that your email is not compromised..

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords

https://sec.hpi.de/ilc/search
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7860
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-02-17 23:16

Yes. It is common spam. They have nothing and know nothing about you, everyone receives these. Dont worry.

You could use it to make money: if they say it was so easy and have a video of you pleasuring yourself, ask them to put it on the internet and claim copyright and the money from ingringment. :-)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Re: Blackmail Scam

Post by blueriver » 2019-02-18 00:49

jimimaseye wrote:
2019-02-17 23:16
Yes. It is common spam. They have nothing and know nothing about you, everyone receives these. Dont worry.

You could use it to make money: if they say it was so easy and have a video of you pleasuring yourself, ask them to put it on the internet and claim copyright and the money from ingringment. :-)
LOL

blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Re: Blackmail Scam

Post by blueriver » 2019-02-18 00:51

SorenR wrote:
2019-02-17 21:55
We get a couple of them every week... SCAM!

Those of our laptops with cams have stickers on them so that's how we know. Also some of them claim to have a "webbug/tracker" in the email so the scammer will know if we read it... BOOOO... They forgot... :mrgreen:

Delete it and forget it...

OTOH... Better check that your email is not compromised..

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords

https://sec.hpi.de/ilc/search

Thanks. My main concern was an email password compromise but I see no evidence of that.

User avatar
mattg
Moderator
Moderator
Posts: 19630
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Blackmail Scam

Post by mattg » 2019-02-18 01:09

Often these emails contain a real password, sometimes an old one.

https://haveibeenpwned.com/ recently added 772 MILLION addresses and passwords in one haul. https://haveibeenpwned.com/PwnedWebsites#Collection1

That in itself is one email address for every 6 or so people in the world, just in that one haul.
Apparently just the text file with basic demographics (name address email etc) and many with passwords was many tens of GB of data, that took days to download.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 612
Joined: 2017-09-12 17:57

Re: Blackmail Scam

Post by palinka » 2019-02-18 01:39

Good reason to cycle passwords often.

NetChain
New user
New user
Posts: 15
Joined: 2016-08-07 23:58

Re: Blackmail Scam

Post by NetChain » 2019-02-23 17:43

haveibeenpwned.com - is this for real???

They say this email has been pwned, but there's no proof of that.
Just try to use any admin@ accounts, like

admin@google.com or admin@applie.com even admin@whitehouse.gov

They say they all been pwned.
Really ?! :roll:

Seems like an advertisement for 1password.com

User avatar
SorenR
Senior user
Senior user
Posts: 2988
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-23 19:28

NetChain wrote:
2019-02-23 17:43
haveibeenpwned.com - is this for real???

They say this email has been pwned, but there's no proof of that.
Just try to use any admin@ accounts, like

admin@google.com or admin@applie.com even admin@whitehouse.gov

They say they all been pwned.
Really ?! :roll:

Seems like an advertisement for 1password.com
It's real...
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7860
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-02-23 19:42

Yes it's real.

(I have some work addresses on the list but nobe of my home personal addresses or passwords. )

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 2988
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-23 20:18

blueriver wrote:
2019-02-17 20:49
I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.
Found today that this actually have a name...

https://en.wikipedia.org/wiki/Sextortion
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19630
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Blackmail Scam

Post by mattg » 2019-02-24 01:14

SorenR wrote:
2019-02-23 20:18
blueriver wrote:
2019-02-17 20:49
I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.
Found today that this actually have a name...

https://en.wikipedia.org/wiki/Sextortion
This was also the story line of a Black Mirror episode on Netflix - https://en.wikipedia.org/wiki/Shut_Up_a ... ck_Mirror)
NetChain wrote:
2019-02-23 17:43
Seems like an advertisement for 1password.com
I suspect that Troy has high hosting costs and accepts advertising to help cover the costs of what he does. In all he has email addresses for about 1 in 4 people in the world on that site, you can also check to see if your regular password is listed, and he details where the email addresses were found. One of my email addresses was hacked from the AVAST user forum back in 2012.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

fjgh
Normal user
Normal user
Posts: 32
Joined: 2014-02-19 18:33

Re: Blackmail Scam

Post by fjgh » 2019-03-07 03:45

I got one of those emails too. I did some detective work and found out he was an actor in Austria. He bought my userid and password from hackers who hacked a site I used to download manuals from. I called the Austrian police and reported him and I sent him an email and told him the police knows what he is doing. All of his actor websites went immediately down and my further emails never made it to him. These guys buy scripts and use them to blackmail all the users he bought user ids for. I wouldn't worry one bit. These people have nothing. They are all threats and nothing else.

User avatar
jim.bus
Normal user
Normal user
Posts: 150
Joined: 2011-05-28 11:49
Location: US

Re: Blackmail Scam

Post by jim.bus » 2019-03-07 10:12

I got a similar email with almost the same wording except the person who sent the email to me had slightly better English grammar.

(S)He was an idiot because (S)he claimed to have all my contacts which (S)he got from my email account. Joke's on her/him because I don't have any of my Contacts on my email account.

My moronic hacker (probably has 'Orange Hair') was a little less greedy. (S)He only wanted $495 in Bitcoin.

(S)He said not to get mad at him/her as (S)he was doing his job.

(S)He threatened that if I wanted proof (S)he had my information to just reply to her/his email and he would send all my information to all of my coworkers family and my 6 Contacts. I have hundreds of Contacts. This person (and I use the term person loosely) was speaking to people who can be intimidated by threats not realizing this idiot couldn't possibly have the information (S)he claimed to have. (S)He used an Email ID I have long known was compromised a long, long time ago. So I know (S)he didn't get it from the Email Server I use.

I will say this disreputable piece of garbage did cover her/his tracks well for the ordinary person. Couldn't tell anything definitive as to where (s)he was located or who (S)he actually was by looking at the Message Headers. Nothing in them matched up to what you could see in the email itself. This person was hoping you would be too stupid or uninformed to not realize (S)he was full of S**t.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7860
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-04-05 09:09

Non mi conosce e probabilmente si chiede perché ha ricevuto questa e-mail, giusto
Sono solo qualcuno che ha hackerato i suoi dispositivi qualche mese fa.
Le invio questa e-mail da un account compromesso.
Ho installato malware sul sito web erotico e penso che lei abbia visitato questo sito per divertirsi (capisce cosa intendo).
Durante la visione del video, il suo browser di internet inizialmente ha funzionato come RDP (Remote Control) con un keylogger che mi ha permesso di accedere alla sua schermata alla sua webcam.

Poi il mio programma software ha raccolto tutte le informazioni inclusi i suoi contatti e file.

Ha inserito una password sui siti web che visita, e anch’io sono in possesso di questa password

ovviamente puoi cambiarla o forse lo hai già fatto.
Ma non importa perché il mio malware si aggiorna ogni volta e non c'è nulla che lei possa fare al riguardo.

Ecco qualche altro dettaglio:

Ho creato un video con due schermate. La prima parte mostra il video che ha guardato (ha un buon gusto, haha ...), e la seconda parte mostra la registrazione della sua webcam.
Può scansionare il suo computer o qualsiasi altro dispositivo. (Tutti i suoi dati sono già stati caricati su un server remoto.)
- Non provi a contattarmi
- I servizi di sicurezza non aiutano nemmeno: la formattazione di un disco rigido o la distruzione di un dispositivo non sono utili perché i dati sono già su un server remoto.

Le garantisco che non le darò fastidio dopo il pagamento perché non è l'unico della mia lista . Questo è una sorta di codice d'onore che abbiamo.

Non sia arrabbiato con me, ognuno ha il proprio lavoro.
ora passiamo all’accordo.

530 EURO sono un prezzo equo per il nostro piccolo segreto. Deve pagare con Bitcoin (se non sa come farlo , per favore inserisca su Google "come acquistare Bitcoin").

Il mio indirizzo Bitcoin per il pagamento è: ........ etc etc

That was received in my wifes email account. They claim to have installed a keylogger and obtained all her passwords and opened the webcam and FILMED what was happening (and made a video) of her visiting naughty sites (dirty girl!).

Im shocked. I dont know what to do.

For years we believed we dont have a webcam! (I should ask him where he found it) :lol:


(They have tried to circumvent spam checks by using encoding to display characters that look like letters and avoid word pattern matching).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 2988
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-04-05 19:54

Got this the other day...

Code: Select all

Return-Path: thjia@hxgeo.cn
Delivered-To: spam@acme.inc
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on datacenter.acme.inc
X-Spam-Flag: YES
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.1 required=3.0 tests=BAYES_50,BOTNET,
 BOTNET_NORDNS,HTML_IMAGE_ONLY_04,HTML_MESSAGE,LOCALPART_IN_SUBJECT,
 MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,
 RCVD_IN_SBL_CSS,RDNS_NONE,TO_NAME_SUBJ_NO_RDNS,TO_NO_BRKTS_HTML_IMG,
 TVD_SPACE_RATIO autolearn=disabled version=3.4.0
X-Spam-ASN: AS56041 111.3.160.0/20
X-Spam-Virus: No
X-Spam-Report: *  3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
 *      [111.3.169.30 listed in zen.spamhaus.org] 
 *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% 
 *      [score: 0.5157] 
 *  3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS 
 *      [212.241.18.196 listed in zen.spamhaus.org]
 *  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
 *      [Blocked - see <https://www.spamcop.net/bl.shtml?212.241.18.196>] 
 *  1.0 BOTNET Relay might be a spambot or virusbot 
 *      [botnet0.9,ip=111.3.169.30,nordns]
 *  1.1 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject 
 *  1.0 BOTNET_NORDNS Relay's IP address has no PTR record 
 *      [botnet_nordns,ip=111.3.169.30]
 *  0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 
 *  0.0 HTML_MESSAGE BODY: HTML included in message 
 *  0.8 MPART_ALT_DIFF BODY: HTML and text parts are different 
 *  1.2 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words 
 *  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 
 *  0.0 TO_NAME_SUBJ_NO_RDNS Recipient username in subject + no rDNS 
 *  0.0 TVD_SPACE_RATIO No description available. 
 *  2.0 TO_NO_BRKTS_HTML_IMG To: lacks brackets and HTML and one image
Received: from hxgeo.cn (Unknown [111.3.169.30]) by mx.acme.inc ; Wed, 20 Mar 2019 05:59:39 +0100
Received: from [85-113-28-249.static.ktnet.kg] ([212.241.18.196]) (envelope-sender <thjia@hxgeo.cn>)
 by 192.168.1.253 with ESMTP for <wile.e.coyote@acme.inc>; Wed, 20 Mar 2019 12:57:13 +0800
X-WM-Sender: thjia@hxgeo.cn
X-WM-AuthFlag: YES
X-WM-AuthUser: thjia@hxgeo.cn
X-CSA-Complaints: whitelist-complaints@hxgeo.cn
List-Help: <http://szpatslggbuy.com/jb/rzjkfp/jkguitpwjdbu>
X-Sender: thjia@hxgeo.cn
List-ID: he19fkstr7nnbpw296y227dh71i list <1e9srhdvw120708scb79m8vtf.672570.list-id.hxgeo.cn>
Content-Type: multipart/related; boundary="wiwym94ryp-tb318qwq7a-xrei375fun-2w7lqmvoch-dx5j3gzq67"
MIME-Version: 1.0
Message-ID: <71606861.23500.069834129747.JavaMail.app@bmg4pja-app80568.hxgeo.cn>
To: wile.e.coyote@acme.inc
Subject: wile.e.coyote
Abuse-Reports-To: abuse@mailer.hxgeo.cn
User-Agent: Workspace Webmail 6.8.19
Date: Wed, 20 Mar 2019 05:57:08 +0100
Organization: Sfxzcqdjwrjqemct
From: <wile.e.coyote@acme.inc>
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Tagged as Spam by SpamAssassin - (Score: 17)
X-hMailServer-Reason-2: RBL - Rejected by Barracuda Reputation Block List - (Score: 5)
X-hMailServer-Reason-Score: 22
X-Envelope-To: wile.e.coyote@acme.inc
X-Envelope-OriginalTo: wile.e.coyote@acme.inc
X-Envelope-From: thjia@hxgeo.cn
X-Envelope-HELO: hxgeo.cn
X-Envelope-IPAddress: 111.3.169.30
X-hMailServer-LoopCount: 1

This is a multi-part message in MIME format

--wiwym94ryp-tb318qwq7a-xrei375fun-2w7lqmvoch-dx5j3gzq67
Content-Type: multipart/alternative; boundary="aq5hs65nz7-7jrio87d9z-5p7rthazoq-5gv7rvggt0-pybhcqaij7"

--aq5hs65nz7-7jrio87d9z-5p7rthazoq-5gv7rvggt0-pybhcqaij7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64


--aq5hs65nz7-7jrio87d9z-5p7rthazoq-5gv7rvggt0-pybhcqaij7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64

PGh0bWw+PGJvZHk+PGltZyBzcmM9ImNpZDphdHRfaW1nXzQ3MzEwIj48L2JvZHk+PC9odG1sPg0K

--aq5hs65nz7-7jrio87d9z-5p7rthazoq-5gv7rvggt0-pybhcqaij7--

--wiwym94ryp-tb318qwq7a-xrei375fun-2w7lqmvoch-dx5j3gzq67
Content-Type: image/jpeg; name="1553061427683.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="1553061427683.jpg"
Content-ID: <att_img_47310>

/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsK
CwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQU
FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wAARCALkAoADASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9U6KK
KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo

                                -- // --

KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo
AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA
ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi
iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK
KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo
AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA
ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi
iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK
KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo
AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA
ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACi
iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9k=

--wiwym94ryp-tb318qwq7a-xrei375fun-2w7lqmvoch-dx5j3gzq67--
1553061427683.jpg
It says in the email that the wallet address "is cAsE sensitive, so copy and paste it" ...

Well, have you ever tried to copy and paste text from a picture into a textbox ?? Dumbass !!

Clearly whoever is sending out these was not standing in the front row when God handed out brains :mrgreen:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7860
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-04-05 20:45

Almost word for word to the Italian one i posted.

You been with my missus? You little tinker. :lol:
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 2988
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-04-05 23:00

jimimaseye wrote:
2019-04-05 20:45
Almost word for word to the Italian one i posted.

You been with my missus? You little tinker. :lol:
Nah... Not that I know of :mrgreen:

Did a quick search on "BITCOIN_" and it showed 55 emails on 5 accounts since october 2018. The string "BITCOIN_" (malware/extort/spam) is one of the triggers from SpamAssassin, so there may be more where SpamAssassin could not classify the spam.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jim.bus
Normal user
Normal user
Posts: 150
Joined: 2011-05-28 11:49
Location: US

Re: Blackmail Scam

Post by jim.bus » 2019-04-06 10:09

I've gotten about 3 of these things in one to two weeks recently.

The first one I got a month or so ago said if I wanted proof they had hacked me to Reply to the email and he would send everything to all my 6 contacts. Dumbass doesn't know I have no contacts he can probably find in the way he had to have done it and besides I have an extremely larger number of contacts than 6 which proves the Dumbass doesn't know what he is talking about. Though the Dumbass does seem to hide his tracks well as his email Message Headers are not very consistent with what i would expect for a real email.

Think I like this Dumbass scum?

palinka
Senior user
Senior user
Posts: 612
Joined: 2017-09-12 17:57

Re: Blackmail Scam

Post by palinka » 2019-04-06 14:18

SorenR wrote:
2019-04-05 19:54
Got this the other day...
I've seen a bunch of those in the past week. SA has picked all of them up as far as im aware. I get copies of spam and i have seen these in the spam account with scores > delete threshold and no false negatives in my personal mailboxes. I assume none have got through.

The other thing is the image is attached, not linked. So it always appears no matter what your client privacy settings are. It also means dumbass has no idea whether it was received or not.

estradis
Normal user
Normal user
Posts: 126
Joined: 2014-09-09 10:47

Re: Blackmail Scam

Post by estradis » 2019-04-24 15:10

Since this year has started, we have received almost 600 such mails. :roll:

I'm really afraid of him because he managed to hack all my alias addresses. He just has to be the best hacker in the world, if not in the universe.
:lol: :lol: :lol:

Post Reply