Blackmail Scam

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Blackmail Scam

Post by blueriver » 2019-02-17 20:49

I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.

I have known for some time that the email account is now known to spammers
and have stopped using months ago. I have only kept it running to get
messages from those not yet notified or address changed, etc.

I do not believe they even know the password for the account.

Please let me know what you think.

EDIT: took out my emai address

Here is the header and the text:

Return-Path: hongy@zjzs.net
Received: from zjzs.net (Unknown [115.236.10.201]) by xxxxxx.net with ESMTP ; Sun, 17 Feb 2019 11:42:56 -0500
Received: from [168-181-109-1.verdante.com.br] (unknown [45.165.68.2]) by mailsvr (Coremail) with SMTP id AQAAfwCnrg79jmlcPcj0AQ--.43594S9; Mon, 18 Feb 2019 00:42:54 +0800 (CST)
Date: Sun, 17 Feb 2019 17:42:54 +0100
X-CSA-Complaints: whitelist-complaints@zjzs.net
To: xxxxxx@xxxxxx.com
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
X-Sender-Info: hongy@zjzs.net
Organization: Kotrobnlvoocrvcg
List-Help: http://pvjnxewssat.com/yg/zdacw/sqiqdlqljoxq
X-Sender: <hongy@zjzs.net>
From: <xxxxxx@xxxxxx.com>
Subject: xxxxxx
Abuse-Reports-To: abuse@mail.zjzs.net
Message-ID: <t6con1ts-0tky-ebrp-rx56-pio3z4wg4rgb>
X-aid: 1817867015
X-CM-TRANSID: AQAAfwCnrg79jmlcPcj0AQ--.43594S9
X-Coremail-Antispam: 1UD129KBjvJXoW7uw48XFWrZFyUAFWxury7trb_yoW8uF4fpF WFyr1DCFyktF4kJas29w1xAw40y395trWY9a43GrZ0kwn8WrySgr1Ikw1Y934furs3AryY vws8Z3Z8Z3ZFq3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUMjb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI 8067AKxVWUWwA2048vs2IY020Ec7CjxVAFwI0_Jrv_JF4l8cAvFVAK0II2c7xJM28CjxkF 64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcV CY1x0267AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY 1x0267AKxVW0oVCq3wAa7VA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW0oVCq3VA2z4x0Y4 vE2Ix0cI8IcVAFwI0_tr0E3s0E7I0Y6sxI4wAa7VA2z4x0Y4vE2Ix0cI8IcVCY1x0267AK xVW0oVCq3VA2z4x0Y4vEx4A2jsIE14v26rxl6s0q6x02cVCv0xWlnx0E84ACjcxK6xIIjx v20xvEc7CjxVAFwI0_GcCE3s0E7I0Y6sxI4wAa7VCE64xvF2IEb7IF0Fy264xvF2IEb7IF 0Fy264kE64k0F2IE7I0Y6sxI4wAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082 IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv 7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcVAKI48JM4xvF2 IEb7IF0Fy264kE64k0F24lFcxC0VAYjxAxZF0Ex2IqxwAKzVCY07xG64k0F24lc2xSY4AK 6IIF6r1l42xK82IYc2Ij64vIr41l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x 0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2 zVAF1VAY17CE14v26r1j6r15MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_tr0E3s 1lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4UJVWxJr1lIxAIcVCF04k26cxKx2IYs7xG6r1j 6r1xMIIF0xvEx4A2jsIE14v26r4UJVWxJr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr 1UMVCEFcxC0VAYjxAxZFUvcSsGvfC2KfnxnUUI43ZEXa7IU5j_MDUUUUU==
Sender: hongy@zjzs.net
X-CM-SenderInfo: 5krqw5w62m62goqh3/




This account was hacked! Renew the password right away!
You probably do not heard about me and you are most likely wanting to know for what reason you're receiving this email, proper?
I'mhacker who crackedyour emailand systemseveral months ago.
Do not make an attempt to talk to me or alternatively find me, it is definitely not possible, since I directed you this message using YOUR account that I've hacked.
I have build in malware soft on the adult videos (porn) website and suppose you visited this site to have a good time (you realize what I want to say).
When you have been taking a look at movies, your browser began operating like a RDP (Remote Control) having a keylogger that provided me access to your display and webcam.
Afterward, my software programgatheredall information.
You have entered passwords on the web-sites you visited, and I caught all of them.
Needless to say, you could possibly modify them, or perhaps already modified them.
However it does not matter, my spyware renews information every 5 minutes.
And what I have done?
I compiled a backup of every your device. Of all files and contact lists.
I created a dual-screen movie. The 1st part presents the video you were watching (you've got a very good preferences, wow...), the 2nd part reveals the tape from your camera.
What actually do you have to do?
Great, in my opinion, 1000 USD will be a good price for our very little riddle. You'll make the deposit by bitcoins (in case you don't know this, search “how to buy bitcoin” in any search engine).
My bitcoin wallet address:
1GXBRWZaTqTEvxY2NzfdrMwYbPHqfWNNYE
(It is cAsE sensitive, so just copy and paste it).
Important:
You have only 48 hours to perform the payment. (I built in an exclusive pixel in this e-mail, and at this moment I know that you have read through this email).
To tracethe reading of a letterand the activityin it, I usea Facebook pixel. Thanks to them. (That whichis usedfor the authorities might actually helpus.)

In the event I fail to get bitcoins, I'll undoubtedly offer your videofile to each of your contacts, along with family members, colleagues, etc?

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-17 21:55

We get a couple of them every week... SCAM!

Those of our laptops with cams have stickers on them so that's how we know. Also some of them claim to have a "webbug/tracker" in the email so the scammer will know if we read it... BOOOO... They forgot... :mrgreen:

Delete it and forget it...

OTOH... Better check that your email is not compromised..

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords

https://sec.hpi.de/ilc/search
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7766
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-02-17 23:16

Yes. It is common spam. They have nothing and know nothing about you, everyone receives these. Dont worry.

You could use it to make money: if they say it was so easy and have a video of you pleasuring yourself, ask them to put it on the internet and claim copyright and the money from ingringment. :-)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Re: Blackmail Scam

Post by blueriver » 2019-02-18 00:49

jimimaseye wrote:
2019-02-17 23:16
Yes. It is common spam. They have nothing and know nothing about you, everyone receives these. Dont worry.

You could use it to make money: if they say it was so easy and have a video of you pleasuring yourself, ask them to put it on the internet and claim copyright and the money from ingringment. :-)
LOL

blueriver
Normal user
Normal user
Posts: 86
Joined: 2009-03-25 22:23

Re: Blackmail Scam

Post by blueriver » 2019-02-18 00:51

SorenR wrote:
2019-02-17 21:55
We get a couple of them every week... SCAM!

Those of our laptops with cams have stickers on them so that's how we know. Also some of them claim to have a "webbug/tracker" in the email so the scammer will know if we read it... BOOOO... They forgot... :mrgreen:

Delete it and forget it...

OTOH... Better check that your email is not compromised..

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords

https://sec.hpi.de/ilc/search

Thanks. My main concern was an email password compromise but I see no evidence of that.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Blackmail Scam

Post by mattg » 2019-02-18 01:09

Often these emails contain a real password, sometimes an old one.

https://haveibeenpwned.com/ recently added 772 MILLION addresses and passwords in one haul. https://haveibeenpwned.com/PwnedWebsites#Collection1

That in itself is one email address for every 6 or so people in the world, just in that one haul.
Apparently just the text file with basic demographics (name address email etc) and many with passwords was many tens of GB of data, that took days to download.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 530
Joined: 2017-09-12 17:57

Re: Blackmail Scam

Post by palinka » 2019-02-18 01:39

Good reason to cycle passwords often.

NetChain
New user
New user
Posts: 15
Joined: 2016-08-07 23:58

Re: Blackmail Scam

Post by NetChain » 2019-02-23 17:43

haveibeenpwned.com - is this for real???

They say this email has been pwned, but there's no proof of that.
Just try to use any admin@ accounts, like

admin@google.com or admin@applie.com even admin@whitehouse.gov

They say they all been pwned.
Really ?! :roll:

Seems like an advertisement for 1password.com

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-23 19:28

NetChain wrote:
2019-02-23 17:43
haveibeenpwned.com - is this for real???

They say this email has been pwned, but there's no proof of that.
Just try to use any admin@ accounts, like

admin@google.com or admin@applie.com even admin@whitehouse.gov

They say they all been pwned.
Really ?! :roll:

Seems like an advertisement for 1password.com
It's real...
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7766
Joined: 2011-09-08 17:48

Re: Blackmail Scam

Post by jimimaseye » 2019-02-23 19:42

Yes it's real.

(I have some work addresses on the list but nobe of my home personal addresses or passwords. )

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blackmail Scam

Post by SorenR » 2019-02-23 20:18

blueriver wrote:
2019-02-17 20:49
I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.
Found today that this actually have a name...

https://en.wikipedia.org/wiki/Sextortion
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Blackmail Scam

Post by mattg » 2019-02-24 01:14

SorenR wrote:
2019-02-23 20:18
blueriver wrote:
2019-02-17 20:49
I received an email that threatens to blackmail me unless I pay them.
I have no intension of paying.
Let them have at it since what they claim is not true.
I have no camera on my computers. Only my ipad has a camera.
Found today that this actually have a name...

https://en.wikipedia.org/wiki/Sextortion
This was also the story line of a Black Mirror episode on Netflix - https://en.wikipedia.org/wiki/Shut_Up_a ... ck_Mirror)
NetChain wrote:
2019-02-23 17:43
Seems like an advertisement for 1password.com
I suspect that Troy has high hosting costs and accepts advertising to help cover the costs of what he does. In all he has email addresses for about 1 in 4 people in the world on that site, you can also check to see if your regular password is listed, and he details where the email addresses were found. One of my email addresses was hacked from the AVAST user forum back in 2012.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

fjgh
Normal user
Normal user
Posts: 32
Joined: 2014-02-19 18:33

Re: Blackmail Scam

Post by fjgh » 2019-03-07 03:45

I got one of those emails too. I did some detective work and found out he was an actor in Austria. He bought my userid and password from hackers who hacked a site I used to download manuals from. I called the Austrian police and reported him and I sent him an email and told him the police knows what he is doing. All of his actor websites went immediately down and my further emails never made it to him. These guys buy scripts and use them to blackmail all the users he bought user ids for. I wouldn't worry one bit. These people have nothing. They are all threats and nothing else.

User avatar
jim.bus
Normal user
Normal user
Posts: 142
Joined: 2011-05-28 11:49
Location: US

Re: Blackmail Scam

Post by jim.bus » 2019-03-07 10:12

I got a similar email with almost the same wording except the person who sent the email to me had slightly better English grammar.

(S)He was an idiot because (S)he claimed to have all my contacts which (S)he got from my email account. Joke's on her/him because I don't have any of my Contacts on my email account.

My moronic hacker (probably has 'Orange Hair') was a little less greedy. (S)He only wanted $495 in Bitcoin.

(S)He said not to get mad at him/her as (S)he was doing his job.

(S)He threatened that if I wanted proof (S)he had my information to just reply to her/his email and he would send all my information to all of my coworkers family and my 6 Contacts. I have hundreds of Contacts. This person (and I use the term person loosely) was speaking to people who can be intimidated by threats not realizing this idiot couldn't possibly have the information (S)he claimed to have. (S)He used an Email ID I have long known was compromised a long, long time ago. So I know (S)he didn't get it from the Email Server I use.

I will say this disreputable piece of garbage did cover her/his tracks well for the ordinary person. Couldn't tell anything definitive as to where (s)he was located or who (S)he actually was by looking at the Message Headers. Nothing in them matched up to what you could see in the email itself. This person was hoping you would be too stupid or uninformed to not realize (S)he was full of S**t.

Post Reply