Computer Software > Security
Blackmail email
Weaver:
I got this amazing email recently:
--- Code: ---Return-Path: <nymarysaimi@outlook.com>
Delivered-To: weaver@weavers-email.com
Received: from g-hopeless.aa.net.uk ([::1])
by g-hopeless.aa.net.uk with LMTP id QKceEwgMUVtjKgAADvaTfA
for <weaver@weavers-email.com>; Thu, 19 Jul 2018 23:09:12 +0100
Received: from g-hopeless.aa.net.uk ([::1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
by g-hopeless.aa.net.uk with LMTP id +LttEAgMUVtnAgAADvaTfA
; Thu, 19 Jul 2018 23:09:12 +0100
Delivery-date: Thu, 19 Jul 2018 23:09:12 +0100
Received: from mail-oln040092254027.outbound.protection.outlook.com ([40.92.254.27] helo=APC01-PU1-obe.outbound.protection.outlook.com)
by g-hopeless.aa.net.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
(Exim 4.89)
(envelope-from <nymarysaimi@outlook.com>)
id 1fgH6j-0001PT-Li
for weaver@weavers-email.com; Thu, 19 Jul 2018 23:09:12 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=neB8kBzvV38jZ7LFQNXae98I3/v5HXTkGSEGRR85ojk=;
b=Oy78xxYpamVRVMe3fyj6cufeoe0dp+ubm0Dv96GcsgAelP4/nNa9XoR4RFhCfEYPce05PufffesDkySyhOE/XIvq8q2dLsxb0csWLVJpC0bHapLYDUV9Q3t+Yjo/KXuorkHtJXAV6NB+Ssv/r5ZX6C9qMCZSMM4pmjj6H0UHm+a9qybKewEDHc8OTeTlPL070OlyRpY4UEyedKNZieuV5mylGj04kdYRR/GG6OXjt5Krj249ZbjgGkJAdmOxjSC/98e5QGAbXlIa1E/KsxNskAm0o3SdwPs/1WAd60eqMPT3NPeUo5HCFOw9mihuC3DfObQBzHuxxQqaN3oyDvZJRA==
Received: from PU1APC01FT060.eop-APC01.prod.protection.outlook.com
(10.152.252.59) by PU1APC01HT232.eop-APC01.prod.protection.outlook.com
(10.152.252.213) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.952.17; Thu, 19
Jul 2018 22:08:58 +0000
Received: from SG2PR06MB2252.apcprd06.prod.outlook.com (10.152.252.57) by
PU1APC01FT060.mail.protection.outlook.com (10.152.253.44) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.20.952.17 via Frontend Transport; Thu, 19 Jul 2018 22:08:57 +0000
Received: from SG2PR06MB2252.apcprd06.prod.outlook.com
([fe80::818a:e99a:1547:608a]) by SG2PR06MB2252.apcprd06.prod.outlook.com
([fe80::818a:e99a:1547:608a%13]) with mapi id 15.20.0973.018; Thu, 19 Jul
2018 22:08:57 +0000
From: Cortese Little <nymarysaimi@outlook.com>
To: "weaver@weavers-email.com" <weaver@weavers-email.com>
Subject: weaver
Thread-Topic: weaver
Thread-Index: AQHUH60WxoxKfeHAHUOmfoDlzRr0hg==
Date: Thu, 19 Jul 2018 22:08:57 +0000
Message-ID: <SG2PR06MB2252D9A1880D9525CBAC8886B3520@SG2PR06MB2252.apcprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:3EEB35E89C979548F6E54A55BE187E3D68E0B7C60327F5675D55A00ADD5CC231;UpperCasedChecksum:831645FD340F8CB44A1C947486C713ECA02C52A5F7954AABA3894BE0BA991DB2;SizeAsReceived:6786;Count:43
x-tmn: [A2Cd70fYyJ6jWpd/RKLjn0acK6eZ+d/x]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;PU1APC01HT232;7:5Y0V24mW7AwHU5kwik9M3gLl8fChi8yUgFBGv8dSnLXSDb9jaixjMP4/Lk7LoZMHz/P3v6Jx3PVdtdrfL5xXLE+pHvsNHda9tKdCxjfzPoHCYUI8/b+irB46eckLrVu2E1im1nbcoY3hP95r94yeiaFUe4FQ8U4aCBlQbQWwGQMMjRrvxiYrK6MTyHhryriBjlcdNp5xj3SP72BpY+15HuICDlzBV4g/j7qh7QauxoYKt6iBd4vnJx9+4DjSOixS
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125500)(1701031045);SRVR:PU1APC01HT232;
x-ms-traffictypediagnostic: PU1APC01HT232:
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(82015058);SRVR:PU1APC01HT232;BCL:0;PCL:0;RULEID:;SRVR:PU1APC01HT232;
x-forefront-prvs: 0738AF4208
x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(189003)(199004)(6346003)(25786009)(102836004)(26005)(104016004)(82202002)(14454004)(10156002)(56003)(2351001)(5250100002)(19627235002)(426003)(99286004)(256004)(2900100001)(2501003)(7696005)(486006)(86362001)(14444005)(476003)(33656002)(68736007)(87572001)(8936002)(97736004)(6916009)(1730700003)(8676002)(81156014)(5660300001)(74316002)(551544002)(305945005)(105586002)(5640700003)(20460500001)(6436002)(55016002)(106356001)(53906005)(21314002)(42262002);DIR:OUT;SFP:1901;SCL:1;SRVR:PU1APC01HT232;H:SG2PR06MB2252.apcprd06.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:;
received-spf: None (protection.outlook.com: outlook.com does not designate
permitted sender hosts)
authentication-results: spf=none (sender IP is )
smtp.mailfrom=nymarysaimi@outlook.com;
x-microsoft-antispam-message-info: auHXBqwQ1VEhZlo+7W27cU46Z1vntlGuSyz9GMEU8F1CyIGxoMu+cm4cCdlpssTZc5NG6ekX3kxXoJN5usHlAFAP97MqJXpF347yH5RdrahmawGpFdjwP78einlarAuAAE6NSkc+afojRr0AMK7kuFncaN67k4rfgm5BqB59Kwcra0dzn/sublATLpebitLz+0HFTY1/zgwfgc/aDW+nz3+jsyyhwj/l7TnyaD+hD5k=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 5dab7a8a-ebdc-4bd9-9cfd-67cde50b170b
X-MS-Exchange-CrossTenant-Network-Message-Id: 7403992b-0a78-4485-8259-08d5edc439aa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 5dab7a8a-ebdc-4bd9-9cfd-67cde50b170b
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2018 22:08:57.9173
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT232
X-Message-Linecount: 103
X-Connected-IP: 40.92.254.27:56192
X-Body-Linecount: 45
X-Message-Size: 7244
X-Body-Size: 2580
X-Received-Count: 4
X-Recipient-Count: 1
X-Local-Recipient-Count: 1
X-Local-Recipient-Defer-Count: 0
X-Local-Recipient-Fail-Count: 0
X-Spam-Score: 1.9
X-Spam-Score-Int: 19
X-Spam-Bar: +
X-Spam-Report: Spam detection software, running on the system "a-spamless.aa.net.uk", has
processed this message and it scored (1.9 points).
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=40.92.254.27,rdns=mail-oln040092254027.outbound.protection.outlook.com]
-0.0 SPF_PASS SPF: sender matches SPF record
1.1 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(nymarysaimi[at]outlook.com)
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VERIFIED No description available.
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_NOT_IN_IPREPDNS Sender not listed at
http://www.chaosreigns.com/iprep/
X-Spam-Mark-Threshold: 3
X-Spam-Reject-Threshold: 4
X-Spam-User: weaver@weavers-email.com
X-Spam-Flag: NO
X-Resolved-To: weaver@weavers-email.com
X-Delivered-To: weaver@weavers-email.com
X-Message-Age: 3
X-SpamSubject:
X-AA-BETA: r=v_u m2=19 m3= m4= m5= m8= m9= reqint=30
X-AA: LMTP delivered
am well aware facialharem one of your password. Lets get straight to purpose. You don't know me and you are most likely thinking why you're getting this email? There is no one who has paid me to investigate about you.
In fact, I actually placed a malware on the xxx streaming (sex sites) web site and do you know what, you visited this site to experience fun (you know what I mean). While you were viewing video clips, your browser started working as a Remote Desktop that has a keylogger which provided me access to your screen as well as web cam. Right after that, my software program obtained every one of your contacts from your Messenger, Facebook, and e-mail . Next I made a double-screen video. 1st part shows the video you were watching (you've got a fine taste haha . . .), and 2nd part shows the view of your web cam, yea it is u.
You do have just two solutions. Shall we study these types of choices in particulars:
1st alternative is to skip this email message. In this scenario, I am going to send your very own videotape to every single one of your personal contacts and also visualize concerning the humiliation you will definitely get. Not to mention should you be in an intimate relationship, just how it is going to affect?
Next option should be to give me $3000. I will name it as a donation. Consequently, I will immediately eliminate your video recording. You could keep on going your daily life like this never took place and you will not ever hear back again from me.
You will make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: 1R11aYt2QWX61cEL32AAsmeSuGVYjPzrX
[case sensitive copy & paste it]
If you are making plans for going to the cop, good, this message cannot be traced back to me. I have covered my actions. I am not trying to ask you for money a whole lot, I just like to be compensated. You now have one day in order to make the payment. I've a specific pixel in this mail, and at this moment I know that you have read through this e mail. If I don't get the BitCoins, I will send out your video recording to all of your contacts including friends and family, coworkers, etc. Having said that, if I receive the payment, I will destroy the recording right away. If you want to have proof, reply with Yup! and I will certainly send your video to your 11 friends. It's a non-negotiable offer thus do not waste my personal time & yours by responding to this e mail.
--- End code ---
Nice eh? I wonder what if anything I should do about it? This kind of stuff could scare some people to death, especially old folks.
d2d4j:
Hi weaver
Report it to AA and let them deal with it.
The headers show it has come from Microsoft and is likely to be a compromised account.
Interestingly, we stopped an attack at a clients and have all files, 1 of which is a file called 187k, containing usernames and passwords for email. All major providers are listed in the file, along with proxies, PayPal so it was going to be a full blown scam.
Believe it or not, some passwords used were password and some users name eg john@ password john.
AA should report it to Outlook as well as add into their content Checker if used
Many thanks
John
j0hn:
https://bitref.com/1R11aYt2QWX61cEL32AAsmeSuGVYjPzrX
Looks like nobody has been dumb enough yet.
roseway:
I've had two of those, one of which I reported here: https://forum.kitz.co.uk/index.php/topic,21298.0.html
Weaver:
I am sorry, I somehow missed your earlier post - have been very out of it at times since my fentanyl was enormously increased, and I often miss almost a whole day.
Navigation
[0] Message Index
[#] Next page
Go to full version