go to sections menu

This must be another great email, see if you can spot what’s wrong from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary > This must be another great email, see if you can spot what’s wrong

Go to Homepage, contents or to navigation menu

This must be another great email, see if you can spot what’s wrong

After thinking about this email I got this morning,I think I’ve decided how i’m going to present it.

This email may look like your typical scareware whereby the sender wants you to do something or else something will happen. You’d be right, but what is interesting about this email is that it comes from a support email address. Here’s the email.

The subject is: Re [Reminder] Pending Payment – 417729-2717-757

That’s strange, I didn’t make a payment overnight at 1 am, and the body is definitely something interesting.


I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.

Here is the sequence of events:

Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online). I have easily managed to log in to your email account .

One week later, I have already installed the Cobalt Strike “Beacon” on the Operating Systems of all the devices you use to access your email. It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple. :).

This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list.

My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter.

While gathering information about you, i have discovered that you are a big fan of adult websites. You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure. Well, i have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, colleagues, and relatives. Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you.

I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest.
I guess you don’t want that to happen.

Let’s settle it this way:

You transfer 2.4 Bitcoin to me and once the transfer is received, I will delete all this dirty stuff right away. After that, we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me. I keep my word.

That is a fair deal, and the price is relatively low, considering that I have been checking out your profile and traffic for some time by now. If you don’t know how to purchase and transfer Bitcoin – you can use any modern search engine.

You need to send that amount here Bitcoin wallet:

(The price is not negotiable).
You have 5 days in order to make the payment from the moment you opened this email.

Do not try to find and destroy my virus! (All your data is already uploaded to a remote server).
Do not try to contact me. Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

This is an APT Hacking Group. Don’t be mad at me, everyone has their own work.
I will monitor your every move until I get paid.
If you keep your end of the agreement, you won’t hear from me ever again.

Everything will be done fairly!
One more thing. Don’t get caught in similar kinds of situations anymore in the future!
My advice: keep changing all your passwords frequently.

This is interesting, they’re giving me advice but my passwords are held in my password manager of choice.

The mailing address of the email just pasted here is: which does not even exist.

The other piece of the headers which also indicates I can’t go to it is a domain claiming to be Microsoft.

That header comes from the envelope:

(envelope-from example.user50@chivunkentertaiment.onmicrosoft.com)

Microsoft doesn’t own onmicrosoft.com and it said I couldn’t go there. The first one gave me an ATT search page.

I’m not afraid of publishing this, because of the fact that they claim they’ve done things yet people would know if something wasn’t working right or sluggish.

I don’t follow links like I used to, this is how something like Cobolt Strike would be installed on the device.

I’m sure I could change my password, but go ahead, share whatever video you have because it won’t be on my facebook or other social media. Have fun! YOu didn’t even tell me who you were and people who would have data wouldn’t be snooping around for weeks waiting for something people need to do on a regular basis. Have fun because I don’t have a camera attached to this computer, and the one on my phone doesn’t record unless I open the app. Since I use speech, I’d know if my phone was messed with too. So again, have fun!

Also, have fun because there is no DMARC and DKIM in the headers. It says none on both.

Informazioni sull'articolo

This must be another great email, see if you can spot what’s wrong was released on December 30, 2022 at 7:00 pm by tech in security news and commentary.
Last modified: December 30, 2022.

Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu