An interesting email

Soldato
Joined
26 Apr 2013
Posts
4,826
Location
Plymouth
I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many.

Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: removed

You say: this is the old password!
Or: I will change my password at any time!

Yes! You're right!
But the fact is that when you change the password, my trojan always saves a new one!

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $707 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 17zmnmqEUCesNz6UgXGbRk7fKnu8iq1q2J

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from [email protected] (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?
 
Soldato
OP
Joined
26 Apr 2013
Posts
4,826
Location
Plymouth
That's exactly my point, it could apply to many people and make them very worried. People get caught out by the stupidest Nigerian prince scams, this one is vaguely convincing in comparison.
 
Soldato
Joined
21 Oct 2011
Posts
21,590
Location
ST4
I got another one to add the collection earlier. :D

Greetings.. .


This email won't take too much of your study time, therefore direct to the issue. I acquired a footage of you taking your turn at the self-serve station while at a pornweb site you're went to, because of an excellent arse application I have managed to place on a couple of websites with that type of material.

You click play and all of the cams and a microphone start recording furthermore, it will save every darn detail coming from your computer system, including contact info, security passwords or crap similar to that, think where i got this email from?) And so now i know just who i am going to deliver that to, in case you not necessarily going to compensate this along with me.

I will place a account address under so that you can hit me 790 bucks within 2 days maximum via btc. See, it's not that huge of a value to pay, guess this can make me not that awful of a person.

You're welcome to complete whichever the **** you wish to, however in case i will not find the total within the time period stated over, well... you already realize what will occur.

Therefore it is your responsibility at this point. Now i'm not going to move through every detail and stuff, just simply don't have time for that as well as you probably know that internet is flooded with mail such as this, so it is as well your choice to trust in this or not, there is certainly only one way to figure out.

Here is my bitcoin address:1FvCJ5XjbpAYafojs9LQC223NDSs1i5HZ7


Have a great time and remember that time clock is ticking))
 
Associate
Joined
2 Sep 2013
Posts
1,877
Had a whole bunch of those go to a "fake" email address that is used, and I'm just thinking... "Eh?".

Looking through the details, I see the ones sending to my fake address is sent from yahoo-jp, dunno if that's actually true or not, but yeah, not actually local or from that fake email address at all.
 
Soldato
Joined
21 Oct 2011
Posts
21,590
Location
ST4
The last one I had like this had the opening line of

Hello my prey

Had one of those myself not too long back.

Hi, my prey.

THIS IS MY LAST WARNING!

2 weeks ago, you received an email from PayPal. Once you switched to it, you downloaded my virus. .
My trоjаn саptured all your private data and switсhеd on yоur camеra whiсh reсоrded thе act of yоur solitary sеx. Just аftеr that the trоjan sаvеd your contаct list.
I will еrаsе the comрromising video recоrds and informatiоn if you send me 350 EURO in bitcoin.

This is аddress fоr pаyment : 1J8fYdP9Pinr9WqHGyLyRSPKbSRAmAF9VG

I give you 30 hours аftеr you оpеn my message for making thе pаyment.
As soon as yоu read thе mеssаge I'll sеe it right away.
It is not nеcеssаry to tеll me thаt you hаve sеnt money to mе. This аddress is соnnеcted to you, my system will erased аutоmаticаlly аfter trаnsfеr сonfirmatiоn.
If you neеd 48h just Оpеn thе calсulatоr оn yоur dеsktoр аnd рrеss +++
If yоu dоn't раy, I'll send dirt tо аll your cоntасts.
Let mе remind yоu-I see what yоu'rе dоing!
Yоu сan visit the police offiсe but аnybоdy саn't hеlp you.
If you try to deceivе mе , I'll knоw it immediаtely!
I don't livе in your сountry. Sо anyone саn nоt traсk my loсatiоn evеn fоr 9 months.
byе. Dоn't fоrget аbоut thе shamе аnd to ignоrе, Yоur lifе сan bе ruined.

Also had one that starts with "Hello sacrifice". :D
 
Man of Honour
Joined
13 Oct 2006
Posts
90,805
The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from [email protected] (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?

Not just that in this case they are using an account on the same domain and service to send the spam? so it doesn't look as suspicious unless you actually follow the send chain in depth?
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many.



The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from [email protected] (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?

Any open relay SMTP server can be made to look like you sent the email to yourself. That method is older than the dawn of time and you would be surprised how easy it was to find an open SMTP relay server on the internet.
 
Soldato
Joined
25 Nov 2007
Posts
5,581
Location
London
Any open relay SMTP server can be made to look like you sent the email to yourself. That method is older than the dawn of time and you would be surprised how easy it was to find an open SMTP relay server on the internet.

Like 16 years ago i was using some email bomber program, but aside from spamming hundreds of emails in seconds, you simply use a yahoo or Hotmail smtp server and enter whatever email address you want.

No account was required whatsoever.
 
Soldato
Joined
18 Oct 2002
Posts
8,116
Location
The Land of Roundabouts
The mechanism is quite easy. emails contain a few headers that are hidden to end users, 2 of these are "mail-from" and "reply-to" (don't quote me on the specifics, its from memory :))
Most mail clients display the reply-to address and this is the header they spoof. im guessing if you are able to view the full header you will see the originating domain address.

The domain validators aspects of Antispam mechanisms (spf/dmarc) work against the "mail-from" address so as long as this is valid (any random hosted solution will do) then its less likely to get caught as spam and delivered to your inbox.

Im quite impressed by this vector as they are using the leaked DB's of email/passwords, pairing it all up and spear phishing users on a mass scale, its all automated. You have to wonder about the people behind these ideas, if they put this much effort into a legitimate line of business they would probably do ok out of it!
 
Back
Top Bottom