An interesting email

[benjii]

I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many.

Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: removed

You say: this is the old password!
Or: I will change my password at any time!

Yes! You're right!
But the fact is that when you change the password, my trojan always saves a new one!

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $707 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin&#8221.

My bitcoin address (BTC Wallet) is: 17zmnmqEUCesNz6UgXGbRk7fKnu8iq1q2J

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from [email protected] (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?

 

[benjii]

That's exactly my point, it could apply to many people and make them very worried. People get caught out by the stupidest Nigerian prince scams, this one is vaguely convincing in comparison.

 

[benjii]

because of an excellent arse application

Erm... what?

 

[benjii]

Back door.

Hah, that's amazing! A lovely Google translate job.

 

[benjii]

well it has worked on a couple of people.

https://www.blockchain.com/btc/address/17zmnmqEUCesNz6UgXGbRk7fKnu8iq1q2J

that bitcoin wallet received 2 payments yesterday!

You would think that they only email a certain amount of addresses with one bitcoin wallet address and will change it fairly often so they are probably doing ok out of it.

I forgot to check the address, that's really sad that they're getting hits on it.

This reminds me of a friend that fell for one of these emails, he didn't have the money to pay it off, so instead opted to warn everyone on Facebook that some five-finger-shuffle videos were about to be leaked. Obviously they never got released.

 

[benjii]

I'm not sure if I'm answering your question but on the Outlook website, just put your arrow over the sender name and it'll show the true email address, which is usually some weird one.

Not sure if you was meaning the outlook email program or the website.

As for spoofing emails, I've never done it myself but I hear its very easy to spoof email addresses.

It was in Outlook. The reason I asked was because doing what you suggested gave me my own contact card info, so it really did look like I'd just emailed myself. However, it was obviously spam and peaked my interest, other people explained how it's possible though, so all is good.

Here's a little taster of my Gmail spam folder

At least those are interesting! Aside from the one I posted here, I mainly get dating spam or the occasional enlargement pills.

 

[benjii]

I suspect that one of the real issues with the well-known email services is that many users use some variant of their name as their email Id - e.g. [email protected]

To compound this, it is amazing how many people use easily guessed words as their pa55w0rd or qwertyuiop.

My passwords are all long randomly generated strings. However, in one of the many leaks over the past few years, one of my passwords and my casual internet email got out there. It wasn't a big deal, I just changed my password. However, I now get multiple attempts a week to login to my social media accounts using the correct email, but the wrong password. I guess they're trying the one that was originally leaked. Strong passwords and 2FA on everything does the trick though.