We’ve seen millions of emails with blackmailing texts containing some username/email address and a password harvested from some hacked website.

This one would be just another one, except that the text is obfuscated 🙂

It looks interesting but it is tiresome to try to read it. And why the effort, in the end ?

Below is the email. This son of a b** who sent the email took good care to not obfuscate the BTC wallet.

Unfortunately, somebody actually paid on 27.2.2020, but I am not sure if this is a victim or not.

Here is the relevant part of the header of the email:

Received: from asobkjzvu.com ([197.159.64.4])
        by mx.google.com with SMTP id d3si5673968oia.236.2020.03.02.07.13.09
        for <sorin@mustaca.com>;
        Mon, 02 Mar 2020 07:13:21 -0800 (PST)
Received-SPF: neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) client-ip=197.159.64.4;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) smtp.mailfrom=sitjpemaj@asobkjzvu.com
X-K: live
Received: from unknown (15.218.224.6)
	by qrx.quickslick.com with NNFMP; Mon, 02 Mar 2020 10:11:17 -0500
Received: from unknown (HELO smtp18.yenddx.com) (Mon, 02 Mar 2020 09:53:27 -0500)
	by relay.2yahoo.com with NNFMP; Mon, 02 Mar 2020 09:53:27 -0500
Received: from smtp.doneohx.com ([Mon, 02 Mar 2020 09:36:30 -0500])
	by asx121.turbo-inline.com with QMQP; Mon, 02 Mar 2020 09:36:30 -0500
Message-ID: <BF8ECBD9.15C50D36@asobkjzvu.com>

Well, enjoy the reading 🙂

 

© Copyright 2020 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

---

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch