We’ve seen millions of emails with blackmailing texts containing some username/email address and a password harvested from some hacked website.
This one would be just another one, except that the text is obfuscated 🙂
It looks interesting but it is tiresome to try to read it. And why the effort, in the end ?
Below is the email. This son of a b** who sent the email took good care to not obfuscate the BTC wallet.
Unfortunately, somebody actually paid on 27.2.2020, but I am not sure if this is a victim or not.
Here is the relevant part of the header of the email:
Received: from asobkjzvu.com ([22.214.171.124]) by mx.google.com with SMTP id d3si5673968oia.236.2020.03.02.07.13.09 for <email@example.com>; Mon, 02 Mar 2020 07:13:21 -0800 (PST) Received-SPF: neutral (google.com: 126.96.36.199 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=neutral (google.com: 184.108.40.206 is neither permitted nor denied by best guess record for domain of email@example.com) firstname.lastname@example.org X-K: live Received: from unknown (220.127.116.11) by qrx.quickslick.com with NNFMP; Mon, 02 Mar 2020 10:11:17 -0500 Received: from unknown (HELO smtp18.yenddx.com) (Mon, 02 Mar 2020 09:53:27 -0500) by relay.2yahoo.com with NNFMP; Mon, 02 Mar 2020 09:53:27 -0500 Received: from smtp.doneohx.com ([Mon, 02 Mar 2020 09:36:30 -0500]) by asx121.turbo-inline.com with QMQP; Mon, 02 Mar 2020 09:36:30 -0500 Message-ID: <BF8ECBD9.15C50D36@asobkjzvu.com>
Well, enjoy the reading 🙂
© Copyright 2020 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch