We’ve seen millions of emails with blackmailing texts containing some username/email address and a password harvested from some hacked website.
This one would be just another one, except that the text is obfuscated 🙂
It looks interesting but it is tiresome to try to read it. And why the effort, in the end ?
Below is the email. This son of a b** who sent the email took good care to not obfuscate the BTC wallet.
Unfortunately, somebody actually paid on 27.2.2020, but I am not sure if this is a victim or not.
Here is the relevant part of the header of the email:
Received: from asobkjzvu.com ([197.159.64.4])
by mx.google.com with SMTP id d3si5673968oia.236.2020.03.02.07.13.09
for <sorin@mustaca.com>;
Mon, 02 Mar 2020 07:13:21 -0800 (PST)
Received-SPF: neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) client-ip=197.159.64.4;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) smtp.mailfrom=sitjpemaj@asobkjzvu.com
X-K: live
Received: from unknown (15.218.224.6)
by qrx.quickslick.com with NNFMP; Mon, 02 Mar 2020 10:11:17 -0500
Received: from unknown (HELO smtp18.yenddx.com) (Mon, 02 Mar 2020 09:53:27 -0500)
by relay.2yahoo.com with NNFMP; Mon, 02 Mar 2020 09:53:27 -0500
Received: from smtp.doneohx.com ([Mon, 02 Mar 2020 09:36:30 -0500])
by asx121.turbo-inline.com with QMQP; Mon, 02 Mar 2020 09:36:30 -0500
Message-ID: <BF8ECBD9.15C50D36@asobkjzvu.com>
Well, enjoy the reading 🙂
© Copyright 2020 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch