My introduction to Bitcoin: Extortion scam

I received a funny e-mail this morning. {ominous music to sad trombone sound}. It was marked as spam but made it to the inbox: Its message header was:

Return-Path: <allan@allandebono.org> Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])  by sloti8d1t26 (Cyrus 3.1.5-895-g0d23ba6-fmstable-20190213v1) with LMTPA;  Tue, 26 Feb 2019 04:30:00 -0500 X-Cyrus-Session-Id: sloti8d1t26-1551173400-2680779-2-4563902645168648978 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no ("From == To and no DKIM or SPF for from domain, likely forged");  in-addressbook X-Spam-score: 29.8 X-Spam-hits: BITCOIN_DEADLINE 0.2, BITCOIN_MALWARE 2.999, BITCOIN_SPAM_07 3,   DATE_IN_FUTURE_06_12 0.001, DCC_CHECK 1.1, DOS_OE_TO_MX 3.086,   FSL_BULK_SIG 0.821, HDR_ORDER_FTSDMCXX_DIRECT 1.952,   HDR_ORDER_FTSDMCXX_NORDNS 2.083, HELO_MISC_IP 0.001, ME_FROM_EQ_TO 0.01,   ME_NOAUTH 0.01, ME_NOAUTH_FROM_EQ_TO 1.5, ME_VADESPAM 5,   ME_ZS_LISTED 0.001, MIMEOLE_DIRECT_TO_MX 0.001,   NO_FM_NAME_IP_HOSTN 0.335, RCVD_IN_PBL 3.558, RDNS_NONE 1.274,   SPF_NEUTRAL 0.652, TO_EQ_FM_DIRECT_MX 1.214, XPRIO 1.027, LANGUAGES en,   BAYES_USED none, SA_VERSION 3.4.2 X-Spam-source: IP='124.207.151.185', Host='noreverse', Country='CN', FromHeader='org',   MailFrom='org'

In bold you’ll see that DKIM and SPF identifiers are absent and therefore “likely forged.” Strike one. Strike two is the IP address. Sent from 124.2017.151.85 which is in Guangdong CN. A quick look at my mail access logs shows no logins occurring from outside Canada.


Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account.

I’ve been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.

With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $782 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”). My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Best regards!

-an extorting script-kiddie that entertained Allan on Feb 26 2019.

Then I learned something even better. There is a bitcoin abuse database:

 https://www.bitcoinabuse.com/reports/1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

Several people have reported this person/group for extortion. The funniest thing however, is this link. It summarizes how much Bitcoin the person has earned:
https://bitref.com/1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

Despite multiple, visible reports, only $650 of Bitcoin have been generated by this person(s). Clearly bad at what they do.

I know so little about internet technology, but I know well enough to check suspicious emails for their headers. In case you’ve received a seemingly frightening e-mail check the header.

I’m leaving the bitcoin address below to make sure it gets picked up by search engines

1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

Advertisements