Q&A Email received from supposed darknet hacker?

Joined
Aug 11, 2018
Messages
9
OS
Windows 10
Antivirus
Comodo
#1
Have you guys seen this before?
A user of mines got an email subject: "their email address" was hacked
The email shows their email address for To: and From: of email

My nickname in darknet is weston87.
I'll begin by saying that I hacked this mailbox (please look on 'from' in your header) more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!​
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,645
OS
Windows 10
#3
It sounds like a hoax to me. It is easy to make a message look like it came from a certain email address, when it really didn't.
If your friend can change his password, it means he is still in control of his account. Tell him to change password, and also set up 2-step verification for log in. That will do it.
Again, it sounds like a hoax, the spammer is just trying to make easy money by scaring people.
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,645
OS
Windows 10
#4
Just tell your friend to log into his email, and check the sent items. If the hackers really compromised his account and sent the message from there, like they claim, it will show in sent items. If there is no such sent message, then it is a stupid hoax from Nigeria.
 

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,577
#5
Mellow- the "From:" address is totally meaningless and is totally under the control of the Sender in the Return-Path. Nothing at all to be concerned about (this has been going on for YEARS, normally by wanna-be Blackhats that don't have the brains to code). Ignore it, Mellow!

My nickname in darknet is weston87
OH GOD!!!! the DARKNET!!!!!!! I'm SCARED!!!!!!

Too funny (and it should have read My nickname ON THE darknet is...).
 
Last edited:
Joined
Aug 28, 2018
Messages
178
#7
Can you send me a PM with the e-mail header? (Just scrub out your own/friends e-mail address by replacing it with <THISWASMYEMAIL> so I know).

I'll be able to tell you from the e-mail header if it is a hoax or not. The likelihood is that it is a hoax though. The e-mail looks like a hoax scam, and people who are really on the dark web doing illegal things have more important things to be doing like selling illegal drugs and stolen gift cards than trying to hoax people who are on the surface web (that is just how it is).

The chance of it not being a hoax is incredibly small. It is probably some moron in a poor country doing a mass-spam campaign to try and get people scared who will fall for it and pay the money.

Even if you check your Sent folder, it may still show up even if it is a hoax, there's a trick to spoofing that can cause services like Gmail to show the e-mail as having been sent from your own account, even though it wasn't.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,921
#10
Have you guys seen this before?
A user of mines got an email subject: "their email address" was hacked
The email shows their email address for To: and From: of email

My nickname in darknet is weston87.​
I'll begin by saying that I hacked this mailbox (please look on 'from' in your header) more than six months ago,​
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.​
Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer​
and automatically saved access for me.​
I have access to all your accounts, social networks, email, browsing history.​
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.​
I was most struck by the intimate content sites that you occasionally visit.​
You have a very wild imagination, I tell you!​
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.​
Oh my god! You are so funny and excited!​
I think that you do not want all your contacts to get these files, right?​
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.​
Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq​
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.​
Otherwise, these files and history of visiting sites will get all your contacts from your device.​
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!​
Since reading this letter you have 48 hours!​
After your reading this message, I'll receive an automatic notification that you have seen the letter.​
I hope I taught you a good lesson.​
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!​
Good luck!​
Don't interact with the person.

This is a bogus blackmail campaign. This type of stuff is well known. Like the others already said.
 
Joined
Aug 11, 2018
Messages
9
OS
Windows 10
Antivirus
Comodo
#13
I received Sextortion Email too a few days a go but it went straight to spam:emoji_v:
Sorry didn't see this response before I posted my last message but I expect that the Spam Filter would have picked it up. But I have no confidence in their spam filter which is has been an on and off issue (Sonicwall Anti-Spam) which I have tried to get them to move away from but hey it is what it is. I've had great success with the email laundry but would love to know how Comodo Anti-spam stacks up.
 
Joined
Oct 15, 2018
Messages
1
OS
Windows 10
Antivirus
Kaspersky
#17
I have received the same e-mail. When I checked the mail properties were:
Code:
...
X-Spam-Status: No, score=-66.2
X-Spam-Score: -661
...
Content analysis details:   (-66.2 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <[URL="http://www.spamcop.net/bl.shtml?105.112.80.98"]SpamCop.net - Blocking List ( bl.spamcop.net )[/URL]>]
  3.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                             [105.112.80.98 listed in zen.spamhaus.org]
  4.4 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
  3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
 -100 USER_IN_WHITELIST      From: address is in the user's white-list
  5.0 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 1.0000]
  1.0 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 1.0000]
  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                             [URL="https://senderscore.org/blacklistlookup/"]Blocklist Lookup | Sender Score | Return Path[/URL]
                             [105.112.80.98 listed in bl.score.senderscore.com]
  6.2 RCVD_IN_MSPIKE_L5      RBL: Very bad reputation (-5)
                             [105.112.80.98 listed in bl.mailspike.net]
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             [URL="http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block"]DnsBlocklists - Spamassassin Wiki[/URL]
                              for more information.
                             [URIs: islandbg.com]
  0.0 RCVD_IN_MSPIKE_BL      Mailspike blacklisted
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 FROM_IN_TO_AND_SUBJ    From address is in To and Subject
  1.5 MIMEOLE_DIRECT_TO_MX   MIMEOLE + direct-to-MX
  2.8 DOS_OUTLOOK_TO_MX      Delivered direct to MX with Outlook headers
X-Spam-Flag: NO
I have checked the IP address and it appears to be registered to Airtel-Nigeria. I think there is nothing to be scarred of. I was wondering do I need to change my password and how he sent an e-mail from my e-mail? And why the spam filter is adding -100 as a user in whitelist? Thanks
 
Last edited by a moderator:

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,645
OS
Windows 10
#18
I have received the same e-mail. When I checked the mail properties were:
Code:
...
X-Spam-Status: No, score=-66.2
X-Spam-Score: -661
...
Content analysis details:   (-66.2 points, 5.0 required)

  pts rule name              description
---- ---------------------- --------------------------------------------------
  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <[URL="http://www.spamcop.net/bl.shtml?105.112.80.98"]SpamCop.net - Blocking List ( bl.spamcop.net )[/URL]>]
  3.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                             [105.112.80.98 listed in zen.spamhaus.org]
  4.4 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
  3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
-100 USER_IN_WHITELIST      From: address is in the user's white-list
  5.0 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 1.0000]
  1.0 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 1.0000]
  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                             [URL="https://senderscore.org/blacklistlookup/"]Blocklist Lookup | Sender Score | Return Path[/URL]
                             [105.112.80.98 listed in bl.score.senderscore.com]
  6.2 RCVD_IN_MSPIKE_L5      RBL: Very bad reputation (-5)
                             [105.112.80.98 listed in bl.mailspike.net]
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             [URL="http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block"]DnsBlocklists - Spamassassin Wiki[/URL]
                              for more information.
                             [URIs: islandbg.com]
  0.0 RCVD_IN_MSPIKE_BL      Mailspike blacklisted
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 FROM_IN_TO_AND_SUBJ    From address is in To and Subject
  1.5 MIMEOLE_DIRECT_TO_MX   MIMEOLE + direct-to-MX
  2.8 DOS_OUTLOOK_TO_MX      Delivered direct to MX with Outlook headers
X-Spam-Flag: NO
I have checked the IP address and it appears to be registered to Airtel-Nigeria. I think there is nothing to be scarred of. I was wondering do I need to change my password and how he sent an e-mail from my e-mail? And why the spam filter is adding -100 as a user in whitelist? Thanks
Check your sent mail folder. The spammer claims he sent it from your account, right? See if he did.
I am almost sure you will not find it in your sent mail items. It's a total lie.