Sunday, February 24, 2019

spoofer posing as hacker

Please note the following misleading scam message.  I am posting this, because I suspect others have received the same and this one is a bit insidious

If you're new to scams, please note that just because a person is apparently sending from your e-mail address does not mean that they have actually hacked your account.  They can be spoofing your e-mail address -- which they can do without hacking.

I know they did not hack my account, because this e-mail does not appear in my outbox.

I also know they have not hacked my account, because I have not watched any adult videos.

abarschall@falati.com <abarschall@falati.com>
To:abarschall@falati.comFeb 24 at 3:16 AM
This account is now hacked! Change the password immediately!
You might not heard about me and you are probably surprised for what reason you are reading this particular letter, right?
I am ahacker who openedyour email boxand all devicesa few months ago.
It will be a time wasting to attempt to contact me or seek for me, in fact it's not possible, considering that I directed you this message from YOUR account that I've hacked.
I've started malware software on the adult videos (porno) website and suppose that you have spent time on this site to have fun (you know what I want to say).
During you were watching these "great" vids, your internet browser started out functioning as a RDP (Remote Control) with a keylogger which granted me access to your monitor and network camera.
Then, my softaquiredall information.
You have entered passwords on the websites you visited, and I intercepted all of them.
Needless to say, you'll be able to change them, or perhaps already changed them.
Even so it does not matter, my program updates information regularly.
What actually did I do?
I got a reserve copy of the device. Of all files and contacts.
I got a dual-screen videofile. The first screen shows the video you had been observing (you have got an interesting taste, ha-ha...), and the 2nd part displays the video from your own camera.
What actually should you do?
Well, in my opinion, 1000 USD will be a realistic amount of money for our small secret. You'll make your deposit by bitcoins (if you do not understand this, try to find “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
15y9WjrC2pGKvrxZWugeHXZNv1nbDvbNzw
(It is cAsE sensitive, so copy and paste it).
Warning:
You will have only 48 hours to make the payment. (I have an exclusive pixel to this e-mail, and at this point I understand that you've read through this email).
To tracethe reading of a messageand the actionswithin it, I installeda Facebook pixel. Thanks to them. (Everything thatis appliedfor the authorities may helpus.)
If I do not get bitcoins, I will undoubtedly direct your video files to each of your contacts, including relatives, co-workers, etc?

Another thing that can be useful is to get the raw message header for the e-mail message -- if you're reporting the e-mail.  In Outook, you can look for "message details." In Yahoo!  they call it raw message. This was the raw message for this spoof.

message details


Received: from BYAPR03MB4038.namprd03.prod.outlook.com (2603:10b6:a03:12b::43)
 by BYAPR03MB4038.namprd03.prod.outlook.com with HTTPS via
 BYAPR07CA0102.NAMPRD07.PROD.OUTLOOK.COM; Sun, 24 Feb 2019 08:16:18 +0000
Received: from BN3PR03CA0077.namprd03.prod.outlook.com
 (2a01:111:e400:7a4d::37) by BYAPR03MB4038.namprd03.prod.outlook.com
 (2603:10b6:a03:77::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.18; Sun, 24 Feb
 2019 08:16:16 +0000
Received: from CO1NAM04FT010.eop-NAM04.prod.protection.outlook.com
 (2a01:111:f400:7e4d::207) by BN3PR03CA0077.outlook.office365.com
 (2a01:111:e400:7a4d::37) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15 via Frontend
 Transport; Sun, 24 Feb 2019 08:16:15 +0000
Authentication-Results: spf=pass (sender IP is 79.175.168.236)
 smtp.mailfrom=bale.ai; falati.com; dkim=none (message not signed)
 header.d=none;falati.com; dmarc=none action=none
 header.from=falati.com;compauth=none reason=904
Received-SPF: Pass (protection.outlook.com: domain of bale.ai designates
 79.175.168.236 as permitted sender) receiver=protection.outlook.com;
 client-ip=79.175.168.236; helo=mx10.elenoon.ir;
Received: from mx10.elenoon.ir (79.175.168.236) by
 CO1NAM04FT010.mail.protection.outlook.com (10.152.90.150) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1643.11 via Frontend Transport; Sun, 24 Feb 2019 08:16:14 +0000
Received: from [82-117-249-30.gpon.sta-BE.kh.velton.ua] (82-117-249-30.gpon.sta-BE.kh.velton.ua [82.117.249.30])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx10.elenoon.ir (Postfix) with ESMTPSA id 43ADC36B74ED
for <abarschall@falati.com>; Sun, 24 Feb 2019 06:28:55 +0330 (+0330)
DKIM-Filter: OpenDKIM Filter v2.11.0 mx10.elenoon.ir 43ADC36B74ED
X-Mailer: elenoon
To: <abarschall@falati.com>
X-CSA-Complaints: whitelistcomplaints@bale.ai
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="UTF-8"
From: <abarschall@falati.com>
List-Subscribe: <https://groups.google.com/a/bale.ai/group/ejfysohr/subscribe>
Date: Sun, 24 Feb 2019 03:58:54 +0100
Organization: Myvcuwiylhpz
Message-ID: <aleuiztlm0.m7yumkc325.44579915056537.5v9uy11n08.b0y6ku6t@bale.ai>
Feedback-ID: 67960:73155067:teokfl
X-Sender: support@bale.ai
Subject: abarschall
Return-Path: support@bale.ai
X-MS-Exchange-Organization-ExpirationStartTime: 24 Feb 2019 08:16:14.8979
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 e78597bb-abe0-467a-9fc6-08d69a30583c
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 2ad5341e-a921-4301-9476-68bd1646fbbd:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report:
 CIP:79.175.168.236;IPV:NLI;CTRY:IR;EFV:NLI;SFV:SPM;SFS:(10001)(3000300001)(286005)(189003)(199004)(2351001)(3480700005)(66574012)(23676004)(486006)(126002)(9686003)(356004)(476003)(6266002)(104016004)(86152003)(21004)(10001)(36916002)(5820100001)(45954011)(2160300002)(106466001)(46276001)(61020400011)(436003)(50226002)(50466002)(32166020)(956004)(575854001)(6916009)(76786011)(1096003)(42882007)(336012)(221733001)(62550400003);DIR:INB;SFP:;SCL:5;SRVR:BYAPR03MB4038;H:mx10.elenoon.ir;FPR:;SPF:Pass;LANG:en;PTR:mx10.elenoon.ir;MX:1;A:1;CAT:SPM;
MIME-Version: 1.0
X-MS-Exchange-Organization-AuthSource:
 CO1NAM04FT010.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e78597bb-abe0-467a-9fc6-08d69a30583c
X-Microsoft-Antispam:
 BCL:6;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600110)(711020)(4605104)(1401299)(1421009)(71702078);SRVR:BYAPR03MB4038;
X-MS-TrafficTypeDiagnostic: BYAPR03MB4038:|BYAPR03MB4038:
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics:
 1;BYAPR03MB4038;23:1p6v00UK8uYi+FT/+OFUrV8IZ1TwDfwSatKB7yEA64hABmsKHWyjM1twCbU/Yp1P4Kux2ArBq6X2DnxVJ24aTZ0ldEBYlFlcrB3eINmE4gVnA/dvUlli8f+asmFE5JmniB0Md+f5X7C+m7zIZD3a8FJ78LoxV/5N6pYWY8A4rA82KgJTF976hl4bSyJR8FzB0nsfLuotlW2vueD/9udkomKSt6blebgrh4XY6yY4iHwIHXyniDN0hs1bRVx07VKEN1fTAZ03j0VuecfnFG5Y0t2OLC1NzOdv+rPb9OABm28Xjnzsx/Q8jnVLfupLQqVh05wsbQFy+ehLN+RYOOUl15oysewz2AvdzcxEia0Psh6VUKwHjmWCktey8J1fPM8guXU8MeHZv1cfcOkztYHUf65Ng0CfYo9D1n7Qe2/DZTJEhXDnVimgO+jODIUe0t2c2FJXdGHGDg39rrTzUOi8b/AW8v3oSonKByTU0gEFeXdgrsy1QXhwyJbjlDnc55g7jtAoeQ0Uk5XToVab4rw5rdkYVbfLdaCtAhxA5Jny24O22dslmFYHwOW91TNYqHB7GJPUqPXO7AbQWAxD2zeh5rN2igSwST7xSsxb6avEEkDCEjeYrsrwOoiPocE71YTCTlzI7TO5S7R/Ex8it4zCevhnC03gdkRR9awATYbhQznMSpc06YF/rjDr7PbmyG72K4z/15gPc1A1Aigd2OmI7CnrPJuenNKWGXWN7zcSSbe8XGGU0prI20hayMmVk0sVOi8NLqyZc/cp8Yr+UKMVhDiSCjDS6embaHUoN2z3G/+pSN3O3uJ7x+HDNEj045npPf4guA0EqehfsnqXfWLUOFPEy/0rMpcZwvbTuDROAidilfGXRN+x9IJGLTsJZj5bTumqfqYwBZ6rt6GRno/rxA==
X-MS-Exchange-Inbox-Rules-Loop: abarschall@falati.com
X-Microsoft-Exchange-Diagnostics:
 1;BYAPR03MB4038;23:cKHCZySpV2z+DT8jhKOEkxyMYrQpJiNkNUvAqD7MFOWZmHZbgdfVW8mKIrTpj9MK4PlteluxEycGCpn7KdL8wJ9IgFINU99U2ZoKjL+LQ/uLGxJVuFs/U47ETTB4T3nc1HtAkXP5DmVVSeT/Y4hVSQ==
X-ExternalRecipientOutboundConnectors: 2ad5341e-a921-4301-9476-68bd1646fbbd
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2019 08:16:14.3875
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e78597bb-abe0-467a-9fc6-08d69a30583c
X-MS-Exchange-CrossTenant-Id: 2ad5341e-a921-4301-9476-68bd1646fbbd
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR03MB4038
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.9432020
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1643.000
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:1;ex:0;auth:0;dest:J;ENG:(20160513016)(750119)(520011016);
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?ib2A2lbO+GTg6vmWZsv1okHVXbVEJ43CJjzf6OWJk5qqUZ/WL2U/GMTrjG1x?=
 =?us-ascii?Q?qLV3LKNgTwP9IzzebTwjLNSNRAD48PXs/vd0lB7WLgeah9waoURpnKukE3DW?=
 =?us-ascii?Q?idf+pIOWb7cJzG+NfAuSFFyAiWyB7gMaPd/zo7tDI2OkRY15HQwQCHDJpmvZ?=
 =?us-ascii?Q?2rzujPc00WOmwoWcbHyE2z5eesvh9T7AZYSC2C4Tayxh8MlNs8wBb+S8EHpK?=
 =?us-ascii?Q?th8KeAJphKK3O7H90G1zkb0xUe36ofGibSfBs1qPdpsVj21Sao3vqkntNpIC?=
 =?us-ascii?Q?vOaFQbk5Ow1lCWadFD8NkYvWJQz40uHv7PKJIQBpkOU4R5oE3Mh5egXcDb69?=
 =?us-ascii?Q?jh26ul7djltztFVEG9tIQhLNJZIsjE/BJkw6Ha3cemOqHLPhUUV2IOqYNym4?=
 =?us-ascii?Q?+EhPscjNh0r4sFIguA1VncPqr6+7K3GKtK85YLqHgXM2VTIRAVt0772IfRxk?=
 =?us-ascii?Q?wxI9YyIQBvPHGin0ZG+j3p/yMKr74FbNxBKbbTcsqj527pLP6CYSpstmUMWC?=
 =?us-ascii?Q?4qOKTUgRdcaFh+pbqiBRQvf+mq409Mh8HvnkN8GinLlxQq9RfjDbUg/LU1gG?=
 =?us-ascii?Q?VgYdO6NeDz2lwK2QEs1f0XaaL6hjZ4x7NjvbVlZq0/J6BPTW1AuT9yBMQsBp?=
 =?us-ascii?Q?SFsABjVNH4f56Sd1QoL6CHx6fD86WddkLTGAR54tgu0NUEEWlj5SvJKRoG2h?=
 =?us-ascii?Q?/fzIbi64TOEVBbtZ7HNyQEXlcVz9r6uxSXJ7Pix2seKOjJT6N+Z1bJ9aO1UT?=
 =?us-ascii?Q?DVa4+NoVYtmg24Dmy9TSsr9RuTqceml5soe3XgwUaWeZPAySvifvCP5ChB3f?=
 =?us-ascii?Q?zdlzFzRKD3ULXuWIebqUXcgzCvVtpbrhTEr0PWrTVncSFIU3Wl/4AB3kYV84?=
 =?us-ascii?Q?R0V8TshRoJjxxa30Y8JXw96zKLD+hojo/1I4JOXjldksqAJm5+rnn5XAHLKW?=
 =?us-ascii?Q?IeEgeBse7IMs494lGvnJVHU7HskTihuUFKzGikiAs/iurqALDxzPHPr7w5/g?=
 =?us-ascii?Q?aVE1gATckqVHYA6zkRceMSd5KCRC+FVLv0/7jv2ZTCqESASI2s6mBf2t/DEp?=
 =?us-ascii?Q?GIQ8DzNDw/7mseatjHRz8nB/sUu49l1q6QQ7dAwzR3TUHd7V2FH1m+BYG4S3?=
 =?us-ascii?Q?aX2NJrRD5hMaodTlSx5s1xo3h57W/lLlOBfcV6di8skaDA1RDjDn8PYNOV8r?=
 =?us-ascii?Q?x9x5jgRgHEGsWlpXhdlH6nEXijRij4JpHTCvt4VlQULMqpm58sQP6hb7rPjF?=
 =?us-ascii?Q?gzOqBD87/JVtJ5VGRc0cQ4uQ7vvExh1k2fNzyb7OSUwHFHZboWGGdk1gaxlF?=
 =?us-ascii?Q?4QCvafWziIvrvsX1mGvS3r3eNDoSxW78pHwyTEadJgHU11+eHCdLaf6n2Hp/?=
 =?us-ascii?Q?O0ZACvTnRDJwQas94CKZV0OMOKY+aUmnaj7SOSLre9e5a00Zg/D5i/bYJOAR?=
 =?us-ascii?Q?KW61flJG/6vWpnR0SHn78lChNLJlr3lor8gF1Vvd0tipJcx1thGm6A=3D=3D?=

No comments:

Post a Comment