Somewhere in my spam folder today, I noticed this pathetic email, containing my old and no longer valid Linked-In password:
I am aware {$Linked-In-Password$} one of your pass word. Lets get directly to the point. You do not know me and you are most likely wondering why you’re getting this mail? No one has compensated me to investigate about you.
In fact, I setup a malware on the xxx streaming (porn) site and guess what, you visited this website to have fun (you know what I mean). While you were viewing videos, your web browser started working as a RDP having a key logger which gave me access to your screen and also web cam. Just after that, my software gathered your entire contacts from your Messenger, social networks, as well as e-mail . Next I created a double video. 1st part shows the video you were viewing (you’ve got a fine taste hehe), and next part displays the recording of your webcam, and its you.
You get two solutions. We are going to read up on the solutions in details:
Very first choice is to dismiss this email. In this instance, I most certainly will send out your actual video to every bit of your personal contacts and then think concerning the awkwardness yo u will see. Furthermore should you be in a loving relationship, how it can affect?
Next option should be to pay me $1000. Lets think of it as a donation. Subsequently, I most certainly will straightaway remove your video. You will continue on your way of life like this never occurred and you will not hear back again from me.
You’ll make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).
BTC Address to send to: 1BCNWWTsFnQaFEJFqkAMotDCnvNKWkeRAm
[case sensitive so copy & paste it]If you are thinking of going to the law, anyway, this e mail cannot be traced back to me. I have covered my steps. I am not looking to charge you very much, I only want to be rewarded.
You have one day in order to make the payment. I have a special pixel in this mail, and at this moment I know that you have read this email message. If I don’t receive the BitCoins, I will definately send out your video to all of your contacts including close relatives, colleagues, and so forth. Nonetheless, if I receive the payment, I will erase the video right away. If you really want evidence, reply with Yeah then I definitely will send out your video to your 14 friends. It is a non:negotiable offer and thus please don’t waste mine time and yours by replying to this email.
Wow. Go fuck yourself.
Since I’m fairly certain Aaron129Smith@yahoo.jp is not a real person or that his/her account was composed, please don’t this person. Nevertheless, here remainder of the SMTP envelope, including IPs, and hosts:
Return-Path: <Aaron129Smith@yahoo.jp> X-Original-To: {$Linked-In-Email-Address$} Delivered-To: x9660346@pdx1-sub0-mail-mx36.dreamhost.com Received: from vade-backend14.dreamhost.com (fltr-in1.mail.dreamhost.com [66.33.205.212]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pdx1-sub0-mail-mx36.dreamhost.com (Postfix) with ESMTPS id 41CF080190 for <{$Linked-In-Email-Address$}>; Tue, 18 Sep 2018 11:06:43 -0700 (PDT) Received: from yahoo.jp (unknown [82.147.91.255]) by vade-backend14.dreamhost.com (Postfix) with SMTP id 9CF8E40000809 for <${Linked-In-Email-Address$}>; Tue, 18 Sep 2018 11:06:39 -0700 (PDT) Received: from mailout.endmonthnow.com ([127.161.127.116]) by relay.2yahoo.com with NNFMP; Tue, 18 Sep 2018 13:51:05 -0400 Received: from unknown (HELO group21.345mail.com) (Tue, 18 Sep 2018 13:48:29 -0400) by mts.locks.grgtween.net with SMTP; Tue, 18 Sep 2018 13:48:29 -0400 Message-ID: <B92BF1F4.A1EB90CA@yahoo.jp> Date: Tue, 18 Sep 2018 13:48:29 -0400 Reply-To: "Jay" <Aaron129Smith@yahoo.jp> From: "Jay" <Aaron129Smith@yahoo.jp> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 MIME-Version: 1.0 To: "{$Linked-In-Password$}" <{$Linked-In-Email-Address$}> Subject: {$Linked-In-Password$} Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: base64 X-VR-STATUS: SPAM X-VR-SCORE: 300 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtjedrkeeigdduudduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucfnuhgtihgvucdlfedttddmnecujfgurhepkfffrhfhfgggvffutgfgsehhsgfgtddtfeenucfhrhhomhepfdflrgihfdcuoeetrghrohhnuddvlefumhhithhhseihrghhohhordhjpheqnecukfhppeekvddrudegjedrledurddvheehnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopeihrghhohhordhjphdpihhnvghtpeekvddrudegjedrledurddvheehpdhrvghtuhhrnhdqphgrthhhpedflfgrhidfuceotegrrhhonhduvdelufhmihhthheshigrhhhoohdrjhhpqedpmhgrihhlfhhrohhmpeetrghrohhnuddvlefumhhithhhseihrghhohhordhjphdpnhhrtghpthhtohepjhgrhiesvhgvghhgihgvshhprghmrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
We have a Nassau County NY ISP, Belgium-based intermediate hosts, British English, and a massively CVE-encrusted Thunderbird. Meh.
A company like Linked-In would never use a simple SHA1 unsalted hash, never. Maybe it was a lucky random number generator guess.
Back to beer.