Web Analytics Made Easy -

Blog posts of '2018' 'October'

password (r9vrts4) for [email protected] is compromised

The following email is very common at the moment:

From: [email protected]
Sent: 22 October 2018 16:05
To: Recipient
Subject: password (r9vrts4) for [email protected] is compromised


I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [email protected] on moment of hack: r9vrts4

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the
Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my
program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $883 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is
not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My
virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.


This email is particularly annoying because it is not actually an email at att - just a telnet session being run against the email server pretending to be an email from your own mailbox. It is bypassing SPF and spoofing detection in some cases but it does not mean that any passwords have been hacked in any way or that they have compromised your computer in any way.

It is fairly obvious from the quality of the email that this is just an email  sent out en masse in order to try and recover a few bit coin payments. The IP address can be found to show the originating IP in the email header and it is changing constantly perhaps suggesting that this is an email fired out by smtp viruses on various computers around the web.

The best action to take is to ensure that your own email address is not in yoru whitelist so that anti-spoofing and SPF measures block this email rather than letting it through.

[email protected] Documents Received OneDrive Spam

[email protected] Documents Received OneDrive Spam

This email is an impersonation of Microsoft but has a homespun email address and so should be quite easily to spot.



From:                              Marissa Carnahan [[email protected]]

Sent:                               18 October 2018 17:49

To:                                   Recipient

Subject:                          [email protected] Document Received



recipient, Yοu have new dοcuments sent tο yοu via ΟneDriνe

Receive # Document  #Fοr PΟ (DF70508900)

(ReνiewDοcs (DF70508900)  

Τhank Yοu


They have apparently respelt OneDrive in order to avoid detection which seems odd as you wouldn't really think that 'OneDrive' would make even a component of rejection rules on any system, as anyone could be using it in conversation with anyone.
The way they reformat the address to add the email name in the sentence is effective though, although they have not thought to check if the email is firstname.surname and just added the pre '@' string instead.
Which has already been marked as deceptive by Google Chrome and unsafe by Microsoft Edge so there should not be too many successful cons from this one. :)
Netflix Spam: Update Account Payment Information

Netflix Spam: Update Account Payment Information

This email has been seen this week:





From:                                                       Netflix Team <[email protected]>

Sent:                                                         16 October 2018 01:59

To:                                                            Accounts Team

Subject:                                                   Update Account Payment Information






Please Update Your Payment Method

Dear Valued Netflix User

Sorry for the interruption, but we are having trouble authorizi ng your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information aga in or to use a different payment method.
When you have finished, we will try to verify your account agai n. To protect the information of our customers, our system has temporarily pla ced restrictions on your account until your information has been validated by our system.

You can validate your information by either clicking on the link above or b elow, this will only take a few minutes and your account functions will be fully restored.

If you have any questions, we are happy to help. Simply call us at 01800-91 7844.
-The Netflix Team


<![if !vml]>Rectangle: Rounded Corners: LOG ON <![endif]>



Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Ci rcle Los Gatos, CA 95032.
You can un-subscribe to security alerts by configuring your online account.
We are sending this email to provide support for your personal online Netfl ix account.

 The actual 'log on' link points to; https://www.neftlix.su/accountbilling/index.php which has already been marked as hazardous by Google and Microsoft so no great worries here. Do be careful that you do not wander onto this site with an older browser as they have amazingly been granted a netflix domain on another suffix. The screen looks relatively convincing:


Fake netflix.su screen


If you go to the site and ignore any warnings you get a standard looking netflix login that accepts any password:

fake netflix logon

and then provides you with manufactured proof that other users have accessed your account:

Fake netflix android usage


Whether you respond or not you are sent through to screens requesting your name, address and card details:


Netflix.su enter details


it appears to have no validation so you can just leave them rude messages.


Fake netflix.su thank-you page


All in all a good web page visually but the idea that you need to enter your name after logging back in is a weak link and you should never enter card details into a site unless you have trple-checked teh URL in the address bar.


Stay safe!