You Got Owned!

Scams
,
1

Scammer’s Website or Email: [email protected]; [email protected]; [email protected]
Additional information about this scam:

I received an email subjected “you got owned”. Here is the email:

Hello

I know your password!

I infected you with a malware (RAT)/(Remote Administration Tool), some time ago and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphone and you won’t even notice about it, yes such things exist, you can Google it!
I have also access to all your contacts, I collected everything private from you, pictures, videos, everything!

And I MADE A VIDEO SHOWING BOTH YOU (through your webcam) AND THE VIDEO YOU WERE WATCHING (on the screen) WHILE SATISFYING YOURSELF!

I can send this video to all your contacts (email, social network) and publish all your private stuff everywhere!

You can prevent me from doing this!
To stop me, transfer exactly: 400$ with the current bitcoin (BTC) price to my bitcoin address.

If you don’t know how to get bitcoin, Google - “How to buy Bitcoin”, it’s very simple for example with credit card. The wallet you can create here: https://www.blockchain.com

My bitcoin address is: 13d7dbBJdNCCBxYuodWmYgS2rAN45ToAdB

Copy and paste my address - it’s (CASE-sensitive).

You know this all isn’t a joke, you got the proof above!
I think it’s a very good price compared to the damage and hell it can bring into your life!

After receiving the payment, I will delete everything from you and you can life your live in peace like before. I give you 3 days to get the bitcoins!
Don’t share this email with anyone, this should stay our little secret!

And, here are the headers:
Received: from PH7PR19MB7754.namprd19.prod.outlook.com (2603:10b6:510:241::19)
by SJ0PR19MB4462.namprd19.prod.outlook.com with HTTPS; Sat, 27 May 2023
17:59:29 +0000
Received: from SJ0PR13CA0099.namprd13.prod.outlook.com (2603:10b6:a03:2c5::14)
by PH7PR19MB7754.namprd19.prod.outlook.com (2603:10b6:510:241::19) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.13; Sat, 27 May
2023 17:59:28 +0000
Received: from DM3NAM02FT024.eop-nam02.prod.protection.outlook.com
(2603:10b6:a03:2c5:cafe::a3) by SJ0PR13CA0099.outlook.office365.com
(2603:10b6:a03:2c5::14) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.15 via Frontend
Transport; Sat, 27 May 2023 17:59:28 +0000
Authentication-Results: spf=pass (sender IP is 167.89.82.233)
smtp.mailfrom=e.notification.intuit.com; dkim=pass (signature was verified)
header.d=notification.intuit.com;dmarc=pass action=none
header.from=notification.intuit.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
e.notification.intuit.com designates 167.89.82.233 as permitted sender)
receiver=protection.outlook.com; client-ip=167.89.82.233;
helo=o3.e.notification.intuit.com; pr=C
Received: from o3.e.notification.intuit.com (167.89.82.233) by
DM3NAM02FT024.mail.protection.outlook.com (10.13.5.128) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6455.13 via Frontend Transport; Sat, 27 May 2023 17:59:27 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:AAD4DE73BF017B7126037D6FB273CEBB761A3C42DA5CFC2CFA26D849B9ED11F0;UpperCasedChecksum:CDAE52F1282B7B047DB39BD30790281B63E0006ECA663648C16A974CEBEF803F;SizeAsReceived:2453;Count:14
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=notification.intuit.com;
h=content-type:from:mime-version:subject:reply-to:to:cc:content-type:
from:subject:to;
s=s1; bh=w15jLhY5nhKnOEH/RPZyKvq0SaUNXma5FWSms1t2rkk=;
b=2/MtNo3poy5itBQnOVq0xQF+UKB00Q5wt98jdY0Ozv9IBsN2ZOfL0U0SF8yVDJcRzeRZ
j6ktqc37GXgtYOutYyPVX/JZpOK6IV4hBgMiXQ5w1pLq/oncvYQbri7QvEFL+p8UAu15Nf
c/mW/5Sy2DT5OBoy6BQMF/WJ6iQwlIuB53k3OP5ijUt7WWtZO1IHpHfJD7Wb/tLS/R/CqY
N6KKudXU9ljoqogIQuUULIDAes5svdMfVQA26Wh0LV8AcVlLJs3hKyiBu1jSsEGwgjVioX
853Bgyr3ylrc8RHo/tdo09shBfnzWXbB9nhxuookeIkH7kJj+dTCOaRxlp3ypSSg==
Received: by filterdrecv-8686869bcf-67rrw with SMTP id filterdrecv-8686869bcf-67rrw-1-647244FE-45
2023-05-27 17:59:26.718102421 +0000 UTC m=+1448381.838164674
Received: from MjMyNzEzNQ (unknown)
by geopod-ismtpd-1 (SG) with HTTP
id F_-FWBgHTuCJmTMCXa82xA
Sat, 27 May 2023 17:59:26.658 +0000 (UTC)
Content-Type: multipart/alternative; boundary=84cb72fc0cd018bf89de171a1c05ecb4e1b874644afbb122e96651fc0def
Date: Sat, 27 May 2023 17:59:27 +0000 (UTC)
From: Got You [email protected]
Mime-Version: 1.0
Subject: You got Owned
Message-ID: F_-FWBgHTuCJmTMCXa82xA@geopod-ismtpd-1
Reply-To: [email protected]
X-SG-EID:
=?us-ascii?Q?dzmrTOWck=2FfN4dWecmW2fSIQu=2Fzzh+0BnvdsSS5WqhenfcKIL+7A85I1t6cDhi?=
=?us-ascii?Q?oQYsPDdlMJ=2FZ6fBxXqFYB=2F4O9LIm+=2FnoOzYzdZb?=
=?us-ascii?Q?qZxZ1ngb=2FZ4M=2FLHwK+5Vh0=2FBOgNQrTbom8e+UvQ?=
=?us-ascii?Q?p0HF63wz+=2F02uiZ5R=2FpyuAt0y5WQQhZxfrepYcI?=
=?us-ascii?Q?sBqRWUY58AJlUW2l8i1IDlPt1wmYimKwCxQ6MZ9?=
=?us-ascii?Q?xGTD8r76w=2Fy2+ZZFnPd2lOYBEN0cSIuJjGWJkpJ?=
=?us-ascii?Q?sBbIHB1utt0w7=2FD0dDJzg=3D=3D?=
X-SG-ID:
=?us-ascii?Q?N2C25iY2uzGMFz6rgvQsbxbatT1fJaR1PNCPmDs9oL6dknz6e8RjiKkqZzgDqf?=
=?us-ascii?Q?9teIt3U2swEzxixnBN6KICRQT8eziAWwydRx9G4?=
=?us-ascii?Q?vAvl5PMtD1EDuZNGrfRA8QKrZtHGk8stn7d+aPp?=
=?us-ascii?Q?HtwGuBPHKMeGNJ9BENBC8BSvsdyQpRB5g2+9Cof?=
=?us-ascii?Q?gVo9cHCe+n0otuCavRj+R9oSCfU8AULRWB++Qkj?=
=?us-ascii?Q?AT7tElVofgjNB9CBXCyyiubrOclNcgqfA96Tlye?=
=?us-ascii?Q?MsOcAPZBuLSPTnXPRfi8LnNP4Llvrl55AlnBW2t?=
=?us-ascii?Q?14PRuDfAf94WYDDFRGYzYwamrR=2FnQ0S0rMHTP7J?=
=?us-ascii?Q?r7BuV32N3j1sJB1sBf=2F2JsHWfOtbqAaG5t3crjD?=
=?us-ascii?Q?cSpy5OC5QFPw0fFvCfMMOKSjazZoRYSp22TgQK3?=
=?us-ascii?Q?LkR0M1vqzIuGyayM4BRjMXQO6icfwi=2FioFspzOr?=
=?us-ascii?Q?yB+xDvLaYu1TbIbtiw=3D=3D?=
To: [email protected]
X-Entity-ID: PCsN710Gd7GHG8NiCkjC1w==
X-IncomingHeaderCount: 14
Return-Path:
bounces+2327135-4270-ashscottf=hotmail.com@e.notification.intuit.com
X-MS-Exchange-Organization-ExpirationStartTime: 27 May 2023 17:59:28.0658
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
deb2420f-2882-4e4c-0c6d-08db5edc1d50
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
DM3NAM02FT024:EE_|PH7PR19MB7754:EE_|SJ0PR19MB4462:EE_
X-MS-Exchange-Organization-AuthSource:
DM3NAM02FT024.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 5/27/2023 4:05:05 PM
X-MS-Office365-Filtering-Correlation-Id: deb2420f-2882-4e4c-0c6d-08db5edc1d50
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 167.89.82.233
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 2
X-Microsoft-Antispam: BCL:5;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 May 2023 17:59:27.9721
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: deb2420f-2882-4e4c-0c6d-08db5edc1d50
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
DM3NAM02FT024.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR19MB7754
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.6408221
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6455.008
X-Message-Info:
qZelhIiYnPmf+P4f3icXxt6lvcz73wmohNTP4+IDWHeP5weqrRuYnu6hW+Q8/qfjYmqLwW6SySi7yBhUQPyEK17zCQ8m874mQhTJXQw6oxjkVXtpwklWuIri7yTPF/uZX0bBemIDUU4sYGmCW1bIfJlV7LdXHMjs9MG8y/OepjSpT9zQIRq05Xf8rbnfJu65lxHjw6dHWfN9HamsjHp8cg==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000305)(90000117)(90005022)(91005020)(91035115)(9050020)(9100338)(944500132)(4810010)(4910033)(8820095)(9910022)(9545005)(10170022)(9320005);
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?ZD+Jz1lM5BUDbtwbtm6spNsvRcuxO7nF2cpQDxz3Ne1KuxUUnb016JYX65yA?=
=?us-ascii?Q?RrLzyBKguqjYF073amro5YCwBOIUFg5OfiQVX4Hs1EpO4M6t3wkQ1bBEU7Dh?=
=?us-ascii?Q?84cdcGjSirYn2BWg6OrTlprtKhHQJWtZtkymDlMIDTRNjlcM6bI1isaFE5EV?=
=?us-ascii?Q?lspBGd7i4U9HvTBdvqCV9lF3l4KGjkkcqB2QyyqeRngG0tftmUxyIAuc7hnT?=
=?us-ascii?Q?/dJS8MESmpRLZsRlZ2szZ7csic+v9Ub9ooooCXT8bxAi9u+Iwuy1ddtrHHiD?=
=?us-ascii?Q?hl589xrTNSy4ttZqSzckxnwTU4jX0Qxm/ASSum6VUMWtvT7TyGlpw8cwP8Ed?=
=?us-ascii?Q?47VWUtgSlQ3C6FCIMj6WJcZnUxl5tLI6AuEA+sZbz6YE//skih6MSrNtrkHZ?=
=?us-ascii?Q?uXjQMa2BUv4DwOldHKl/U4uwHKftlxF5jTTBVmcG7d5tuELpeVW6PHdPf+bU?=
=?us-ascii?Q?kZiJGPUVmHRXGKrFwyCzOkXmhi0vjnj7RJbNmj6jb3hg9k/q9ynMmntTaJ/N?=
=?us-ascii?Q?bxmRUKMbFLIxewtb/X42gGuzLoMnkX88x6by0m2R2R0J6YPthkisJnENzqaG?=
=?us-ascii?Q?zU25rwTvvevRpif5hIUo0PFZJ3kSHgf0YLTvypNKghv5gGzUYLegWm57Po3d?=
=?us-ascii?Q?D4ChjkqF53NmdJAUBxWIhsJL0VnhmgCSKJ4L/J+2rcIZikI5scg1znWXQHFe?=
=?us-ascii?Q?NUFYuLCKxY5EMzC20mEILeMaTibG5wETtpmY/HWXMZ08sLU88PW8eNKMG1Wf?=
=?us-ascii?Q?ubqiHDI+WWtlc5mpLLf/kJAP1ixqNcV8jM67zcUoo7vV4Laf86enSp3dtrPL?=
=?us-ascii?Q?P00/f0yLpE+mFjYEAgpdo7YM3cxXxab3ReRI4oAzBRbdDQVgVIR3XFxlxVL4?=
=?us-ascii?Q?C0T8XakLLDn+hKhVbbL2QOYsbL08e7Nd1QdbCMDut3o27zcoVUbyCCilGuL3?=
=?us-ascii?Q?CZf+Z4nOJHZrjC567xYlX7mEC8GziBHyCKSLBSRQSRX/78b+gxFtI2dY9hiv?=
=?us-ascii?Q?8/9YgVq7UlbECoZ9ZrBDIRyt+/v241zZ1A6uoocsWE3D9pI4yYDJUa67fqJD?=
=?us-ascii?Q?VPnPw8w8p+cO9ExqfpdZfSn0mkfB1LZHRu7tif+05x8VSOPNjdpmDvCScI+x?=
=?us-ascii?Q?CKEpcqDukhxaRihqfXrkRVGwajgGAerl0IOpsTnmVmKFp1EeC68lSYKkLyfe?=
=?us-ascii?Q?8Fho9STlYco4sCcVJT47LNhGQThxZPAOZNJm8owB/qA4Rm+sYUE9u+torwpO?=
=?us-ascii?Q?aUO5q2MdbVKy858IxyyibfnweBcb3LdaNDnl4qFPR7Oen0kVv2F+PrYkW0zc?=
=?us-ascii?Q?slhlieV+I3uL51TgMHuG+9IJAy5FHh0m860j4ZJDKyoBn2HjHG+D/0jD+HHq?=
=?us-ascii?Q?nZMBvj2Lgj99gjoHGU0R4RvVWX1WnwaQnI29ugOSZLXwccfh5hAf6Nm3HALf?=
=?us-ascii?Q?P3RKhzC/wQ8qIxE7cJ4UBsgheyBTwxhS8T0r0jcr2faOtT2J1cHO4WQ91d4F?=
=?us-ascii?Q?6Wx1zGGxhmEU4PVapMeyE0I8bLN2d7Woa2pRT6Xk6mxFg9OfxtWSXMUA3BtI?=
=?us-ascii?Q?ABs2rWY1GBaxrRkDHTK8yMb2IJOzwCIGJPIYsOljV5883f/1v4JSmtukg9TK?=
=?us-ascii?Q?3uq7mltceyndgxamcXbZF0Pcw31Nu33JLnFEbZcqcNhP?=

I am sort of confused as to why they chose to spoof [email protected], and they did not spoof the Coinbase email address, but just made their own website and then added “Coinbase” as the “username”. I think it’s sort of “cute” that they ask the victim to “keep this out little secret” OMG…. Either way, I sort of just chuckled at this whole email because of its god awful grammar, and the fact that they assume I have a webcam plugged into my computer… which I don’t. But as the email said, I am going to “life my best live” LOL :joy:!!! But, unfortunately, when you lookup the balance of this bitcoin address, it adds up to 0.21628417 BTC, or (as of right now) Freaking almost $6,000! That’s around 15 unfortunate victims that sent money to these scum bags!

1 Like