Finally! An Extortion Phishing Email That Is Worth Investigating!

I’ve been tracking these extortion phishing emails for some time now and I have another one for you. But this one is different. Let me start with the text of the email:

Good evening,
we don’t think that it’s wrong to pleasure yourself from time to time.
Certain things are just best kept private, if your relatives and friends are confronted by this it will be something to worry about.
Something any person would be totally embarrassed with.
And will be having serious affects to your personal life and wellbeing.
For a period of time we have been monitoring your computer trough a trojan virus that has been installed by yourself and has infected your computer.
You have been infected by clicking on an advert on one of our infected pornographic websites.
A trojan virus gives us access to your computer and any device that is connected to it, whether it is trough wifi or bluetooth.
We have been monitoring your screen and everything you have been doing, trough a live feed, without you being aware of this.
We also have control over your camera and microphone which we can switch on and off whenever we want.
Any information that has been interesting or relevant to us has been stored privately.
For example: contacts, social media,emails,etc.
We have recorded a video where you can be seen pleasing yourself, and we have added the video you was watching as an split screen footage.
With one press of a button I can forward this video to all your contacts, social media, etc.
If you want to prevent this from happening transfer the amount of  750$ to the following bitcoin address.
Bitcoin address: [Bitcoin address redacted]
Buying bitcoin is very easy and straightforward ( usually verification is needed) trough the following websites:
As soon as payment has been submitted your details and video footage will be deleted.
We will give you a timeframe of 5 days to make this payment.
Failing to do so will leave you with the consequences that you have been made aware of.
We don’t make mistakes.
Reporting this is useless, it is impossible to track this email address and these emails have been sent via an external server abroad.
These accounts have been hacked.
If you make the stupid choice to do report this or contact anybody about this message we will directly release your footage and forward it,
any other things we obtained that can possibly harm you will be used against you too.
We will get notified as soon as this email has been opened, from that moment the clock starts running.
You have 5 days exactly  not a minute longer.
With kind regards

So this email doesn’t offer up any proof like a password or anything of the sort that I’ve come across in some of the other scam emails. But I did note this:

Screen Shot 2018-10-30 at 9.54.46 PM

If you note, there’s a question mark at the bottom of the page. That’s where a graphic is supposed to go. Sometimes people who send out email will use a small graphic to determine if the email has hit your inbox or if you’re read it. You can read more about that technique here. Since it was an HTML email, I figured that I could view the source code behind the email as most email clients allow one to do that. When I did that, I found HTML code that was written to communicate to a server with the email address that the scam email was sent to. The domain of the server in question was called which was registered to a entity in India based on my Whois lookup:

domain:       PRESS

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India
contact:      administrative

name:         Manager

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India

phone:        +1.4154494774×8522

fax-no:       +91.2230797508

contact:      technical

name:         CTO

organisation: CentralNic

address:      35-39 Moorgate

address:      London EC2R 6AR

address:      United Kingdom

phone:        +44.2033880600

fax-no:       +44.2033880601


I am pretty sure that none of the information above is accurate or real. Though I would not be shocked if this scam ran out of India.

Even though it is incredibly unlikely that they have anything on you, I’m willing to bet that the scammers are using this method to allow them to send follow up emails to scare you into paying. Or they’re using this method to refine their mailing lists. So in the interest of science, I’m going to play along with it to see what happens next. They say bad things will happen to me in five days if I don’t pay up? Fine, I’m not going to pay these scumbags and see what they do. This should be fun. And way better than simply writing about stuff like the last seven extortion phishing scams that I told you about in the last few months.

UPDATE: Nothing bad happened to me. Thus proving that their threats are bogus.

3 Responses to “Finally! An Extortion Phishing Email That Is Worth Investigating!”

  1. […] I am waiting to see what happens with that last extortion phishing email that I got my hands on and decided to have some fun with, I have another one for your reading […]

  2. […] crafty and might fool a less sophisticated user. Other than that, it’s the same playbook as the last last ten extortion phishing scams that […]

  3. […] you can add this to the list of the last last eleven extortion phishing scams that I have […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: