The IT Nerd

Frequent readers of this blog know that I have documented a couple of tech support scams in the past. For those who are not familiar with this scam, someone claiming to be from Microsoft or Apple, or perhaps an ISP claiming that your computer is broken in some way. They will then convince you to connect to them remotely so that they can control your computer and fix whatever problem they claim you have.While doing this, they will ask you for a credit card number at the very least, or at worst they will steal information off your computer so that they can commit some form of identity theft. And that doesn’t take into account the possibility that they will simply trash your computer in some way. Clearly these guys are scumbags and I truly feel that they are the lowest forms of life on Earth that need to be exterminated.

In any case, this past Monday I got an email from a 90 year old client of mine with cognitive issues who got one of these calls and completely got sucked into letting them connect to her computer and do their evil work. I dropped everything that I was doing and raced over there to see what damage was done after telling her to turn off the PC.

Upon arriving at her home, I interviewed her to find out what the sequence of events were. She apparently got a call from the scammers who were claiming to be from Microsoft and over the next half hour she fumbled her way to getting them connected to her computer. During that process the scammers got frustrated and abusive, which from my research isn’t a surprise as they want to get in, scam you and get out as quickly as possible. Then for the next hour they showed her all the “errors” that her computer. Then they made an appointment for the next day to fix all these “errors”. But due to her cognitive issues, she couldn’t give me many details. So I went about investigating her PC to see if I can figure out what they did.

I’m going to stop here for a moment and rant for a bit because scams like this makes me very, very angry. Because of her cognitive issues, she’s the perfect target for this sort of scam. I say that because according to her she has a “Microsoft” computer and from her perspective if someone from “Microsoft” calls her to help her, she should listen to them and do what they say. I’ll explain why that isn’t true in a bit. And because of her cognitive issues, I can’t get the usual amount of information for me to hunt down the scumbags behind this and expose them to the world. Which means that the people behind this one might have gotten away with this. The key word being might as I will do everything in my power to figure out who these scumbags are and expose them for what they are.

In any case, from what I can tell, they had the client download a piece of software called AnyDesk which is a commercially available piece of software that is typically used for remote access by IT help desks to help people in a company or for individuals to access a computer in their office from home. Using commercially available software is pretty typical behavior for these scammers as it adds some legitimacy to their scumbag activities and is not going to get flagged by antivirus software. I found a copy of AnyDesk in her download folder, and combined with some notes that she took and a Windows 7 (as she runs Windows 7) virtual machine, I was able to reverse engineer what they did to connect.

When you first run the application, you see this:

In the top left you will see a number which is 511 553 741. This is the code that the scammers use to connect to her computer from their copy of the software. I know this because on her notes, there was a set of numbers that I am guessing that she wrote down and then repeated to the scumbags.

The next box of interest is the “Set password unattended access…”. On her notes, I saw “can12345” which is not the most original password that I have seen. But this I assume that this is meant to set up her computer so that they can come into the computer, look around and steal stuff at will assuming the computer was on. I also noted that they had configured the program to take total control of the computer do anything they wanted. 

The final box of interest is the “Install AnyDesk” box. I am going to guess that once the scammers connected, they pressed this button so that AnyDesk would be live and connected to the Internet without requiring a user to do anything. To make sure that they couldn’t do anything on that front, I uninstalled AnyDesk. I also examined the computer in a variety of ways and found no evidence that they did anything else. No backdoors, no viruses, nothing. Though I am going to be doing a second look at the computer today to make sure that there’s no other issues lurking to cause trouble. But based on my initial look at her computer I think that they might have done some sort of “dog and pony show” to make her think that there were major problem with her computer and to suck her into letting them do more.

One that that really got my interest is that they did not ask for her credit card details or her banking info. This is strange as when I typically come across these scams, the scammers try to get these details up front. I can only see three possibilities for this: 

• They were going to get these details in their appointment that they scheduled for the next day. Which I told her to hang up on them when they called.
• They were looking for details for identity theft.
• Both of the above.

When I examine her computer again today, I will take a second look for evidence of any of this. I will post an update with what happens. But in the here and now, let me give you some advice in terms of avoiding being a victim of one of these scams. When I covered previous tech support scams that I investigated, I posted this advice which is still true today. But if you take away nothing else from this, remember that you will never, ever get a call from Apple, Google, or Microsoft to fix your computer. It will not happen. Thus if you get a call like this, hang up. That is guaranteed to make sure you are not a victim.

Expect a further update on this later today. As mentioned above, I am taking a second look to see if these scumbags did anything else, and I will be trying again to see if I can identify who they are so that I can name and shame them.

There’s a text scam involving the new Canada Emergency Response Benefit (CERB) that is meant to help Canadians who lose their job due to the COVID-19 pandemic that has turned our planet upside down. I first started to hear about it when the Canada Emergency Response Benefit was rolled out, but today this hit home for me as I got one of these scam messages. I took a screen shot of it for you:

I blanked out the URL that was included in the message. But when I clicked it, it took me to a site that asked me to pick my bank and asked me to enter my banking credentials. Clearly this is a phishing scam as no Canadian Government agency would ever ask you for any personal information in this manner. I did some research and I found that some versions of this scam also ask you for your SIN (Social Insurance Number) and your passport number. There’s even a variant that tries to install malware on your computer. That makes this scam highly dangerous. Thus if you get one of these messages, delete it and don’t click on the link and keep yourself safe.

Over the last few days, I have been getting one of those extortion phishing emails that I have written about in the past. In short it claims to know one of my passwords, and it claims to have embarrassing videos of me that were gained via a hack of my computer that will get sent to friends and family if I don’t pay the scammers in Bitcoin. In other words, it’s the usual scam that has been around for a while now. Here”s the email with some info changed to protect my privacy:

Subject: <My Name> <One of my Passwords>

Yοur ρasswοrd ιs <One of my Passwords>. Ι knοw a lοτ mοre thngs abοut yοu τhaη thατ.

How?

I ρlαced a malwαre oη τhe pοrη websiτe αηd guess what, yοu νisιted thιs web siτe το hανe fuη (you kηοw whaτ I meaη). While yοu were waτchιηg τhe νιdeο, your web browser αcted αs αη RDP (Remοte Deskτορ) αnd α keylogger, whιch ρroided me access tο yοur displαy screen αηd webcam. Rιght αfter τhατ, my sοfτware gathered αll yοur conτacτs from yοur Messenger, Faceboοk αccοunt, αηd email αccοuητ.

Whaτ exacτly did Ι dο?

I mαde a spliτ-screeη νιdeο. The fιrst ρart recοrded τhe νιdeo you were vιewiηg (yοu’e got αn exceρτional ταsτe haha), αnd τhe next parτ recorded yοur webcαm (Yeρ! t’s yοu \ dοiηg nαsτy τhings!).

What should you dο?

Well, Ι belιeνe, $2000 is α faιr prιce for our lιτtle secreτ. Yοu’ll maκe τhe paymeηt νιa βιτcoin τo the belοw αddress (if yοu dοη’τ know this, search “hοw το buy Βιtcοin” in Goοgle).

Βιtcoin Address:

REDACTED Bitcoin Address
(It is cAsE seηsiτινe, sο cοpy αηd ρaste ιt)

Ιmpοrτaητ:

You haνe 24 hours to mαke τhe paymenτ. (Ι hαve α uηique pιxel wιthiη thιs emαil message, aηd rιght now I know τhat yοu have read this emαιl). Ιf I don’t get τhe ρaymeηt, Ι wιll seηd your νιdeο το all of your cοnτacts, includiηg relaτιves, cowοrκers, aηd so forτh. Noηetheless, ιf I do get pαid, I wιll erase τhe video immediaτely. If you wαnt eνιdeηce, reρly wιτh “Yes!” αnd Ι will send your νιdeο recordιηg τo yοur fινe frieηds. This is α nοη-negotιable offer, so don’t wasτe my τιme and yοurs by reρlyiηg to this emαil.

<Alleged Name Of Hacker>

Now the email shows up in your inbox under multiple names with multiple email addresses and different bitcoin wallet addresses. And they may show up in your inbox four or five time a day. But the content is always the same. Including the weird letters in the text that you might have noticed. Now the password that they reference is likely to be one of your passwords. And they likely got it from a data breach that comprised email names, email addresses and passwords. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. But that’s all they know about you. The hope of the losers behind this scam is that this will be enough to get you to pay up.

The problem for the scammers is that this version of the extortion phishing scam will likely be ineffective.  I say that because they will literally spam you to the point that these emails will go straight to your junk filter after a while. By that I mean you may get five or six of these a day. With that sort of volume a corporate or ISP email filter will eventually catch on and filter these out. Or your email application may do the same thing, assuming that you don’t mark the first one that you get as junk, which means that every one of these emails after that one will just get tossed into your junk or spam email folder. The net result is that you’ll never see these emails. Thus making their scam ineffective. But if  you do see one or more of these emails pop up in your inbox, do yourself a favor and delete them. Something that I wish that I could do to the losers behind this scam and in the process make the world a better place.

Having said all of that, if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

Only about 1% of people who get an email like this pay up Thus these losers want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t fall for this. Never respond to an email like this. Never pay up. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are losers and don’t deserve your attention or more importantly your money.

It’s been a while since I have written about extortion phishing scams. But three new ones have appeared and one of them is potentially dangerous.

Let’s start with the dangerous one. The scumbags behind this one are now utilizing a new extortion email campaign that claims the recipient’s phone was hacked, includes a partial phone number of the recipient, and further states that they created videos using the recipient’s webcam. Here’s an example:

@It seems that, 14, *last two digits your phone-
\You may not know me and you are probably wondering why you are getting this e mail, right?-

!actually, I setup a malware on the adult vids (porno) web-site and guess what*
@you visited this site to have fun (you know what I mean).(
^While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop)(
&having a keylogger which gave me accessibility to your screen and web cam.*
@after that, my software program obtained all of your contacts, phone and email.\

_What did I do?(

!I backuped phone. All photo, video and contacts.+
!I created a double-screen video./
&1st part shows the video you were watching (you’ve got a good taste haha . . .)$
%and 2nd part shows the recording of your web cam.=

+exactly what should you do?/

#Well, in my opinion, 809$ is a fair price for our little secret.\
=You’ll make the payment by +Bitcoin% (if you do not know this$ search !how to buy bitcoin& in Google)._

-Bitcoin^ Address:

<BITCOIN ADDRESS REDACTED>

%(It is cAsE sensitive, so copy and paste it)*

%Important:
!You have 45 hours in order to make the payment.\
%(I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message)-
\If I do not get the !BitCoins+
%I will certainly send out your video recording to all of your contacts%
@Having said that, if I receive the payment, I’ll destroy the video immidiately._
)If you need evidence, reply with “Yes!*

-If I find that you have shared this message with someone else$
)the video will be immediately distributed.=

Now the person who got this email told me that the last two digits of his phone number were accurate. Thus he wondered if he had been hacked. But I can say that after examining his computer and phone, that he had not been hacked. But clearly this is a new method to convince the recipient that they have been hacked and it has replaced displaying a password to do the same thing.

The thing is, it’s really easy to get the last two digits of someone’s phone number. The most logical way that these scammers are getting these numbers is via it may password or account recovery functionality such as the one from Gmail or the one from Microsoft. There have been data leaks in the past that only contained partial phone numbers as well, But the bottom line is that you have not been hacked.

The second is aimed at companies. It’s pretty low level and not very sophisticated. Here’s a copy of what one of my clients got:

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We Hacked You Infrastructure.
We Caught Possible Communication.
We Backuped Available DATA And DOCUMENTS.
That you trusting our words, we send this mail to you with YOUR account.

After analyzing documents. We see your Illegal activity. HIDING TAXES.

That we do NEXT.
I want two (2) Bitcoin

if you don’t pay fees. To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

We want send this Documents and Proofs to your Tax Departament.
And in this time Your network will be DDoS.
Read that in this link
https://en.wikipedia.org/wiki/Denial-of-service_attack

This is our guarantee, that you don’t clean evidence and build a protection policy.

If you don’t pay by in 7 days, attack will start.
Yours service going down permanently and price to stop will increase to Four (4) BTC,
Price will go up one (1) BTC for every day of the attack.

This is not a joke.

Our attacks are extremely powerful – sometimes over 1 Tbps per second.
And we pass CloudFlare and others remote protections!
So, no cheap protection will help.

Prevent it all with just Two (2) BTC
To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

Pay strict sum. This is your identification. And we will know that its you.
AND YOU WILL NEVER AGAIN HEAR FROM US!

Bitcoin is anonymous, nobody will ever know
you cooperated.

Time started after open this mail.
To track the reading of a message and the actions in it, I use the facebook pixel.
Read that in this link
https://www.facebook.com/business/help/898185560232180?helpref=faq_content

There’s nothing here that is interesting. Such as passwords that the user has used, or a partial phone number like the previous scam. Thus this scam is purely trying to take advantage of the fact that a company might not have paid their taxes. And that they can track that you opened this email using Facebook Pixel. Which for the record when I examined the email it showed no evidence that Facebook Pixel was in use. #Fail. I seriously doubt that this will get this scammer anything.

Finally, there are new scams that utilize QR codes to direct you to their Bitcoin wallet so that you can pay them. The QR code has the amount that you have to pay as well which is kind of clever.

I took screenshots of the text that the recipient gets:

Below that is a QR Code that goes to a Bitcoin wallet . I am not reposting the QR code as I don’t want to give these scumbags any more time than I need to. Other than that, it’s the usual extortion phishing scam that we’ve seen for the last little while.

If you come across any of these scams, you know what to do. Simply delete them and move on with your life.

I was at a client location today when my iPhone rang. It was a 408 number which is out of  San Jose CA. Seeing as I have a number of companies that I deal with in that corner of the planet, I answered the phone but heard nothing on the other end. So I hung up. Ten seconds later the same number calls back. Again I answered it but again I heard nothing on the other end so I hung up. No further calls came.

Now I was tempted to phone them back. But then I remembered that I wrote about this scam which is called the “one ring” scam before and you can see that story here. But in short, the scam counts on you phoning the number back because you’ll then be billed a pile of money a minute. Now the last time I had heard of this scam, the calls were coming from the country codes of 235 (Chad), 232 (Somalia), 269 (Comoros), strangely 573 (A Missouri area code, but it is possible that it is country code 57 which is Colombia) and 267 (Botswana). So having a number coming from a US area code would be a new angle to this scam. Thus out of an abundance of caution, I reached out to my cellular provider which is TELUS with this:

Hello @TELUSsupport , I just got two calls from a 408 area code where there was silence on the phone when I answered. I hung up within 10 seconds but I think I might have been hit by a one ring scam. Can you help with this?

— The IT Nerd (@The_IT_Nerd) March 22, 2019

Their reply came within minutes:

Hey there. It's possible it could be a Wangiri scam. Important thing is to not call back numbers your don't recognize. For reference, 408 is an area code out of California.

— TELUS Support (@TELUSsupport) March 22, 2019

Here's more info on Wangiri: https://t.co/oseLvUlwxF

— TELUS Support (@TELUSsupport) March 22, 2019

Now this is a great response to my question. Not only did TELUS get back to me quickly and confirm that this was likely a Wangiri or One Ring scam. But they also provided me with a resource so that I could be educated on how to protect myself. Now that is top shelf service. Kudos to TELUS for that.

In any case, since I did not phone the number back, which means that I should be in the clear. But as a just in case thing I blocked the number. Though I strongly suspect that the number was spoofed which means that blocking the number may not make any difference as the spoofed number will likely change.

I’m going to keep a close eye on my next phone bill at the end of the month to ensure that nothing in terms of spurious charges makes it way on there. And I will be on guard for further attempts to execute this scam. You should be on guard as well as clearly the “one ring” scam is back. And to help to keep you safe, I will not only point to my original story on this, but to the write up by TELUS as both have tips to protect yourself.

You may recall that I have done a pair of stories a new extortion phishing scam that was brought to my attention. Now while the emails themselves are kind of lame. I decided to delve into them a bit more to figure out where they were coming from. One of the things that I did was look at the headers of the emails in question as they have all sorts of useful information. In the second one, I saw this:

Received: ⁨from mx.c.anonymousobserver.ga ([159.203.72.137]:56230) by [RECEIVING EMAIL SERVER REDACTED] with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <raguel-195@c.anonymousobserver.ga>) id 1glTYW-0005Bn-25 for nerd@theitnerd.ca; Mon, 21 Jan 2019 01:59:44 -0500⁩

Received: ⁨from [127.0.0.1] (mx.c.anonymousobserver.ga [127.0.0.1]) by mx.c.anonymousobserver.ga (Postfix) with ESMTP id 43jhwd5F8Lz502M for <nerd@theitnerd.ca>; Mon, 21 Jan 2019 06:49:04 +0000 (UTC)⁩

And in the first one, I saw this:

Received: ⁨from mx.d.anonymous-hacking.ga ([178.128.117.242]:39250) by [RECEIVING EMAIL SERVER REDACTED] with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <leon_287@d.anonymous-hacking.ga>) id 1gkLCk-00077y-5l for nerd@theitnerd.ca; Thu, 17 Jan 2019 22:52:28 -0500⁩

Received: ⁨from [127.0.0.1] (mx.d.anonymous-hacking.ga [127.0.0.1]) by mx.d.anonymous-hacking.ga (Postfix) with ESMTP id 43gmN72blHz4fXV for <nerd@theitnerd.ca>; Fri, 18 Jan 2019 03:17:42 +0000 (UTC)⁩

I bolded the most relevant parts of this which is the sending servers .They are different. But not as much as you would think. I then ran a whois command on both domains unsurprisingly, they came back very similar:

So Gabon is on the west coast of Central Africa. Located on the equator. But the key thing is that both domains appear to be registered to the “Agence Nationale des Infrastructures Numériques et des Fréquences” which according to this LinkedIn page (translated into English) does this:

The National Agency for Digital Infrastructures and Frequencies (ANINF), a government agency in Gabon, is an instrument that is part of the national strategy for digital development in Gabon.

The ANINF declines, through its sovereign missions, by the development of digital infrastructure throughout the national territory, the harmonious management of the frequency spectrum, the coherent development of e-Government applications, management and control resources related to IT, audiovisual and telecommunication investments in the Republic of Gabon.

That’s interesting. But I don’t see a government agency running an extortion phishing scam. Though anything is possible I suppose. But what this agency does serve up .ga domain names according to this page. So what I think is going on is someone is registering what are essentially “disposable” domains to run the scam. They then set up an email to send out these scam emails. That’s kind of crafty. Who’s doing this? I haven’t got a clue. But I figure that bringing this to light will make it more difficult for the whomever is behind it to try this again.

It seems that the person who sent me this extortion phishing email got a follow up to that. And it isn’t particularly creative. And like the last one a warning as some contents may be a bit graphic for some:

LAST WARNING [EMAIL ADDRESS REDACTED] !

You have the last chance to save your social life – I am not kidding!!

I give you the last 72 hours to make the payment before I send the video with your masturbation to all your friends and associates.

The last time you visited a erotic website with young Teens, you downloaded and installed the software I developed.

My program has turned on your camera and recorded your act of Masturbation and the video you were masturbating to.

My software also downloaded all your email contact lists and a list of your Facebook friends.

I have both the ‘[FILENAME REDACTED].mp4’ with your masturbatio and a file with all your contacts on my hard drive.

You are very perverted!

If you want me to delete both files and keep your secret, you must send me Bitcoin payment. I give you the last 72 hours.

If you don’t know how to send Bitcoins, visit Google.

Send 2000 USD to this Bitcoin address immediately:

[BITCOIN ADDRESS REDACTED]

(copy and paste)

1 BTC = 3470 USD right now, so send exactly 0.581065 BTC to the address above.

Do not try to cheat me!

As soon as you open this Email I will know you opened it.

This Bitcoin address is linked to you only, so I will know if you sent the correct amount.

When you pay in full, I will remove both files and deactivate my software.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.

Here are the payment details again:

Send 0.581065 BTC to this Bitcoin address:

—————————————-

[BITCOIN ADDRESS REDACTED]

—————————————-

You саn visit the police but nobody will help you.

I know what I am doing.

I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press.

If you do – I will send this ugly recording to everyone you know, including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined.

I am waiting for your Bitcoin payment.

Raguel

Anonymous Hacker

P.S. If you need more time to buy and send 0.581065 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid, but only when I really see you are struggling to buy bitcoin.

Now I know it’s the same slimeball or group of slimeballs behind this because both emails came from the same domain which is d.anonymous-hacking.ga. Except that the domain doesn’t exist. So that’s a lie. I’ll be doing some work to find out the real source of this today and post an update. The rest of this email is a near carbon copy of the last one. Except that it is signed as follows:

Raguel

Anonymous Hacker

If you post your name, how can you be anonymous? I get it is likely a fake name. But that seems pretty dumb as it affects the credibility of this email. Seeing as its not credible, it’s yet another scam email that you should delete should you receive it. Expect an update when I trace back where these slimeballs are from.

UPDATE: Another thing that I noted is that the the above email and the one that came before it have different Bitcoin addresses in them. So that makes the sentence “This Bitcoin address is linked to you only, so I will know if you sent the correct amount.” is another lie as you would think they would be the same. It also further highlights that this email is bogus.

UPDATE #2: Here is an update to this story with additional details.

A lot of the extortion phishing emails that people send me are well crafted. This isn’t one of them. Here we go with this latest one:

Dear Maureen Prigent

Now we аre reаllу clоsе-  ( uQH  ) frоm vps numero:3447
_____________________________________________________________

Wе will nоt laugh аt уоur weaknеsses. Rеаd this lettеr attеntivеlу. Mу сrew will not ruin уоur lifе if yоu go tо а dеаl with us.

You cаn find a lоt of vаrious rulеs аbоut seсuritу on thе intеrnet: using vpn , download aсtual аntivirus bаsе; hide web сameras with a adhesivе tаpe… In your оpinion it is nоt neсessary.

I cоunted morе than 900 victims that were infeсtеd bу my private сomputеr wоrm.

It was implеmented оn fаked sitе with flash plug-in. Usеrs instаlled everything and didnt surmise something bad, as you knоw this plug-in shоuld bе installed on all deviсеs tо plаy vidеo files.

Yоu wеrе not eхceptiоn and now alsо havе big prоblеms.

My built-in pаrser rеsponded tо уour requests for pоrn sites. Dirесtlу аftеr the plaу buttоn was pushеd thе maliсious sоft асtivаted thе wеb-cаmera to catсh yоu саressing yоur bоdy. Latеr mу virus sent the link of thе video thаt уou opеned оn yоur сomputer. With fоrmgrabber demolished historу and got аll passwords frоm yоur social mediа that werе visited sinсе lаst Monday. I mаdе а соpу of thе сontасt list of уour friеnds, cоllеgues and relаtivеs.

Lеt’s sum up the results: I got vid with уоu paying with уourself, contасt list with уour friends, соlleguеs and rеlativesаnd rеcord which yоu оpened on the cоmputеr.

You cаn help уоurself just send mе 500 unitеd stаtеs dоllars in btс сrуptоcurrenсy.
Pay hеre –

[BITCOIN ADDRESS REDACTED]

Think better: bе a star аmоng friends оr pау this little sum not tо lоse уоur hаbitual life.
Yоu cаn сomplаin cоps, but thеу саn not find us. I use bоt nеtwоrk, alsо we livе аbrоаd. IP in a heаder is nоt mine.
If уou hаvе sоme prоblеms write mе bаck.
Think twice.

I can’t even begin to describe how bad this is. Forget the grammar which is horrific and shambolic. The name that I left intact at the start of the email isn’t even the name of the person who sent me this email. There’s nothing here that would convince anyone one to pay up. Whomever came up with this email is really, really, stupid. At the end of the day, this is yet another scam email that you should delete should you receive it. And to those who wrote this email, I have a message for you. You suck.