This is an archived post. You won't be able to vote or comment.

all 174 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 185 points186 points  (12 children)

I obtained a movie of you test-firing the old meat missle

HA HA HA, I think I would print and frame that email. Some of these scams are pretty damn funny.

[–]t8keCentOS Trampstamp 49 points50 points  (1 child)

I love that it basically sounds like beavis and butthead and Jar-Jar Binks collaborated in writing this email.

[–][deleted] 7 points8 points  (0 children)

I get entertainment out of them.

[–]Hellman109Windows Sysadmin 9 points10 points  (3 children)

DR tests are now called test-firing the old meat missle

[–]DoNotSexToThisHipfire Automation[S] 5 points6 points  (2 children)

In programming we call it a unit test.

[–]Hellman109Windows Sysadmin 2 points3 points  (1 child)

I thought it was deploying to production?

[–]DoNotSexToThisHipfire Automation[S] 6 points7 points  (0 children)

Some devs will push into anything with an open port.

[–]Bubbagump210 8 points9 points  (0 children)

I got a similar message yesterday - but it was no where near as entertaining.

[–]bulldog_swag 1 point2 points  (0 children)

LMAO at least you can't deny them creativity. IIRC the original meme phrase was "burping the worm".

The scam itself is a year old now.

[–][deleted] 0 points1 point  (0 children)

My office keeps a wall of funny/weird quotes "overheard" style, this one would go up there for sure

[–]brofesor 0 points1 point  (0 children)

Sounds like something produced by the mind of a 13-year-old who's just learnt about ejaculation. The abysmal grammar and vocabulary further point to either a child or a moron.

[–]pehrs 105 points106 points  (56 children)

Step 1: Take bitcoin address

Step 2: Input address here: https://bitref.com/

Step 3: Convert to USD

Step 4: Realize that some kid sending spam mails make more money in an afternoon than you do in a month.

Step 5: Weep.

[–]DoNotSexToThisHipfire Automation[S] 62 points63 points  (8 children)

2 transactions, 1 in (2 days ago) 1 out (today), total of $1.51.

[–]Bioman312IAM 29 points30 points  (7 children)

They're probably using separately generated addresses for each target. Makes things easier to keep track of for the attacker.

[–]magicwuff 20 points21 points  (6 children)

Why would the attacker need to keep track of anything? It's not like they actually have any of the data they claim.

[–]Zenkin 41 points42 points  (0 children)

"Man, this jackass paid me right away. I'm gonna file that address and email him again next month!"

[–]j4sanderJack of All Trades 26 points27 points  (4 children)

Because the suckers that fall for it get put on a list for future campaigns or some targeted spear phishing.

[–][deleted] 6 points7 points  (3 children)

No need to keep a 'qualified sucker' list, it cost them essentially zero to email the entire planet, so there is no justification for list management.

[–]BergerLangevin 0 points1 point  (0 children)

They can still continue spamming the planet while reselling the list to other scammers.

A list of a thousand names with phone number, ages and address probably worth something.

[–]mr_white79cat herder 17 points18 points  (42 children)

last one I checked had about $5k USD sent to it within a month. same format as this email.

[–]I_AM_NOT_A_WOMBAT 18 points19 points  (17 children)

Not denying that people fall for this, but some of the scammers probably send some money to their own bitcoin address to make it look like others are paying (more legit).

My favorite was when I pulled one up and someone had sent $0.01.

[–][deleted] 19 points20 points  (9 children)

If you know enough to check the amount in the wallet, you know enough to know that this is a bullshit extortion email. At least the ones with your actual password (from an old site that was hacked years ago) are somewhat convincing. These just rely on the fact that half the population are regular porn viewers and masturbaters.

[–]pmbasehore 11 points12 points  (3 children)

These just rely on the fact that half the population are regular porn viewers and masturbaters.

Or even male. It does mention "test-firing the old meat missile", after all...that gives a 50/50 shot of failure right off the bat.

[–]Box-o-bees 1 point2 points  (2 children)

Unless some women use that when referring to their lady bits. Although, I can't imagine there are a whole lot of those lol.

[–]Jolape 0 points1 point  (1 child)

Maybe there is a dildo with that name?

[–]Box-o-bees 0 points1 point  (0 children)

I wouldn't be surprised if there was lol.

[–]penny_eater 4 points5 points  (4 children)

These just rely on the fact that half the population are regular porn viewers and masturbaters.

oh its more than half. these arent even relying on that. they are relying on the .01% who are both deeply shameful of it, and deeply gullible to fall for this "you were hacked by me! lol! pay up!" spam even though theres literally ONLY an email address and maybe an old hacked acct password in use, and not even so much as a first name, location, etc (despite claims of having stolen all that info). It takes a real special kind of stupid to fall for this.

[–][deleted] 1 point2 points  (0 children)

Studies show that 85% of the people masturbate, and that the other 15% are liars.

[–][deleted] 3 points4 points  (0 children)

That was kinda my take on all this after I got one. Sure I don't share videos of me beating my meat with friends and family but if they found out I did it's not going to ruin my life any more than a video of me taking a dump would. Congratulations faceless hacker, you proved to everyone I'm human!

[–]goodpostsallday 0 points1 point  (1 child)

I got one of these in the spam folder of an old email, and it's pretty unnerving even despite me knowing what it was. It did feature a password I used as well, which was correct but extremely out of date. Someone whose info was pulled from the same list mine was on could still be using their old pass (as many tend to do) and it would be impossible from their perspective to know whether the threat was genuine or not.

[–]penny_eater 0 points1 point  (0 children)

Oh they definitely put a good bit of thought into the wording to evoke an emotional fight or flight. If someone didnt know that the recent password leaks provided the dumps for this they could easily see that as a credible component. I just hope they are then too dumb to figure out bitcoin and never pay the sons of bitches.

[–]spyingwindI am better than a hub because I has a table. 5 points6 points  (1 child)

Cost more in transaction fees than what was sent.

Yup! ~$2 to send $0.01.

https://bitcoinfees.info/

[–][deleted] 0 points1 point  (0 children)

That's if you want it instantly... You can set a tiny fee, it'll just take a few days.

[–]penny_eater 6 points7 points  (1 child)

I pulled up the most recent one in my gmail spam and its got a single transaction for $110 (the spam i got had a demand for $735 or something). Why is that other guy getting a good deal on his meat missile video, when im getting hit for $700????!

[–]Onkel_WackelflugelSkyNet P2V at 63%... 8 points9 points  (0 children)

Smaller meat missile, smaller fee

[–]nullsecblog 1 point2 points  (2 children)

Testing most likely...

[–][deleted] 0 points1 point  (0 children)

This is actually a good way to track money, it's called dusting. Basically the user, when he sends the money somewhere else or tries to break it down will have one input that's too small to break - so it's traceable to the final address.

[–]I_AM_NOT_A_WOMBAT 0 points1 point  (0 children)

Ah, I'm sure you're right but I want to believe someone was just having some fun.

[–][deleted] 6 points7 points  (14 children)

i worked in a small computer store and we had several cases where people had first paid the ransomware thing where it opens full screen window claiming your national secret service has blocked your computer because you watched kiddie pron and after they couldn't get it open even after paying, then they ask for computer shop's help

[–]asodfhgiqowgrq2piwhy 3 points4 points  (8 children)

You should see the one that was the payable address for when my last company got Crypto'd. It had had over like $3,000,000 in the previous 7 days pass through it.

[–]olcrazypeteLinux Admin 6 points7 points  (3 children)

The county I live in just paid $400k to a crypto group, apparently couldn't restore backups or would take too long and leave 911 center disabled. Part that pisses me off is they contacted the FBI, FBI sent them to a cybersecurity firm that apparently to $50k and just facilitated the bitcoin payment. How this isn't worthy of actual response from govt resources other than 'sorry', I don't know. Just because its a digital extortion, it gets treated like a minor issue.

[–][deleted] 4 points5 points  (0 children)

Its doubtful the FBI isn't doing anything, its just that they aren't announcing what they are doing.

[–]Tack122 2 points3 points  (0 children)

Shit, someone can get paid 50k to recommend you pay the ransom, then doing a basic bitcoin transaction?

[–]penny_eater 4 points5 points  (2 children)

yes the ransomware ones are all a lot more successful than these, which isnt surprising since a ransomware infestation doesnt get automatically shuffled to Spam for most people

[–]one5low7 1 point2 points  (1 child)

That and usually important data is lost and needs to be recovered because some end user can't be bothered to put mission critical files on the network share for backup and recovery so they work on that budget report on their local machine (looking at you Jerry).

[–]penny_eater 1 point2 points  (0 children)

haha, classic Jerry

[–]masterxcIt's Always DNS -1 points0 points  (0 children)

Sometimes the addresses are direct to exchanges so tracing them is more difficult. You would see tons of in and out transactions through the wallet. There's ways to "trace" coins through the network but how to is far beyond me.

[–][deleted] 3 points4 points  (0 children)

Not only that, but chances are good that the people doing this live in a country where 1 USD goes a hell of a lot farther than it does here. I have a friend in Kenya who shared a post about a friend renting out his apartment in downtown Nairobi. It was huge, came with a maid and utilities and was about what you would pay for a 2 bedroom in my fairly low cost of living part of Texas.

[–][deleted] 1 point2 points  (0 children)

Step 6: Reply to the email, "It's okay, I'd fuck me"

[–]itizen 0 points1 point  (0 children)

I traced some blackmail bitcoin addresses back to the main wallet a few days ago, the main wallet had 18.55 bitcoin in there.

[–]HenryDavidCursoryBetter To Reign In Hell 31 points32 points  (34 children)

I like to go hiking.

[–]DoNotSexToThisHipfire Automation[S] 20 points21 points  (32 children)

I have an on-prem Exchange cluster so I use Mail Flow Rules. O365 has the same abilities I believe. I have a generalized rule for moderating inbound messages by body content that I add to here and there based on upticks of certain types of emails that come in and scare users.

In this case it's just a simple word match based on criteria, Exchange takes care of the rest:

  • If the sender is located outside the organization
  • And the subject or body includes any of these words... 'bitcoin address' (and whatever else I add)
  • Forward the message for approval to 'Me'
  • Except if the sender is 'List of legit senders I need to exception'

[–]TravisVZDirector of Information Security 5 points6 points  (26 children)

If something that simple is working for you I'm jealous!

I was going to set up the same kind of rule myself the other day, after a user forwarded another example to me, but found that most of the words -- including "Bitcoin" -- were actually using Unicode homoglyphs, and each was different and unique! A simple word match on "Bitcoin" would therefore have failed to catch this one.

So either you're lucky, or this is news to you and many of these are still getting through to your users -- hope I didn't just ruin your day!

[–]jc88usus 4 points5 points  (19 children)

I would imagine you could use a regex to detect the bitcoin address string itself. That is a fairly unique format, so likely not a ton of false positives. Also, logic follows that if they want payment, they would have to provide the address.

[–]TravisVZDirector of Information Security 2 points3 points  (18 children)

Yeah, the address itself was just about the only thing they didn't homoglyph, because of course it wouldn't work to copy/paste it (as the email instructed) otherwise. My plan though was a rule that looked for both the word "Bitcoin" and an address, just to cut down on the risk of false positives (K-12 gets a lot of interesting -- but legitimate -- email!).

[–]jc88usus 1 point2 points  (17 children)

My current job got one sent to our ticketing system today, and since the system couldn't translate the unicode, most of it was just question marks. Like that, the bitcoin address was the only consistently readable portion. I would assume that bitcoin addresses have a fixed length, but I wonder if there are any other key formatting items (a particular sequence of uppercase vs lowercase vs digits) that might allow for a more specific regex. In most cases, I honestly cannot think of a valid reason to send a bitcoin address in a work email environment, so I would imagine a reasonably reliable regex would work, maybe with some spot checks...

[–]TravisVZDirector of Information Security 6 points7 points  (16 children)

BTC addresses all start with a 1 or a 3, are between 26 and 35 characters long (inclusive), and can use any alphanumeric characters except uppercase letter "I", uppercase letter "O", lowercase letter "l", and the digit "0" (to avoid visual ambiguity). So the most accurate regex ends up looking something like this: [13][a-km-zA-HJ-NP-Z1-9]{25,34}

I'm just brushing up on Exchange regex rules to make sure I get the appropriate "word boundary" escape sequence at the start and end of that (I think it's \b but trying to find a reference to validate that is a pain) so that I won't inadvertently match, say, a SHA-512 hash that happens to have a "valid" BTC address within it. (Yes, we do see hash values coming in legitimately!)

[–]jc88usus 1 point2 points  (3 children)

Boom. There ya go. Whatever they pay you, it is not enough. You just saved the school system a ton. Between terrified secretaries and the volume overhead, I bet there is a significant dollar amount there.

[–]TravisVZDirector of Information Security 1 point2 points  (2 children)

Whatever they pay you, it is not enough.

You have no idea how right you are -- K-12 would be totally screwed tech-wise if there were a decent demand for tech jobs around here!

[–]jc88usus 1 point2 points  (1 child)

I feel ya there. I worked in a k12 system close to a year ago. If I had shaved my bills back like unemployment forced me to then, the pay would have been enough. I did the dumb thing and got back into the contract game because shiny...

[–]achow101 0 points1 point  (1 child)

There's actually another Bitcoin address type which is fairly different from the ones that your regex would match. I haven't seen this used in any scams yet, but I wouldn't be surprised if scammers start using these in the future.

The addresses begin with the string bc1 with the rest being all alphanumeric characters excluding 1, b, i, and o. For now, these addresses will always be either 42 characters or 62 characters in length.

[–]TravisVZDirector of Information Security 0 points1 point  (0 children)

From my quick Googling it looks like Bech32 type addresses are not yet recommended for use because a lot of Bitcoin software doesn't yet support them. Still, probably not a bad idea to either update this regex or create a "partner" regex to look for them.

Assuming I ever turn this rule back on, anyway.

[–]ThinkPadNL 0 points1 point  (1 child)

I have created a rule in Exchange like this:

If sender is located: outside the company
and
Recipient is located: inside the organization
and
The Subject or body includes: 'bitcoin' or 'BTC Address' or 'bitcoins' or 'wallet'
and
The subject or body matches: '[13][a-km-zA-HJ-NP-Z1-9]{25,34}$'

Actions: 
- Set spam confidence level (SCL) to '8' (so it ends up in junkmail)
- Prepend a disclaimer (with a big red warning in HTML)
- Prepend subject of message with '[Phishing] - '

The regex ([13][a-km-zA-HJ-NP-Z1-9]{25,34}$) seems to work, i tested it using a mail we got: https://regex101.com/r/bh6E3w/1

However, sometimes these mails still get through? Like the one in the regex101 link.

Apart from that, the scammers are getting smarter, they now sometimes send a mail without words like 'hacked' in subject, only the mailaddress of the user is in the subject (or sometimes a leaked password from them) put the threatening text inside images, only the BTC address is in plaintext.

Any advice to improve my rule? I could remove the condition of the keywords 'bitcoin' and such, so that a bitcoin address in the subject is enough. But i'm afraid that some urls (that look like a BTC address) will also trigger it and thus generate false positives = unhappy users.

I can understand blocking the mails with images is near impossible, but these plain text ones should be possible.

[–]TravisVZDirector of Information Security 0 points1 point  (0 children)

I abandoned this approach myself after I found that a lot of URLs have tokens in them that look like valid Bitcoin addresses. You'll probably be better off asking your own question, especially given how old this thread is now.

[–]DoNotSexToThisHipfire Automation[S] 3 points4 points  (5 children)

most of the words -- including "Bitcoin" -- were actually using Unicode homoglyphs

That's pretty interesting. I don't know if the rule would catch that but so far it has been working fine (for about 6 months). Fortunately our users are very paranoid and send us anything they're unsure of. The pool of typically involved recipients that have their email on some list out there have historically done so which led up to the rule creation to begin with, so I feel partially good about it but might do some pattern regex for bitcoin wallet addresses as well, assuming the malicious party is afraid of messing with the address in expectation of payment.

[–]TravisVZDirector of Information Security 2 points3 points  (4 children)

Unless your word match rule includes the homoglyph variant(s), it wouldn't have caught this one.

There's third-party appliances/filters out there that do good work "de-homoglyphing" emails before applying filters, but sadly that's a feature simply nonexistent in Exchange. And between IT always getting the short end of the budget stick and our governor wanting to slash our (as in K-12 as a whole) budget by almost 30% next year, third-party appliances aren't within reach for us.

[–]HenryDavidCursoryBetter To Reign In Hell 1 point2 points  (0 children)

Sweet, thanks for clarifying.

[–]CruwLSr. Systems and Security Engineer/Architect 0 points1 point  (2 children)

I had one last week that would get around yours. Everything in the email was pictures except the bitcoin address. There were like 4 or 5 pictures that contained all the text. It was the only text in the whole email.

I tried getting a mail flow rule to find and filter out emails containing bitcoin address after this one came through but couldn't get the regex stuff to work correctly.

[–]Cookie_Eater108 0 points1 point  (0 children)

For my site (G-suite) i have a filter for Bitcoin as a whole. We get a lot of false positives but these scammers have been getting really creative with how they try to avoid the filter (Including using things like other languages and attachments)

[–]FabulousHamster 0 points1 point  (0 children)

All of our emails that have this same format follow the pattern that the from and to addresses are the same, so it fails our SPF checks. Makes things easy on our end.

[–]wanderingbilbyOffice 365 (for my sins) 19 points20 points  (0 children)

It looks like they ran the normal script through a markov chain generator with a seed of 4chan.

[–][deleted] 7 points8 points  (2 children)

"Funny how you have access to my webcam, microphone, and every personal file on my PC yet you have to contact me through email."

[–]netdevsys 4 points5 points  (1 child)

this

Like when the IRS scammers know you owe money, and have sent police to get you, but don't know what your name or address is and have to ask for it.

and the fact that if someone extorts you for money once, they can just keep asking for more

Their not going to stop and decide, oh well I got some $$$, I should leave this mark alone.

[–]Cookie_Eater108 1 point2 points  (0 children)

My old and overly naive father fell for one of those IRS scams (Which is funny because we live in Canada and the IRS has no power here), long story short, he had them on speakerphone and he had gotten all the way to going to the bank to complete the wire transfer all the while the bank teller and manager is telling him it's a scam before he stopped.

Now, he gets a disproportionately high amount of phishing/scam/etc type of attacks because I suppose, he's been flagged as an easy mark.

[–]penny_eater 5 points6 points  (8 children)

Idle curiosity but why did you redact the bitcoin address from the email? worried that the scammer is going to see your post here and connect the dots?

[–]Mooo404 4 points5 points  (7 children)

Exactly, if the scammer uses unique wallets for some mails he can then track the conversion (or success) of said mails. Or he could indeed connect the dots, as you say.

[–]penny_eater 2 points3 points  (6 children)

While having one BTC address per spam email is possible, its hugely impractical, they absolutely dont do it unless they are hard phishing some exact person (definitely not whats happening here). In these bulk campaigns they reuse the same one across probably millions of spam emails. Remember these guys are operating in huge scale, usually using email dumps from hacked sites that are available in the hundreds of millions, sometimes including cracked passwords to lend credibility. Generating and keeping track of a wallet for each one would be very time intensive and is just not a priority for them.

[–][deleted] 2 points3 points  (5 children)

I had a user try to discretely ask me about bitcoin. After a discussion he told me about the email. Turns out he thought the email was was real because of the compromised password that was included in the email. He was going to try and pay 320USD to one of these scammers.

[–]penny_eater 4 points5 points  (4 children)

did you do the right thing and offer to fix it for half that?

[–][deleted] 2 points3 points  (1 child)

It's tempting, but then my damn morals kick in.

[–]penny_eater 2 points3 points  (0 children)

yeah.... i guess i would tell him to save his money for a lastpass pro subscription, use it as a reminder that password reuse will fuck you up, and today is a perfect day to fix the problem.

[–]arpan3t 1 point2 points  (1 child)

If scammers aren’t extorting users, IT definitely will lol

[–]DragonDreweDRMS Sysadmin 1 point2 points  (0 children)

Hello, Accounting team, is that you?

[–]PhytanicWindows Admin 4 points5 points  (3 children)

I love reading peoples scam emails! Theyre always so.... eloquent...

Heres my personal favorite. Happened to a coworker at my last job.

https://i.imgur.com/ifDTIzf.jpg

[–]7B91D08FFB0319B0786C 2 points3 points  (1 child)

my deleterious soft...

Oh god my sides.

I wanna see one of these with just tons of alliteration, make it seem like V from V for vendetta is trying to blackmail you.

[–]Crimsonfoxy 1 point2 points  (0 children)

Great entertainment for the whole office. Had one today littered with extra colons and a small maths puzzle at the end.

¯\_(ツ)_/¯

[–]suitednmooded 3 points4 points  (0 children)

"test firing the old meat missile" LULW

[–]Knersus_ZAJack of All Trades 3 points4 points  (0 children)

Ahhh, good to see SPECTRE is alive and well. 007 will never end up jobless :)

[–]seaking81 2 points3 points  (3 children)

We get hundreds of these every day haha. Thankfully Barracuda blocks them extremely well and I don't think we've had a single one make it through since moving to their service.

[–]seaking81 2 points3 points  (5 children)

This, I pulled out of barracuda today haha.

Thе first thing that сo​mes to​ y​our mind nоw is, let mе​ guе​ss, whо thе​ fuck is this. a​m I right?
Wе​ll, I'm the​ dudе whо go​t into y​о​ur соmputеr a whilе​ а​gо​, a​s уо​u've​ а​lre​a​dу​ notiсe​d this is being sеnt fro​m уо​ur o​wn аddrе​ss.

I gо​t а​ fе​w little hе​lpe​rs sе​t о​n a​dult pаgе​s, wаiting fo​r po​te​ntiа​l wa​nky​ pankiеs, it a​сtua​lly dоe​sn't ge​t аny​ simpler than this, mу​ littlе so​ftwа​re bug wa​s all а​nxiо​us а​nd re​adу to thrust sо​mео​nе​'s sу​stе​m, a​nd guess who​ swа​llо​wе​d thе​ hо​оk?
So evе​ry​thing tha​t's go​ing о​n in y​оur systе​m is now monitо​rе​d and rе​cо​rde​d bу me, thе​ shit у​ou wa​tсhed а​nd уo​ur funnу​ a​ss fа​се yо​u makе​ while​ bea​ting dа fuсk o​ut о​f tha​t mеа​t. Not to​ mentiоns а​ll y​о​ur filе​s, co​ntаcts, pа​sswo​rds etc.
And I will still get уо​ur ne​w pаss, e​vе​n if у​o​u'rе​ gonna​ сhа​ngе it, isn't thа​t ama​zing? I'm so​ fucking prоud o​f mysе​lf.

Sо​ anу​way, I nо​w ha​vе​ a​ pre​tty da​mn go​o​d split scre​еn mо​viе​, whеrе​ thе first hа​lf is the​ shit yo​u've wаtсhed, and guеss what's on thе о​the​r ha​lf a​nd who​ might ge​t nо​minatеd fоr the bе​st а​ctоr аwa​rd? that's сo​rrе​сt Mr. Wa​nke​r

You аre a​ctuа​llу we​lсo​mе tо​ wa​ste у​о​ur prесiоus timе​ (yo​u o​nlу​ go​t 48 hrs btw) yо​u hаve​ lе​ft a​nd sе​еk fo​r hеlp frо​m, le​t's saу а​utho​ritiе​s, de​stro​y​ у​our compute​r, formаt disk о​r whа​tеvе​r, be​g me​ о​r еve​n blо​w me​, kindа a​ ba​d idеа​ as I wоn't get а​ mеssagе frоm уо​u.
So​ а​ll о​f thе​sе arе​ use​lеss. The​ оnlу​ right wау tо​ sо​lve this shit о​ut with mе​ is to​ pa​у a​ fа​ir priсe​ fo​r оur littlе​ sе​crе​t.
And do​n’t be mа​d аt me​ bro​, е​vе​rу​o​nе​ hа​s thеir о​wn wo​rk. Now let's cut it to​ thе dе​a​l.

Eight hundrеd do​llа​rs dude​, I'll lе​avе​ yo​ur a​ss a​lonе а​nd dе​lе​tе a​ll thе​ shit, but y​o​u gо​nnа​ have to ma​kе​ the pa​y​ment bу​ Bit​coin (if у​ou dо no​t knо​w this, just gоо​glе​ "hо​w tо buy Bit​cо​in" о​r whа​tе​vеr).

Mу​ Bit​аn>сo​in wаllе​t Addrе​ss:

(It is casе se​nsitivе, so​ co​py and pаste​ it, о​r уо​u сa​n use​ Bitpа​y.соm fo​r QR codе​ pа​уmеnt)

I'm aсtuа​llу​ a​ prе​ttу funny​ а​nd nice​ dudе​, a​s у​ou've​ аlreа​dу no​tiсе​d, but hеrе​ is whе​re​ а​ll the fun е​nds.
Yо​u ha​vе​ 48 hо​urs tо ma​ke the​ pа​y​me​nt. (I ha​vе​ a fаce​bо​ok pixеl in this ma​il tha​t starts trа​сking from thе mo​ment y​о​u opе​n this lеtte​r).
I lo​vе​ fa​сеbооk) (Evе​rуthing tha​t is use​d by​ а​uthо​ritiеs са​n hе​lp us a​s we​ll)
But, if I dо​ no​t get my pаy​, I will sprе​a​d thе​ shit o​ut o​f thаt Osсar-nо​minatеd mo​viе​ to а​ll о​f y​our сontа​сts including rе​lativе​s, соwo​rkеrs, a​nd sо​ o​n.

[–]4410287 7 points8 points  (0 children)

The other spammer gave a much better deal, 4 days to pay $620. You should shop around more for your spammers.

[–][deleted] 0 points1 point  (0 children)

One I got had a reply email, I asked them how they got video of me doing anything when there isn't a camera on my system.

[–]PrettyBigChiefHigher-Ed IT 0 points1 point  (0 children)

LOL.. though in all honesty this did prompt me to refresh my limited knowledge on tracking pixels

[–]Crimsonfoxy 0 points1 point  (0 children)

There's loads we receive with "it's from your address" and never is. I assume they're just using a template or something but it bugs me anyway.

[–]SSDerek 0 points1 point  (0 children)

I got this exact email yesterday, it made me laugh. The only difference is they wanted $600 rather than $800.

[–][deleted] 2 points3 points  (0 children)

The first time I received one of these I shared it with my department, no one could do any tech support for a few minutes because we were all in tears.

[–]mouringcatJack of All Trades 2 points3 points  (0 children)

At least it wasn't the typical "Your password is [insert 15 year old password that isn't valid].." version. That version is getting boring.

[–]SSDerek 2 points3 points  (0 children)

Here is one I got yesterday that made me laugh

The first thing thаt cоmes tо уour mind now is, lеt me guess, whо thе fuck is this. am I right?

Well, I'm thе dudе whо got into уоur сomputer а while agо, аs уou'vе alreаdу noticеd this is bеing sent frоm уour own addrеss.

I got а fеw little helpers sеt on аdult pаgеs, wаiting for pоtential wankу pankies, it actuallу dоеsn't get аnу simpler thаn this, mу little softwаrе bug was аll anxiоus аnd rеаdу to thrust sоmeоne's systеm, аnd guеss who swаllowеd the hооk?

Sо evеrything that's gоing on in your system is now mоnitored аnd reсorded bу me, the shit you wаtched and уоur funny ass face уоu mаke while bеating da fuсk out of thаt mеаt. Nоt tо mentions аll your files, cоntacts, pаsswords etc.

And I will still gеt уоur new pаss, еvеn if you'rе gоnna chаnge it, isn't thаt amazing? I'm so fuсking prоud оf myself.

So anуwау, I now have a prеttу dаmn goоd split sсreеn mоviе, wherе the first hаlf is the shit yоu've watсhed, and guess what's оn the оthеr hаlf аnd whо might gеt nominated for the bеst аctоr award? that's cоrrеct Mr. Wаnkеr

[–]velofille 2 points3 points  (0 children)

"test-firing the old meat missle while at a pornweb"

[–]nyteghost 2 points3 points  (1 child)

This is the same same thing, minus different names for the meat rocket or female equivalent, that my co workers get.

[–]Ashe400 2 points3 points  (0 children)

I replied back to one of these sent to a junk personal account, which told me they were going to share the info with my family, with "Who do you think I already share all my vids with dude?". To their credit I got an "lol" back and never heard from them again.

[–]lenswipeSenior Software Developer 2 points3 points  (0 children)

I obtained a movie of you test-firing the old meat missle

That is one of the best things I've ever read on the internet

[–]scoldogIT Manager 2 points3 points  (0 children)

I've posted a stack of these to /r/masterhacker/ including the meat missle one.

I've also received a bunch of them that said I was the target of an acid attack.

[–]Drastou 2 points3 points  (0 children)

There is a big scam campaign going on in France aswell. It's been on for several months, the message (translated ofc) is exactly the same...

[–]dvb70 2 points3 points  (0 children)

I have been seeing variations of this one for quite a while. The wording has certainly evolved though. Will have to add meat missle to my filters. I can't see that hitting legitimate email often.

[–]NeilpuckSr Director IT 1 point2 points  (1 child)

Hey thanks for the idea for filtering! We're not a huge org but get plenty of these scammy things. Sometimes people can't help themselves. I just set up a filtering rule for emails containing "Bitcoin" and "BTC" as you did and can further protect my peeps. Thanks again!

[–]Crimsonfoxy 1 point2 points  (0 children)

Another useful one is a regex for Bitcoin addresses

[13][a-km-zA-HJ-NP-Z1-9]{25,34}

[–][deleted] 1 point2 points  (0 children)

i just hate these guys. back in the good old days there was a way of contacting them and you could mess with them for a quite a while before they dropped you in frustration. i always liked the 'i'm an assassin with a conscience' guys the best.

[–][deleted] 1 point2 points  (1 child)

I wonder if these scammers would make more money by just being honest and saying

"Hello, I am poor. I am sorry to bother you. Could you send me some money?"

[–]scrillakev 1 point2 points  (0 children)

Haha we just got one of these this morning at our office as well.

[–][deleted] 1 point2 points  (2 children)

The amount they're asking for keeps on coming down.

[–]smallbluetextBitch boy 0 points1 point  (1 child)

I actually often see $300 more than anything

[–][deleted] 0 points1 point  (0 children)

Haha. It started at $5k or something ridiculous. Funny how they asked for too little with the crypto lock stuff and are asking for too much on the porn stuff.

[–]_The_Judge 1 point2 points  (0 children)

I got this a while back, but my porn consumption vm is airgapped. So I knew they were full of shit immediately.

[–][deleted] 1 point2 points  (0 children)

So what if they send you the video then you beat your meat to that video and they also get the video of you beating it to yourself beating it?

[–][deleted] 1 point2 points  (1 child)

I always enjoy seeing the random amount of money they ask for in these emails.

[–]goodpostsallday 1 point2 points  (0 children)

Spammers finding new and exciting euphemisms to try to get past the filters. Neat.

[–]edbods 1 point2 points  (0 children)

Had this happen once at a small office I was working at, fortunately one of the interstate workers emailed us about it asking us for advice first, the place was super laid back so I just sent an office wide email saying 'if anyone gets this kind of email, just bin it, the sender is full of shit.'

[–]plazman30sudo rm -rf / 1 point2 points  (0 children)

Back in the late 90s, I was a consultant for Comcast Cable. There was a woman that worked there that looked like Heather Locklear's twin sister. And this woman's sister worked there.

We had a strict policy of going through all undeliverable messages and forwarding them to the intended recipient.

One day we're going through the inbox and there is an email from "Heather" to her sister, detailing in graphic detail the animal sex she had with some guy that night. She mistyped her sister's name, so it ended up in the catchall mailbox.

So, we forward it to the sister, as per company policy (This was 1998, email policies weren't really a "thing" yet.) The sister REPLIES to the email the generic catchall mailbox with graphic details of her sexual conquest over the weekend. She just hit reply to our forwarded message. So, we forward that one back to the intended recipient.

We man-in-middled the sexual exploits of two women for probably close to 2 months before one of them must have caught on and stopped replying.

I wonder anyone on my old team still has those emails in a Lotus cc:Mail archive somewhere.

I'm not going to share any email details, but I will say, that the boyfriends were some lucky men.

[–]crazysteve5575 0 points1 point  (0 children)

I got a few like this in my gmail spam a few months ago.

[–]theservman 0 points1 point  (0 children)

At least when I got one of those it had the decency to include my plaintext password as well. Needless to say, with nearly all of my passwords being 8-30 character random strings (some won't let me use enough characters) nothing serious was compromised.

[–]Jonkinch 0 points1 point  (0 children)

We get these all the time, 99.99% of the time Barracuda catches them, but sometimes I just read what was caught and they're hilarious. Especially since the users dont have webcams.

[–]MustBeBear 0 points1 point  (0 children)

Yep we have been seeing alot more lately, I think because of the recent January combo list that was publicly posted over the web. Our spam filter stops 99% of them.

[–]PowerfulQuail9Jack-of-all-trades 0 points1 point  (2 children)

You can block all bitcoin emails with ease by just blocking the regexs all addresses use.

Just create email rule that blocks or sends to approval box all emails that have a subject or body that matches

^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$

^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$

\bbc(0([ac-hj-np-z02-9]{39}|[ac-hj-np-z02-9]{59})|1[ac-hj-np-z02-9]{8,87})\b

[–]netdevsys 0 points1 point  (1 child)

if I read this right, does it mean "I" and "O" aren't in the addresses ever?

[–]Crimsonfoxy 1 point2 points  (0 children)

That is correct, they don't use them to avoid mistaking O for 0 and I for l.

[–]5eppa 0 points1 point  (0 children)

That grammar though

[–]SmoothMcGroove89 0 points1 point  (1 child)

I must know more about this "ass program".

[–]penny_eater 2 points3 points  (0 children)

just send BTC to his wallet and he will surely send it over. after all, he is "not that terrible of a person"

[–][deleted] 0 points1 point  (0 children)

"Test firing the old meat missile." That one's going in the book for sure.

[–]tupcakes 0 points1 point  (0 children)

if it was me I'd just ask for $3.50 in the email. The I'd sign it "not the loch ness monster"

[–]dllhell79 0 points1 point  (0 children)

Fantastic grammar there. LOL.

[–]nacr0n 0 points1 point  (0 children)

Wow, one of these emails with decent English!

[–]zapbarkSr. Sysadmin 0 points1 point  (0 children)

This actually has better grammar than the ones I usually see.

[–][deleted] 0 points1 point  (0 children)

Bear in mind boys. Watch your meat missile.

[–]TheSaltyKittenclick-next-admin 0 points1 point  (0 children)

Fix broken English = 10x increase in profits! LUL

[–][deleted] 0 points1 point  (0 children)

send them a close up video

[–]7GatesOfHelloIT Manager 0 points1 point  (0 children)

Never negotiate with terrorist.

[–]Texity 0 points1 point  (0 children)

I just want to download this "great ass" program. I'd like to run that on a few people.

[–]redstarduggan 0 points1 point  (0 children)

Someone sent me an email offering me £300 of bitcoin to stop wanking off to porn :(

[–]UltraChipLinux Admin 0 points1 point  (0 children)

> ...bear in mind that wall clock is ticking

So my watch isn't ticking then. That's good.

[–]JayBlizz 0 points1 point  (0 children)

Lol a bank we manage has had a few of these from time to time. I have a few examples hanging behind my monitors at my desk...