0

I was cleaning out my spam folder, when I saw one with a subject line which had a little-used password of mine. 16 hours ago. I'm fairly sure odds of guessing this password are small, so I looked.

The email comes from mediajobboard.com. If I put that in my browser, it redirects to mediajobboard.thejobnetwork.com, and the browser displays the screenshot below.

screenshot

If I google "thejobnetwork" the search hits seem to show it as a legit job search site. It's possible I may have created a profile there, and used this password.

Is it possible that the sender is an employee of thejobnetwork.com and that's how he got the password?

The text of the email is below, with my name and password masked. I am not worried about the blackmail threat - I have no reason to believe that he could have made such a video. I'm mainly curious that my password has been read back to me from a supposed legit site.

from: Eugene Nelson Martin@mediajobboard.com

to: [--ME--]@gmail.com

date: 18 Sep 2020, 17:41

subject: [--PASSWORD--]

I know [--PASSWORD--] is one of your password on day of hack..

Lets get directly to the point.

Not one person has paid me to check about you.

You do not know me and you're probably thinking why you are getting this email?

in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean). When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam. immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account. after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.

Best solution would be to pay me $1060.

We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.

My -BTC -address: 1J8hznwAZ2vRdyr4VGRuGj5cu4QVNSpmdz [case SeNSiTiVe, copy & paste it]

You could go on your life like this never happened and you will not ever hear back again from me.

You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).

if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too. I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.

if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.

Nevertheless, if i do get paid, i will destroy the recording immediately.

If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.

it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message.

Finally, this is the full "raw" email text:

Delivered-To: [--ME--]@gmail.com
Received: by 2002:a6b:b745:0:0:0:0:0 with SMTP id h66csp1639666iof;
        Fri, 18 Sep 2020 09:41:52 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyLTn2h5lZMNdBVg/ZjY13gpCrto+7bXYayjPtE7hona3i1111l/hytdLIIa9J16bTozIiA
X-Received: by 2002:a5d:4710:: with SMTP id y16mr39929940wrq.203.1600447312023;
        Fri, 18 Sep 2020 09:41:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600447312; cv=none;
        d=google.com; s=arc-20160816;
        b=Ywu6ejjBBKmn9h75zNdXde8lWPhoxPnKWRBaO7UJqB0h0yfik0G1dHJVAZWQKpjLBE
         +jOpK5l08sMXdGF3TSXlzdv2XaX42MUs+P8OTc29GP5tLhYneN5Tbrr+5vJqCr6j7ui7
         N2bgRcgtkoPbDE3W+mU3Q5gc8dHydoKKuIy+9PZxFDnzgR2XTNmotSm1NpD+B9zwVMJp
         5nfyVOa4nrbL2a4rMi+84VrxIlu1VAHdu7bOLW64CwjoVv3txEivsCHcWOxlczU33ydW
         bO0oFb0d/zxA89zXClNSH9iOOKfFncNPFWYXoz9ZPMEee9MlTpmcZy5icRHPsDTqAXtH
         i5vg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:subject:to:from:date
         :message-id;
        bh=VLeBoRWOnSgmuO5NTInBlceU2TsHmqOKJ1JCwjfwmmw=;
        b=bWIQXDCOa+X9T20950P2mIxIJvcomnNamq42VIqZ1ZJOE8+3CPIskcKKaztTnyoeNR
         qa2YYs1TJ+ZFkaSDRcXcbWJi0/jL6y/f44yXyr/6ipPJ3+Dbk23gjGLjNjJ2S3dx0RRK
         OYWohOXn46mA13LC3hOA8jcNMv6+X74bYhxYZKRCLBxHpqscmQklq7eHioRFE9R+Xvk9
         7gEXcwXSmcmlYf9YisuRB8XJ3qN/SIvP5MGyK2Gw0kWkBT3rXtE9hCZTBUeHGuqTr0DA
         qetRVdUOdBhGWq8aZXq6cqT1GdvwyyRLyiOOJdYTszNmJJE5Bw2+Qa6hmcIWNUYHpIll
         I1cA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=neutral (google.com: 147.78.45.142 is neither permitted nor denied by best guess record for domain of martin@mediajobboard.com) smtp.mailfrom=Martin@mediajobboard.com
Return-Path: <Martin@mediajobboard.com>
Received: from Martin.mediajobboard.com ([147.78.45.142])
        by mx.google.com with SMTP id h145sio537025wme.72.2020.09.18.09.41.49
        for <[--ME--]@gmail.com>;
        Fri, 18 Sep 2020 09:41:51 -0700 (PDT)
Received-SPF: neutral (google.com: 147.78.45.142 is neither permitted nor denied by best guess record for domain of martin@mediajobboard.com) client-ip=147.78.45.142;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 147.78.45.142 is neither permitted nor denied by best guess record for domain of martin@mediajobboard.com) smtp.mailfrom=Martin@mediajobboard.com
Message-ID: <5f64e34f.1c69fb81.a28a3.526dSMTPIN_ADDED_MISSING@mx.google.com>
Date: 18 Sep 2020 19:41:43
From: Eugene Nelson <Martin@mediajobboard.com>
To: <[--ME--]@gmail.com>
Subject: [--PASSWORD--]
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit

<czD>
<br><br>
I<Mag> know<iFJ> [--PASSWORD--]<Pmi> is<Bdj> one<ZMm> of<dCK> your<TQA> password<aPI> on<JoG> day<iTS> of<usy> hack..
<br><br>
Lets<gNM> get<aeW> directly<VIn> to<xSV> the<Ygw> point.
<br><br><br>
Not<gCV> one<Yoc> person<rpS> has<MqQ> paid<kmc> me<byU> to<Vmt> check<RUm> about<EBQ> you.
<br><br>
You<QqG> do<qPn> not<CkE> know<AZX> me<NJq> and<ZQv> you're<dUH> probably<Iwo> thinking<jir> why<NMj> you<Gbi> are<jGN> getting<KOz> this<Xjs> email?
<br><br><br>
in<GvT> fact,<StE> i<qkd> actually<pIZ> placed<Wml> a<Wnz> malware<Kuw> on<tYR> the<aQX> adult<Jlg> vids<lbf> (adult<svT> porn)<SoH> website<fkn> and<TYT> you<dWr> know<wFl> what,<RLc> you<GIY> visited<Ucw> this<Phb> site<qNZ> to<VPh> experience<Vla> fun<zrX> (you<duI> know<hPQ> what<IAP> i<Ymr> mean).
<br>
When<Cbb> you<ZDg> were<dZT> viewing<Kjq> videos,<Zhe> your<mYn> browser<bxd> started<Xsu> out<KcL> operating<pgh> as<OxH> a<hHh> RDP<qfD> having<aNF> a<wAi> key<Hqa> logger<PuC> which<dKU> provided<Pux> me<NSL> with<jwf> accessibility<Sba> to<hWs> your<RmC> display<cBx> and<PAa> web<Frx> cam.
<br>
immediately<xwf> after<qzU> that,<Tjl> my<BmK> malware<ZNb> obtained<xsG> every<FLD> one<Syc> of<weU> your<cLW> contacts<JYn> from<HHV> your<tZI> Messenger,<cLg> FB,<dPP> as<GEP> well<UuB> as<Crg> email<qDi> account.
<br>
after<rtC> that<WVx> i<BjM> created<eNa> a<pOa> double-screen<wfz> video.<yFk> 1st<wKd> part<MuV> shows<yVT> the<fav> video<DJT> you<dvy> were<FXd> viewing<fdp> (you<aRL> have<LhZ> a<pJJ> nice<cGM> taste<NTO> omg),<iZX> and<OQG> 2nd<zut> part<uBK> displays<iJU> the<HIz> recording<dlx> of<cYC> your<gnv> cam,<ibK> and<ZlD> its<ujo> you.
<br><br>
Best<Xpq> solution<NOn> would<oOt> be<ejl> to<xTA> pay<DcP> me<hOp> $1060.<qIy> 
<br><br>
We<EFD> are<kCk> going<Svc> to<Evd> refer<Bkx> to<Hes> it<yFy> as<Knu> a<YtE> donation.<HGm> in<WNZ> this<bsu> situation,<YRo> i<pPC> most<xZf> certainly<odn> will<Cox> without<Lee> delay<YHb> remove<kFe> your<gxl> video.
<br><br><br>
My<gqQ> <CYT>-BTC<gjv> <XGvfPnid>-address<IOG>: 1J8hznwAZ2vRdyr4VGRuGj5cu4QVNSpmdz
<br>
[case<TPA> <GeudVnCk>SeNSiTiVe,<zmZ> <dIO>copy<cQF> <odzck>&<EAR> <cPxe>paste<yfK> it]<Jtu> 
<br><br>
You<uSx> could<QRi> go<FOw> on<XxB> your<ynm> life<hqH> like<gDN> this<hjc> never<ndw> happened<eeA> and<BlS> you<iks> will<ZGU> not<LUr> ever<hEe> hear<lEN> back<nVf> again<QRv> from<ltQ> me.
<br><br>
You'll<kew> make<idj> the<HTH> payment<jms> via<PVS> Bitcoin<Dyz> (if<xPe> you<Ufs> do<Fzc> not<jDg> know<xjZ> this,<bFE> search<hEs> 'how<kCB> to<pnh> buy<PoT> bitcoin'<jCs> in<Izr> Google).
<br><br>
if<jvL> you<MwM> are<hzD> planning<YnT> on<tFl> going<yrV> to<uxr> the<Ylp> law,<DWg> surely,<nlF> this<sHm> e-mail<FRo> can<VFY> not<QAw> be<eNY> traced<RhE> back<htb> to<lZe> me,<ucz> because<zxF> it's<aZl> hacked<cPL> too.
<br>
I<GmV> have<BnV> taken<RBD> care<xoY> of<joT> my<YCv> actions.<LdE> i<EWi> am<TFN> not<Tqn> looking<grh> to<AtB> ask<yjb> you<yQQ> for<mGc> a<Ttb> lot,<LTp> i<ZdL> simply<iGR> want<AXH> to<JZS> be<Ohg> paid.
<br><br><br>
if<ATj> i<fDv> do<SNn> not<BgI> receive<jzI> the<FZW> bitcoin;,<hSO> i<uCC> definitely<uzs> will<pFO> send<LFh> out<dNg> your<Kdj> video<tTG> recording<LAM> to<eNN> all<SvF> of<sAZ> your<DWw> contacts<GsG> including<XLN> friends<yVi> and<TXd> family,<pKa> co-workers,<XZF> and<MzK> so<QHt> on.
<br><br>
Nevertheless,<lww> if<Hob> i<xNk> do<AlS> get<AdV> paid,<Yil> i<tOS> will<sfp> destroy<sWz> the<SZt> recording<JSZ> immediately.
<br><br><br>
If<Swl> you<Wfc> need<lkg> proof,<ndf> reply<wvF> with<BgL> Yeah<wAf> then<AHU> i<bJQ> will<qsC> send<Xdk> out<uzl> your<BDZ> video<xCx> recording<BXP> to<FkX> your<RCg> 8<BVr> friends.
<br><br>
it's<qQZ> a<sEr> nonnegotiable<kOo> offer<jUq> and<ams> thus<BZC> please<tZX> don't<tvA> waste<Wmw> mine<rLy> time<wIY> &<iwR> yours<BQe> by<mLB> replying<xwO> to<mgs> this<VBa> message.
<JhQfryBW><STe> <ZkHPcLUCrR>
Stewart
  • 343
  • 1
  • 3
  • 8
  • 4
    Does this answer your question? [What to do about email threats containing leaked passwords?](https://security.stackexchange.com/questions/195063/what-to-do-about-email-threats-containing-leaked-passwords). In short: the site where you've used this password was probably hacked in the past. Make sure that you don't reuse this password anywhere else but otherwise don't react to the mail and in no case pay. – Steffen Ullrich Sep 19 '20 at 09:52
  • @SteffenUllrich Yes it does! Thank you :) Marking as duplicate – Stewart Sep 19 '20 at 10:04

0 Answers0