Jump to content

I am being blackmailed


runintocash
 Share

Recommended Posts

Hi all,

I don't know if this is the right forum to post in, if not my apologies. I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider. I came here because they mentioned your site by name in the email. Below is the email that I received:

Hello admin,

First, I must tell you that I know that your program is scam. :)

But, I don't care as long as you are ready to cooperate with me.

Well,

This is my offer:

I have list of a few thousands fresh emails of HYIP users, which I

extracted from different hyips in last few months (profx.biz,

binor.ru, hk-fund.com, successfuture.biz, tradeinforex.net,

timesprofit.net, arivafund.com, etc...)

Price: $50 ONLY!

You can use this emails to promote your own program. Just imagine how

great this offer is and how many investors you can get!

You have two options. First option is to decide to cooperate with me

and buy email lists from me.

Second option, which I don't like, and I belive you will not like it

either: I have emails of about 150 thousands emails of SpamCop

members. SpamCop is spam fighting tool.

Well, all this people hate spam and they report every spam mail to

SpamCop. SpamCop automatiocaly reports every link from spam mail to

hosting provider which hosts it's site. What it means?

Well, if I "promote" (spam) that people with your site address in

message body, they will report you, and your hosting provider will

receive thousands of spam complaints. They will be forced to shut down

your site!

I don't like second option. First is much better for both of us.

But if you refuse me offer, I will be forced to move to the second option. :(

So, I hope that you will chose what is better...

If you don't reply within 24 hours, I will understand it as refuse and

I will start working on 'second option'.

Regards,

Ognjen

As proof that I'm serious I'm sending you list of all active investors

of arivafund.com. Also, please check their threads on forums like MMG

to see what demage I made them.

Is this guy for real? Is there any way that I can prevent this person from doing this? Any input or advice is appreciated.

Thanks,

Mike

Link to comment
Share on other sites

???? Discussion is already ongoing over in the newsgroups on the same query. There are already numerous replies 'over there' .... please see [scspamcop] Someone is trying to blackmail me!

Basically, the flow is ... if you want to take it as anything close to 'real' ... contact your ISP/Host and let them know about it. Get a current back-up of the site as it is now, just in case there are other hacks/attacks involved. Get you ISP Account at SpamCop.net to see if you really are getting reported.

As far as "where to post" .. this has nothing to do with the SpamCopDNSBL at all, so moving it to the Lounge area.

Link to comment
Share on other sites

I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider.

Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries.

I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot.

The protections advised are, or course, essential but I would record a crime as well.

Andrew

Link to comment
Share on other sites

Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries.

I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot.

The protections advised are, or course, essential but I would record a crime as well.

I would support that advice but, to take it further, the crime is clearly extortion and I very much doubt there is any place where it is not a serious criminal offence. Even if there are jurisdictions where it is not a specific offence (not covered under the criminal code), that will only be because an overlapping jurisdiction covers it instead (Federal-State coverage in Australia for instance). IANAL.
Link to comment
Share on other sites

Hi all,

I don't know if this is the right forum to post in, if not my apologies. I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider. I came here because they mentioned your site by name in the email. Below is the email that I received:

Thanks,

Mike

Mike,

I just received the same email.

Here are all the headers, if anyone can help tracking this idiot down.

I sent a copy to Gmail, wonder if they will do anything.

Peter.

PS: Make sure you keep a copy of the email just in case he does start sending spam in your name.

X-Persona: <GWBOPC-ADMIN>

Return-Path: <fdgjdfigdsifjgisufdghfdh342[at]gmail.com>

Received: from ro-out-1112.google.com (ro-out-1112.google.com [72.14.202.176])

by gwbopc.com (8.13.6.20060614/8.13.6) with ESMTP id lB31UUW7041828

for <admin[at]gwbopc.com>; Mon, 3 Dec 2007 01:30:32 GMT

Received: by ro-out-1112.google.com with SMTP id p7so4782006roc

for <admin[at]gwbopc.com>; Sun, 02 Dec 2007 17:30:25 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=gamma;

h=domainkey-signature:received:received:message-id:date:from:sender:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;

bh=tN3SbFRT4MxvObEuEk6Ze/O8DIPj8mR9jsIRu3ll1oc=;

b=qrfMxlu/CkyH9E/Y4Hsj4HeiDE3LYCax3G43GRt6fv1t0+ckNnLJyE4mGJSJ+fGgzXLJzUJYigBZ3Vn38eq+RQg4Y8XGMYtLlgoT7tQcaikk2SCpLtARyvLAzFSf71Xkxs6dxbNQO2ZRYuoiDArUf5npf5xi1X2l22hZs7rKAX0=

DomainKey-Signature: a=rsa-sha1; c=nofws;

d=gmail.com; s=gamma;

h=received:message-id:date:from:sender:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;

b=phX/GndENrN+0jnJ6hcalpSPma+XLccuegjVyIMIJuk1gEaZvds+CHzDCZsdmmmO7Sn5/zqyds6xHvPxbuY5F36sX/m64zmXVoBh1BZk4MIvuowxPonEGDYKObTjxzh959GWU/zj1acxFRU5bzGuErAoMw2+uGniK8ySd3bsYEw=

Received: by 10.140.180.42 with SMTP id c42mr919158rvf.1196645424186;

Sun, 02 Dec 2007 17:30:24 -0800 (PST)

Received: by 10.141.99.1 with HTTP; Sun, 2 Dec 2007 17:30:23 -0800 (PST)

Message-ID: <9c019b380712021730k22493b76k831567e99667993a[at]mail.gmail.com>

Date: Mon, 3 Dec 2007 02:30:23 +0100

From: "Ognjen Kapor" <okapor[at]gmail.com>

Sender: fdgjdfigdsifjgisufdghfdh342[at]gmail.com

Subject: OFFER - 2 options - PLEASE READ AND REPLY!

In-Reply-To: <9c019b380712021729ic9eab2k197db820e8e8e280[at]mail.gmail.com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_4794_10691318.1196645423855"

References: <9c019b380712021729ic9eab2k197db820e8e8e280[at]mail.gmail.com>

X-Google-Sender-Auth: 9238c7e2aaacfe7b

To: undisclosed-recipients:;

Status:

Edited by pwilson
Link to comment
Share on other sites

Hi, i am a website's Admin.

I received a threatening email:

Hello admin,

First, I must tell you that I know that your program is scam. :)

But, I don't care as long as you are ready to cooperate with me.

Well,

This is my offer:

I have list of a few thousands fresh emails of HYIP users, which I extracted from different hyips in last few months ( profx.biz, binor.ru , hk-fund.com, successfuture.biz, tradeinforex.net , timesprofit.net, arivafund.com, etc...)

Price: $50 ONLY!

You can use this emails to promote your own program. Just imagine how great this offer is and how many investors you can get!

You have two options. First option is to decide to cooperate with me and buy email lists from me.

Second option, which I don't like, and I belive you will not like it either: I have emails of about 150 thousands emails of SpamCop members. SpamCop is spam fighting tool.

Well, all this people hate spam and they report every spam mail to SpamCop. SpamCop automatiocaly reports every link from spam mail to hosting provider which hosts it's site. What it means?

Well, if I "promote" (spam) that people with your site address in message body, they will report you, and your hosting provider will receive thousands of spam complaints. They will be forced to shut down your site!

I don't like second option. First is much better for both of us.

But if you refuse me offer, I will be forced to move to the second option. :(

So, I hope that you will chose what is better...

If you don't reply within 24 hours, I will understand it as refuse and I will start working on 'second option'.

Regards,

Ognjen

As proof that I'm serious I'm sending you list of all active investors of arivafund.com. Also, please check their threads on forums like MMG to see what demage I made them.

what can I do?

Link to comment
Share on other sites

There have been a couple posts of this going around. I would guess it is mostly likely an empty threat (it is unlikely someone could generate enough phoney evidence to get your website shut down). Other advise here has been to report it to local law enforcement, as it is extortion, which is illegal in most places. You might also consider notifying your ISP, and making a backup of your site "just in case".

Link to comment
Share on other sites

europaid's 'new' Topic was merged into this one, also being posted into the SpamCopDNSBL Forum section.

PM has been sent to advise of this action.

There have been a couple posts of this going around.

More than a few <g> What it really looks like is that the primary lowlife involved has simply scraped a ton-load of addresses from all sorts of these "make-lots-of-money-at-home" portal/sign-up pages and decided to "hit them all" .... kind of a twist on the old free-for-all type 'link' pages ....

Link to comment
Share on other sites

Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries.

I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot.

The protections advised are, or course, essential but I would record a crime as well.

Hello Andrew,

I have actually been the victim of online fraud before. Someone went into make bank account and stole money not too long ago. I went to my local police department to file a police report. The next day I got a call from a detective stating there was pretty much nothing they can do as they have no internet crimes department and it was outside of their jurisdiction. The only good filing the police report did was give me the documentation to get my money back from the bank. Local police departments do not have the resources to go after this guy. The FBI may be able to do something but an extortion attempt for $50 I'm sure is not on the top of their priority list. Although it would be great for this guy to get caught! Thanks for your response!

I just received the same email.

I doubt G-mail will do anything. Their privacy policy protects people like this which is why you can't get their IP from the header. Look at the third line in the header. This is where his IP should show up but instead we are just given googles IP as per their privacy policy. Make sure you notify your ISP/web host and make them aware of the situation so you have everything documented.

There have been a couple posts of this going around. I would guess it is mostly likely an empty threat (it is unlikely someone could generate enough phoney evidence to get your website shut down). Other advise here has been to report it to local law enforcement, as it is extortion, which is illegal in most places. You might also consider notifying your ISP, and making a backup of your site "just in case".

The more I research the more I start to think you are correct. It is just empty threats. My ISP/web host has already been notified. I have notified the FBI internet crimes division as well as the internet fraud department with the secret service(still awaiting their response). I have a back-up of my site and I back-up MYSQL database everyday. I would like to thank everyone that has responded. Your input and advice is much appreciated.

Moderator edit: massive removal of much unneeded quoted content, which also caused the post to explode horizontally, making it a pain to actually try to read .... per the guidance offered in the Forum FAQ, please delete all the unneeded quoted material as part of the quoting and posting steps.

Edited by Wazoo
Link to comment
Share on other sites

If the fake emails are sent and your ISP starts getting complaints, you can let me know and I'll set SpamCop to stop reporting the URL the spammer is advertising that is causing you trouble.

That way, the source of the emails will get reported, but not your web site.

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

Link to comment
Share on other sites

I have actually been the victim of online fraud before. Someone went into make bank account and stole money not too long ago. I went to my local police department to file a police report. The next day I got a call from a detective stating there was pretty much nothing they can do as they have no internet crimes department and it was outside of their jurisdiction. The only good filing the police report did was give me the documentation to get my money back from the bank. Local police departments do not have the resources to go after this guy. The FBI may be able to do something but an extortion attempt for $50 I'm sure is not on the top of their priority list. Although it would be great for this guy to get caught!

Of course, you're absolutely correct. But it should be reported. One $50 attempt multiplied by thousands of victims amounts to a pretty significant attempted fraud. Gathering intelligence can provide the data to tackle a crime across international borders.

I once had a call from our credit card company. Their computers had identified an attempt to charge thousands of cards with a $1 admin fee. Presumably the fraudster was hoping that nobody would complain about $1 but he/she would gain millions.

Andrew

Link to comment
Share on other sites

  • 7 months later...

Hello,

I am the owner of ClixMX.com, and I received the same type of email a few minutes ago. After searching the forum I see that most of these emails were sent on December 2007, and most recommendations are to report to Gmail, hosting provider and police departments, so I will do that. I just want to post this here to set a precedent. I hope its ok.

The original text is:

----------------

Hello admin,

First, I must tell you that I know that your program is scam. :)

But, I don't care as long as you are ready to cooperate with me.

Well,

This is my offer:

I have list of 97,651 emails of HYIP users, which I

extracted from different hyips in last few months.

Price: $200 ONLY!

You can use this emails to promote your own program. Just imagine how

great this offer is and how many investors you can get!

You have two options. First option is to decide to cooperate with me

and buy email lists from me.

Second option, which I don't like, and I belive you will not like it

either: I have emails of about 150 thousands emails of SpamCop

members. SpamCop is spam fighting tool.

Well, all this people hate spam and they report every spam mail to

SpamCop. SpamCop automatiocaly reports every link from spam mail to

hosting provider which hosts it's site. What it means?

Well, if I "promote" (spam) that people with your site address in

message body, they will report you, and your hosting provider will

receive thousands of spam complaints. They will be forced to shut down

your site!

I don't like second option. First is much better for both of us.

But if you refuse me offer, I will be forced to move to the second option. :(

So, I hope that you will chose what is better...

If you don't reply within 24 hours, I will understand it as refuse and

I will start working on 'second option'.

Regards,

Oskar

As proof that I'm serious I'm sending you list of all active investors

of profitsaddiction.com

--------------------

His attachment has a list of over 100 addresses, and there is no site at profitsaddiction.com. Email headers are: (I removed [at] from my address)

--------------------

Received: (qmail 13579 invoked from network); 5 Jul 2008 01:49:30 -0000

Received: from unknown (HELO p3presmtp01-04.prod.phx3.secureserver.net) ([208.109.80.153])

(envelope-sender <oferengi10[at]googlemail.com>)

by smtp21-02.prod.mesa1.secureserver.net (qmail-1.03) with SMTP

for <admin[at]clixmx.com>; 5 Jul 2008 01:49:30 -0000

Received: (qmail 5457 invoked from network); 5 Jul 2008 01:49:30 -0000

Received: from qb-out-0506.google.com ([72.14.204.235])

(envelope-sender <oferengi10[at]googlemail.com>)

by p3presmtp01-04.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP

for <admin[at]clixmx.com>; 5 Jul 2008 01:49:29 -0000

Received: by qb-out-0506.google.com with SMTP id q18so1714906qba.41

for <admin[at]clixmx.com>; Fri, 04 Jul 2008 18:49:29 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=googlemail.com; s=gamma;

h=domainkey-signature:received:received:message-id:date:from:sender

:subject:mime-version:content-type:x-google-sender-auth;

bh=klMvQuAkGTv8FlYxzcTOjcRklSA4MBGPV78Oze8wTR8=;

b=ra/IQ9zNaS8b+h2JeX4wXjCiw9uych7i6B9UfndgzJbVeQ4Dh83sbNLrVov7dosq8g

vu8OrBFMpqj+vsmUqae16beWb5BOYLBy47qGSLWcQ+FlC8a1eo6sbebuCG/TJ0phrYdf

fsd6AtMIeBPLl8Q02Lw3Jxy6xyjt0AeLUInsg=

X-BitDefenderWKS-SpamStamp: v1, build 2.6.15.47144, bayes score:

500(0), pbayes score: 0(0), neunet score: 500(0), total: 0

X-BitDefenderWKS-spam: No - 0

DomainKey-Signature: a=rsa-sha1; c=nofws;

d=googlemail.com; s=gamma;

h=message-id:date:from:sender:subject:mime-version:content-type

:x-google-sender-auth;

b=DFJ+r+Nu6FhXC2opzD0MX6M99koVNXvBJtbQ7vPWjcgeZFek9ZW8yY0K9pRaOEmnSO

036oQ+QSPpOENW8EDcmdWp+hSVXLmuSEiIqY3nQV9w98E226CiB/GcJPHDV5t8xI4ccY

XfiQoAe76ZUyh+hFgBeet0upcTVii8/pvCoTw=

Received: by 10.141.204.20 with SMTP id g20mr721532rvq.230.1215222567786;

Fri, 04 Jul 2008 18:49:27 -0700 (PDT)

Received: by 10.140.192.12 with HTTP; Fri, 4 Jul 2008 18:49:27 -0700 (PDT)

Message-ID: <f1068150807041849n64a9438r9427c523474588c1[at]mail.gmail.com>

Date: Sat, 5 Jul 2008 03:49:27 +0200

From: "Oskar Ferengi" <oskarferengi[at]gmail.com>

Sender: oferengi10[at]googlemail.com

Subject: READ AND REPLY!

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_8413_4474797.1215222567782"

X-Google-Sender-Auth: 01b66ebf0ca3e87c

X-Nonspam: None

---------------------

As I said, I will report this to all recommended authorities. For the record, ClixMX.com is not a scam.

Regards,

Jose Manuel

ClixMX.com Admin

:D

Link to comment
Share on other sites

I just want to post this here to set a precedent. I hope its ok.

And just what "precedent" are trying to set???? Same spam seen all over the place, seemingly targetted towards these silly "get-rich-by-clicking-on-ads" web-sites.

As I said, I will report this to all recommended authorities. For the record, ClixMX.com is not a scam.

Yeah, but .... hard to call it a legitimate business/enterprise either .... I repeat my comments from Linear Post #9;

What it really looks like is that the primary lowlife involved has simply scraped a ton-load of addresses from all sorts of these "make-lots-of-money-at-home" portal/sign-up pages and decided to "hit them all" .... kind of a twist on the old free-for-all type 'link' pages ....

Link to comment
Share on other sites

Someone is threatening our company using "SpamCop" . Please look into this.

http://www.taketheglobe.com/forums/showthr...p=1617#post1617

This is not the first time we have seen this, in fact there is another recent post that I will be moving this one into using the same exact wording.

Link to comment
Share on other sites

The exact header states.

Return-path: <oferengi12[at]googlemail.com>

Envelope-to: admin[at]taketheglobe.com

Delivery-date: Fri, 04 Jul 2008 19:07:34 -0700

Received: from ag-out-0708.google.com ([72.14.246.242])

by server.taketheglobe.com with esmtp (Exim 4.68)

(envelope-from <oferengi12[at]googlemail.com>)

id 1KExBW-0003Ye-95

for admin[at]taketheglobe.com; Fri, 04 Jul 2008 19:07:34 -0700

Received: by ag-out-0708.google.com with SMTP id 8so8463934agc.0

for <admin[at]taketheglobe.com>; Fri, 04 Jul 2008 19:07:32 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=googlemail.com; s=gamma;

h=domainkey-signature:received:received:message-id:date:from:sender

:subject:mime-version:content-type:x-google-sender-auth;

bh=dd8ATZK2do6hiBhH1San2pvkMsGkCqB2m6JTzFtEpzE=;

b=vI+uNWXxtJzYtg8FSaYIj6gR15ZDnJ99s0p+UWr7PBXVbuM60jOkYxXhNtr+aZ66T9

Fm7O+3i7AVjfA4P6KIZ6BYz3sZIWBzfSVLmlOt6dLnjRU/QkcX9cuClf4fykOstTLKyY

pEVB2KvZs4NIFBekbHAR/xAqBCVBo7/x08WZE=

DomainKey-Signature: a=rsa-sha1; c=nofws;

d=googlemail.com; s=gamma;

h=message-id:date:from:sender:subject:mime-version:content-type

:x-google-sender-auth;

b=uhNKbejEF6PNZxtN6nTsApf8+o/GXPpJfjColcyWog1U2rMyP+2NImls3Yj6pSbRej

Vlvbhm1hgwfFz0YtHvjKkJUNAsahQtFkbDeaxrSnkebuYSs91Wd6XU9f/GWmwNMcW8Gu

LJDMXILLKmEjUv07VNLe5byi8bSeRw0JqjyJs=

Received: by 10.151.112.1 with SMTP id p1mr3028007ybm.141.1215223580808;

Fri, 04 Jul 2008 19:06:20 -0700 (PDT)

Received: by 10.150.122.20 with HTTP; Fri, 4 Jul 2008 19:06:20 -0700 (PDT)

Message-ID: <d23423d30807041906u2c2d67bai3971be3e41e72709[at]mail.gmail.com>

Date: Sat, 5 Jul 2008 04:06:20 +0200

From: "Oskar Ferengi" <oskarferengi[at]gmail.com>

Sender: oferengi12[at]googlemail.com

Subject: READ AND REPLY!

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_15381_5998053.1215223580819"

X-Google-Sender-Auth: ed6e8d3cfe6a6d33

Link to comment
Share on other sites

Please review the previous posts in this (merged) topic.

Posting a complaint here is not going to achieve anything. Review How does SpamCop reporting work? if you want to understand why not.

To spell it out just a little, all that a SC report would do with that header detail is send a notification to abuse[at]google.com (gmail-abuse[at]google.com used to be another address?) and notch up a "hit" against ag-out-0708.google.com ([72.14.246.242]) - which is not going to do much since the GMail service is predominently "straight" and there are a great number of servers in play - see the "SCBL Rules" in What is the SpamCop Blocking List (SCBL)? and note high regular volume from http://www.senderbase.org/senderbase_queri...g=72.14.246.242 - and the very many other servers used in routing.

You can/should report the abuse to Google yourself (it would be ineffective coming from anyone else). If this is a criminal matter it also needs to be addressed by the civil authorities.

Hrmmph - "Oskar Ferengi" indeed! If that is the quality of the criminal mastermind involved you should have little to fear. But watch out for Rule 10

Link to comment
Share on other sites

  • 2 years later...

After reading this whole topic (and I'm not really sorry to "wake up" an old thread — after all, we're in the Lounge), I'm fascinated by the appropriateness of Farelf's sig on the latest post before this one: Plus ça change, plus c'est la même chose.

However I cannot help noticing Google's strange notion of "privacy": if you're a spammer, they will protect your "privacy" by not putting proper Received headers on your mail; but to protect yourself from spying by Google, the only solution (says Google CEO) is to change your name…

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...