This is becoming one of my favorite phishing scams. Not just because it’s hilariously worded, but because the sender isn’t even putting in the effort to create malware, create a malicious site, or gain control over your account in any way.

This is a pure bluff. The e-mail sender is hoping to simply find somebody who is nervous enough about their own browsing habits to voluntarily send Bitcoin to this fool.

Typically, when talking about a phishing attempt, we would bring up the notion of improving your email security (I’m not overlooking the need to do that). But in this instance, the sender IP had yet to be blacklisted. There is no attachment for which to scan and sandbox and strip away. There are no links to try and identify a Command and Control Server or an attempt at a malicious download. All that’s here is a Bitcoin address.

If your policy is to ask the Help Desk about suspicious emails, do you think a likely target would want to expose himself and ask if this is legitimate? Maybe not, and maybe you don’t care since the individual would be the target and not the organization.

The best way to help in this situation and numerous others is with Phishing training. Training that is repetitive and occurs frequently is the key. We talk to many folks to who do something once a year, or who did something once with no plans to do it again. This is akin to looking at a log last year. That doesn’t do anything for you.

A key to way to diminish e-mail attacks is to frequently train and test your end-users. There are many affordable off-the-shelf solutions that will provide the email and training materials, and allow you to report on your strengths and weaknesses when it comes to your end-users.


Phishing training doesn’t mitigate the need for a strong e-mail security posture. It will reduce the number of efforts to put it to the test. It can also help your end-users protect their personal data and devices.

Below is an example of said phishing scheme that I myself have experienced.


I have very bad news for you.
12/10/2018 – on this day I hacked your OS and got full access to your account

So, you can change the password, yes… But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.

I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $667 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 145SmyE7DBEQExsnXZobojbQqr5UdgbCHh

You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
 This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Have a nice day!