Here is a pretty typical message received from an online scammer:
Hello!
As you can see, this is not a formal email, and unfortunately, it does not mean anything good for you.
BUT do not despair, it is not critical. I am going to explain to you everything right now.
I have access to your electronic devices, which are the part of the local network you regularly use.
I have been tracking your activity for the last few months.
How did that happen?
You visited some hacked websites with Exploit, and your device was exposed to my malicious software (I bought it in Darknet from specialists in this field).
This is a very complex software, operating as Trojan Horse. It updates regularly, and your antivirus can not detect it.
The program has a keylogger; it can turn your camera and microphone on and off, send files and provide access to your local network.
It took me some time to get access to the information from other devices, and as of now, I have all your contacts with conversations, info about your locations, what you like, your favourite websites, etc.
Honestly, I meant nothing bad at first and did that just for fun. This is my hobby.
When I hacked into your mail_account, your password was: danno555
But I got COVID and unfortunately lost my job.
And I figured out how to use "my hobby" to get money from you!
I recorded a video of you masturbating. This video has a separated screen, where you can be easily recognised; also, it can be clearly seen what sort of video you prefer.
Well, I am not proud of this, but I need money to survive.
Let's make a deal. You pay me as much as I ask you to, and I won't send this video to your friends, family, and other acquaintances.
You should understand, this is not a joke. I can send it by email, through SMS-link, social media, even post it in mass media (I have got some hacked accounts of their admins).
So you can become Twitter or Instagram "Star"!
To avoid this, you should send me 1,290 USD in Bitcoins on my BTC wallet:1MK7VnGrPM8T8Z7jm3b4V6FDinSNHbUAyt
If you don't know how to use Bitcoins, search it in Bing or Google <> or other stuff like that.
I will delete the video as soon as I receive the money. I will also delete the malicious software from your device, and you will never hear from me again.
I'll give you 2 days, that's more than enough, I think. Time tracking will start as soon as you open this email, I am monitoring this!
And one last thing:
It makes no sense to report about this to the police since I am using TOR, so there is no way to track Bitcoin transactions.
Don't respond to me (I generated this letter in your account and put the real address of the man who has no idea about this). In such a way, I make it impossible to track me.
If you ever do something stupid or against my expectations, I will immediately share this video.
Good luck!
This email arrived from the following source:
Received: from [41.242.161.54] (41.242.160.54) by mail.sircles.net
(192.168.144.123) with Microsoft SMTP Server id 15.2.1258.34 via Frontend
Transport; Sun, 29 Jun 2025 00:03:52 +0100
Message-ID: <6D85E613DC0E7029C1A257984A346D85@XNW7EHOP>
From: <[email protected]>
To: ausden <[email protected]>
Subject: Cooperation Offer.
Date: Sun, 29 Jun 2025 01:50:50 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
Return-Path: [email protected]
X-MS-Exchange-Organization-Network-Message-Id: 02778994-ab0c-4134-a96f-08ddb6980d80
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: Glass.sircles.net
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.7584411
X-MS-Exchange-Processed-By-BccFoldering: 15.02.1258.034
Now the IP address in question needs to be looked-up online:
NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent: ()
NetType: Allocated to AfriNIC
OriginAS:
Organization: African Network Information Center (AFRINIC)
RegDate: 2005-04-12
Updated: 2010-11-09
Ref: https://rdap.arin.net/registry/ip/41.0.0.0
ResourceLink: http://afrinic.net/en/services/whois-query
ResourceLink: whois.afrinic.net
OrgName: African Network Information Center
OrgId: AFRINIC
Address: Level 11ABC
Address: Raffles Tower
Address: Lot 19, Cybercity
City: Ebene
StateProv:
PostalCode:
Country: MU
RegDate: 2004-05-17
Updated: 2015-05-04
Comment: AfriNIC - http://www.afrinic.net
Comment: The African & Indian Ocean Internet Registry
Ref: https://rdap.arin.net/registry/entity/AFRINIC
ReferralServer: whois://whois.afrinic.net
ResourceLink: http://afrinic.net/en/services/whois-query
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/GENER11-ARIN
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/GENER11-ARIN
Now we can see that this is an email from an African or Indian Ocean territory. We hope that they do not have control over our system as they would be using a slow connection and be targeting old-fashioned SMTP codes and email servers.
This email arrives at the most ridiculous mailboxes - such as info and enquiries emails addresses present on website and so we can assume that the operator does not know enough about computers to hack their way into a mouldy doughnut and that therefore you are safe from them.