Hi

More “Hello Pervert” sextortion email

You may be here because you received something like this:

From: Enzo McQueen [email protected]
Sent: Friday, 16 May 2025 04:42
To: me
Subject: Hi

Good day.

Your system has ḅeen hacĸed with a Trojan virus.

It has penetrated yoūr device throṳgh adúlt portals which yoṷ (txxzgacw) sometimes visit.

Some spicy (vbpqjxy) videos contain malicioṵs code that activates after (qpzklkrg) ḅeing (sitaum) tųrned on. Yoṳr entire information has already ƀeen copied to my servers.

I possess complete (xvaihfd) control over yoǔr device which (jnddtip) yoử ũse to (lrtbgesw) access the Internet.

I can see yoṷr screen, I (hloeakh) can üse a microphone and a camera in a way (dtpzuamw) that yoǘ never notice anything.

I’ve already made a (yrmzhu) screen (olplocy) recording.

A video was (enaulqfc) edited with (cbvwjpdj) a pornographic movie that yoȕ were watching (imksbrka) at that time and masturbating.

Your face is perfectly visiƄle and (lurmehy) I (jdknsa) do not (oedgqmby) thinƙ that this ǩind (ldfipzb) of content will have a positive impact on yoǘr reputation.

I have an overall access to yoûr list of contacts and the social media profiles. I can send this video (ozusiv) from (xtdofww) yoúr E-mail or (hrdbuzl) the messengers.
If yoǜ do not want to let (bqopcrxh) this (taxufe) happen, then yoũ only (qguemcvk) need to taƙe (bsmucsb) one (gwjcneo) simple step.

Just transfer 12000 USD (ovcbax) (US dollars) to this Bitcoin wallet:
1F2rEBfZyauABYVjDfvPfrrWmWCwSmvtfv

(In a Bitcoin eqúivalent at the exchange rate for the time of transfer.) Yoū can (qnctzksh) find the (oynxopvu) detailed instrúctions in Google.

After the payment I will remove the video and the virứs from (fbfffslr) yoừr device and no one will ƀother yoủ anymore.

If I will not receive the payment in dǘe time, all of (rrvhjrfm) yoṻr data and the videos will ḅecome pǜƄlicly available.

I give yoǚ 2 ḅūsiness (qzmkyvc) days. (kjgcwcoo) I shall receive a notification that yoŭ have read the letter.

The timer starts immediately. Āny complain somewhere, inclưding the police, is ṳseless. This (pukfynw) wallet and an E-mail cannot (mxiiiqxa) ḃe tracked.

If I find oůt that yoṷ have shared this message with someone else, the (pksuufng) video will ḇecome pṳƀlicly availaƄle at once.

I will destroy yoũr repừtation forever and all yoųr data will go pǚḃlic. Everyone will learn aƀoửt (amgplqb) yoųr passion (mmzwvw) for the porn sites and more.

Changing the passwords will ƀe ūseless either as all the data is already on my servers.

do not forget that repütation is very important and ƅe prudent!

Good luck!

I asked DeepSeek to analyse the headers of this scam. It does it better and quicker than I do…!

Analysis of the Email Headers: Likely Spam

Here are the key reasons supporting this conclusion:

1. Suspicious “From” Name and Address
   • The sender’s name is “Enzo McQueen” (=?utf-8?b?RW56byBNY1F1ZWVu?=), which appears randomly generated (common in spam).
   • The email is sent from [email protected], a no-reply address, which is unusual for legitimate job-related correspondence.
2. Inconsistent Timestamps
   • The Received headers show conflicting dates:
     • Exim server timestamp: Fri, 11 Apr 2025 01:12:25 +0000
     • Google’s received timestamp: Thu, 15 May 2025 19:42:29 -0700 (PDT)
   • This 1-month discrepancy suggests possible header manipulation or a misconfigured relay server, common in spam campaigns.
3. Generic Subject Line (“Hi”)
   • The subject line is “Hi”, which is overly vague and typical of phishing or spam emails trying to appear casual.
4. Unusual X-AntiAbuse Headers
   • The email includes multiple X-AntiAbuse headers, which are often added by spammy or poorly configured mail servers to feign legitimacy.
   • The X-Get-Message-Sender-Via and X-Authenticated-Sender fields suggest an attempt to appear authenticated, but these are not standard in professional emails.
5. SPF & DMARC Pass but Still Suspicious
   • While SPF (pass) and DMARC (pass) indicate the sender’s domain is authorized, this alone doesn’t guarantee legitimacy.
   • The domain jobcenterprosuma.com (registered in France, based on the IP 37.187.49.56) lacks clear reputation, and the email’s structure resembles template-based spam.

Final Verdict: Likely Spam

Feeding the message text into DeepSeek, a conclusion was reached:

Final Analysis: Confirmed Scam (Blackmail/Extortion Attempt)

This email is 100% a scam—a classic sextortion/blackmail phishing attempt. Here’s why:

---

1. Classic Sextortion Tactics

• The email claims your device was hacked via “adult portals” and threatens to leak fabricated embarrassing videos (a common scare tactic).
• Random gibberish in parentheses (e.g., (txxzgacw), (vbpqjxy)) is a spammer tactic to bypass filters.
• No actual proof (e.g., passwords, screenshots) is provided—just vague threats.

---

2. Bitcoin Ransom Demand

• The attacker demands $12,000 in Bitcoin (a hallmark of scams—untraceable payments).
• The wallet (1F2rEBfZyauABYVjDfvPfrrWmWCwSmvtfv) is likely reused in other scams (you can check it on Bitcoin Abuse Database).

---

3. Poor Grammar and Odd Formatting

• Unicode abuse: Strange characters like ḅ, ĸ, ṳ, ǔ (used to evade spam filters).
• Inconsistent phrasing:
  • “I can see yoṷr screen, I (hloeakh) can üse a microphone”
  • “I do not (oedgqmby) thinƙ that this ǩind (ldfipzb) of content…”

---

4. Fake Urgency and Threats

• “2 business days” deadline to pressure victims.
• False claims like:
  • “This wallet and E-mail cannot be tracked” (Bitcoin transactions are public).
  • “Changing passwords is useless” (irrelevant if they supposedly already have your data).

---

5. No Technical Legitimacy

• No malware signature: Real hackers would provide proof (e.g., a password you’ve used).
• Sender’s domain (jobcenterprosuma.com) is likely compromised or fake.

DeepSeek also tells you what to do – and I cannot dispute the suggestions….

What to Do?

1. Ignore and delete the email. Do not reply or pay.
2. Report the Bitcoin wallet to Bitcoin Abuse Database.
3. Scan your device with Malwarebytes or Windows Defender (for peace of mind).
4. Enable 2FA on important accounts (though this email is pure bluff).

This is a mass-generated scam—you’re safe if you don’t engage. Stay vigilant!

🚨 Sextortion Scam Alert! Here’s What to Do 🚨

This email is 100% fake—a classic sextortion scam trying to scare you into paying. Don’t fall for it! Here’s your action plan:

🔍 How to Spot the Scam (No Headers Needed!)

✅ AI can detect it instantly – Just paste the text into ChatGPT, Gemini, or any AI tool, and it’ll confirm: this is a scam.
✅ Threats + Bitcoin demand? 🚩 Always a scam.
✅ Weird characters & typos? 🚩 Bot-generated spam.

🛡️ Your 3-Step Defense Plan

1️⃣ 🚫 Ignore & Delete – Do not reply, click links, or pay a cent.
2️⃣ 📛 Report the Bitcoin Wallet – Help shut scammers down:
→ Bitcoin Abuse Database (Paste: 1F2rEBfZyauABYVjDfvPfrrWmWCwSmvtfv)
3️⃣ 🔒 Double-Check Security (For peace of mind):

• Run a quick malware scan (Malwarebytes/Windows Defender).
• Enable 2FA on key accounts (though this scam is all bluff).

💡 Remember: Reputation Attacks Are FAKE

• Real hackers provide proof (e.g., your passwords).
• This scammer has nothing—just empty threats.

Stay calm, stay smart, and shut scammers down!

Need help verifying another email? Ask me anytime! 💬🔐