I received two mails on Aug 6&7, 2024. Both were from fake mails hartleysivertsengivoraki@gmail[.]com, taishathomlisonculucaci@gmail[.]com.
There was a pdf attached, which has a generic threat saying that the attacker installed a malware when you visited a porn site, and recorded you through your webcam.
The attacker demands a ransom in bitcoin to not release the video to your contacts.
The btc address given is: 1B6iSAV8fKkxNdWmX7JMbHXUbZ4PG9vPBN
The attacker knows my phone number and a user name I gave to some site I don't remember. So, I assume the attacker got my info from a data breach.
After IP and header analysis, I concluded that the malicious actor is using a compromised email server related to Google.
The following IPs were used: 209[.]85[.]220[.]41, 209[.]85[.]220[.]65.