This is a scam mail (sextortion attempt) that has circulated for years. It is a BLUFF! The scammer never hacked anything and he has NO control over your computer even he claims to have. This mail is sent randomly to hundreds of thousands of mailaddresses and once in a rare while someone ‘fits the description’, gets nerveaus and pays. This type of scam is not likely to be successful. The hit rate is one in a million.
We analyzed the mail and here is what we came up with:
Hello
As you may have noticed, I sent you an email from your email account [email protected]
This means that I have full access to your account
I have been following you for a few months now.
The thing is that you have been infected with a Trojan through an adult site you visited.
If you are not aware of this, let me explain.
The Trojan gives me full access and control over your device.
This means that I can see everything on your screen, I can turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
In the left half of the screen, I made a video of you pleasuring yourself, and in the right half, you see the video you are watching.
With a mouse click, I can send this video to all your emails and social media contacts.
I can also see access to all your correspondence and messengers you use.
If you want to prevent this,
transfer the amount of 1000 USD to my bitcoin address (if you do not know how, type “banxa or moonpay” or go to the exchange office).
My Bitcoin address (BTC wallet): 1FQ2nRYRf3732zhPJaTsGqi9WTHw9nzrJb
After payment is received, I will delete the video and you will not hear from me again.
I will give you 72 hours to pay.
I have a warning to read this letter and the timer will start when you see this letter.
If I see that you have shared this message with someone else, the video will be published immediately.
Best regards
Lets start with a look at the scammers bitcoin account. It’s easy to see tha balance. ZERO.
So far the scammer hasn’t had any luck.
1. What the mail headers tell us:
- From: [email protected]
- Return-Path: <[email protected]>
- DMARC: fail for blogtalk.eu
- Even though blogtalk.eu is your actual site:
- The email did not originate from our server. The sending server is ymtsindia.com via gigahost.dk.
- DKIM and SPF pass for ymtsindia.com, meaning the servers sending it are authorized for that domain—but this is not the same as the From address we see (blogtalk.eu)
- The originating IP 45.131.109.58 is in India (likely a VPS or compromised host).
- Multiple hops through gigahost.dk are legitimate mail servers being used by the scammer.
Conclusion: The scammer faked your email address. This is why it looks like it’s “from your site.” They didn’t hack anything; they just made it appear so.
2. Content Analysis
Red flags in the body:
- Fear and urgency – “You have been hacked,” “72 hours to pay.”
- Claims of personal compromise – Camera/microphone access.
- Bitcoin payment demand – Common in scams because it’s untraceable.
- Generic info – No personal data beyond your email. A real hack wouldn’t need a generic email claim.
- Technical likelihood:
- The claim that they recorded you via your webcam is almost certainly false. These scams often get your email from a leaked list, not by hacking your device.
- They do not have access to your device unless you actually downloaded malware.
2. Why this happens
- Attackers often spoof legitimate domains to make threats seem credible.
- They rely on fear and urgency to trick recipients into paying.
- Your site itself might be fine, but they used your domain name in the From: field.
3. Recommended Actions
- Check your domain SPF, DKIM, and DMARC records:
- Ensure blogtalk.eu has strict DMARC (p=quarantine or p=reject) to prevent spoofing.
- SPF should only include servers you authorize to send email.
- DKIM should be properly set up.
- Do not pay or respond – it’s a scam.
- Alert recipients (if needed) that any email claiming your site “hacked them” is a spoof.
- This email is a scam.
- Do not pay – Bitcoin payments cannot be reversed.
- Do not reply – Any interaction confirms your email is active.
Due to the large number of mails he is sending he will be blocked from using ymtsindia.com’s mailservers fast and he will need a new mailserver elsewhere.
Don’t contact these bastards. Let me do that!
https://shorturl.fm/h1MhC