Skip to content
Pay or die
Naked Security Naked Security

Ransom email scam from ‘hitman’ demands: pay up or die

It's a horrible email scam that's supposed to scare the life out of you

Spiceworks user Dave Lass recently alerted Naked Security, and fellow Spiceheads, to a horrible little email scam that’s supposed to scare the life out of you.

One of his users opened their email and saw this compelling subject line, urging them to read on…

Subject: Please read this it can be the most important information in your life

It’s the sort of subject line that people who like you, people you work with and people who actually-have-something-important-to-tell-you-that-might-change-your-life probably don’t use. It’s the language of radio DJs hoping you’ll hang on grimly through the commercials, click-hungry Outbrain headlines and YouTube conmen.

It’s a hook, in other words – a sign that you can take whatever comes next with a pinch of salt.

Which is good, because you’re going to need it for what comes next:


I advise you to take this message seriously, if you value your life, since this is not a joke or a scam. I've been thinking for a long time whether it's worth sending this message to you and decided that after all you still have the right to know. I'll try to be short. I received an order to kill you, because your activity causes trouble to a particular person. I studied you for quite a time and made a decision to give you a chance, despite the specifics of my job, the business rules of which do not allow me to do this, as this will kill my reputation (more 12 years of perfect order executions)in certain circles. But i decided to break a rule since this is my last order (at least I do hope so).

In general, let's Break it down. I want you to pay the amount of 0.5 Btc. I accept btc. Information how to forward you can find in Google. Here are my payment details:


When i will receive funds I'll send you the name of the man order came from, as well as all the evidence i have. You will be able to use them with the police. I would not suggest you to call the police, because you have a little time (2 days) and the police simply will not have time to investigate.

Answering to this letter does not make sense, i use one-time mailbox, cause i really do care about my anonymity. I'll contact you as soon as i'll getfunds.

I really regret that you became my prey.

I’d like to believe that anyone and everyone who gets this will laugh at its sheer preposterousness; that their good sense will tell them that the person who wrote it knows nothing about them; that it’s just words arranged on a page whose rightful place is as an object of fascination and ridicule alongside the infamous liver transplant spam, and nothing more.

I want to believe that because the alternative is that somebody, somewhere is made to feel afraid, even if it’s just for a moment. This isn’t “buy some viagra”, it’s not even “we’ve hacked you, pay the ransom”, it’s “pay up or die”.

Whatever the value of a Bitcoin was when the spammer hit send, it probably wasn’t far off the current value of about $16,500, meaning the spammer was hoping to make somebody so afraid that they’d part with $8000 on the strength of an email.

Thankfully, through the magic of Bitcoin, we can see that they haven’t succeeded yet, not with this Bitcoin address at least. At the time of writing, nobody seems to have fallen for this horrid scam and the spammer’s cupboard is bare.

What to do?

There are two victims here – the person who received the email, and the person who owns the mailbox the email says it came from.

The message looks like it was sent from an address owned by a perfectly legitimate small business – it probably wasn’t. The spammer may have hacked into that company’s email but since they aren’t picking up replies they needn’t, they can simply forge the email’s From header.

If you own a domain name, or your small business does, please take time to set up SPF and DKIM records to prevent people sending emails that appear to come from you.

If you receive one of these emails don’t reply, don’t worry and don’t give it a second thought, but be sure to mark it as spam. Telling your email software that the message is junk or spam helps train your spam filters and reduces the chances of you, or anyone else, seeing something as unwelcome as this again.


Hey :) i’ve got a similar email recently, but not from a ‘hitman’, but from a ‘hacker’ who hacked me and he got some ‘dirt’ on me :) the bitcoin wallet is 1ATLayEHRBQhESP5jWVCqtY3urauTmJHUk


What a moronic email – shame on anyone who falls for garbage like that!


There’s a sucker born every minute. — P.T. Barnum

Most of us would like to believe we can trust our fellow human beings. The other night my girlfriend and I helped a lady at WalMart whose overflowing cart was dumping toys on the asphalt. As we followed her to her truck I actually thought, “she probably is too trusting with us…luckily we’re genuinely here to help and not rob her.”

You and I read security articles by the truckload. We routinely see examples of why digital communications are untrustworthy–not everyone does.

It’s trivial to note the lack of personal detail would be a dead (har) giveaway–for example a photo of me getting my mail would do a lot of convincing.

It’s trivial to realize that a hitman notifying his target (and colluding to turn evidence) would rapidly earn himself a shallow grave.

It’s trivial that twelve years of contract killing doesn’t culminate in an After-School Special.

However there’s an innate human desire to believe someone redeeming himself, turning a leaf, giving someone else a second chance. Having faith in humanity may be naive, but it’s not shameful–not even close.

Shame on someone trying to pull this…but not on those to fall for it.


Lol – they sent this same note to a local person, who happened to be the police chief:


I might not have picked up on this if I just read this email, but I read it out loud for my coworkers and picked up on the language. It was a dead give-away that English was not the writer’s first language. What an A-hole!


The problem is that your average Internet user simply isn’t that sophisticated, nor are they risk tolerant….


Demanding payment in Bitcoin might be new, but Snopes says this scam has been running since at least 2006, so there must be a few people falling for it.

In fact, 0.5 BTC is (currently) a bargain – some of the earlier demands were for between 50,000 and 150,000.


To bad that LE can’t seize wallets. That would shut down Crypto lockers and scams like this pretty quickly. Do they even try to?


Really, you don’t think this should be reported to the police? Even if the police can’t help, some people will feel better knowing it’s out in the open.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!