Welcome, Guest
Username: Password: Remember me
1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the strikethrough member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.
  • Page:
  • 1

TOPIC:

Report of Ransomware Threat to our FTH website using contact@ 1 month 2 weeks ago #93872

  • haeaton
  • haeaton's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
  • 713.664.6970
  • Posts: 32
  • Thank you received: 1
Yesterday, Nov 1, 2:25pm, we received an email sent to contact@. saying that he had "installed Trojan virus to Operating Systems of all the devices that you use to access your email." 
I think that because contact@ only forwards email to our officers and does not provide access to our website, we are not in danger.   His threat was,
"You have less than 48 hours from the moment you opened this email (precisely 2 days)."  I have McAfee Antivirus on my laptop and did a full scan as soon as I saw this email, just to be sure.  No threats were found.
Still, I wanted to advise the support team to see if you can review our website for any damage and have any advice to offer. 
Club # 1294652
Club name: Houston Galleria Project Management Toastmasters
Club website URL: hgpmt.org
The topic has been locked.

Report of Ransomware Threat to our FTH website using contact@ 1 month 2 weeks ago #93875

  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 12015
  • Thank you received: 3948
Is is spam.
Please send the Internet email headers so we can investigate and block

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The topic has been locked.

Report of Ransomware Threat to our FTH website using contact@ 1 month 2 weeks ago #93877

  • haeaton
  • haeaton's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
  • 713.664.6970
  • Posts: 32
  • Thank you received: 1
Below is the full message header from the gmail received.  Any advice is welcome.  Our FTH website is set to allow anyone to contact us.  What is standard practice?
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: by 2002:a17:505:3808:b0:1b9a:e5a:8826 with SMTP id gn8csp690429njb;
Fri, 1 Nov 2024 12:25:35 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHxlkXUwQK/duZcUSPkmtaHsRfP8ri7EADzQpUAv1Hw+FUUQB13AGuFsAXCtu+WLfGz56s4
X-Received: by 2002:a05:620a:178d:b0:7ae:64a2:be61 with SMTP id af79cd13be357-7b193eff6a3mr3565950785a.36.1730489135387;
Fri, 01 Nov 2024 12:25:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1730489135; cv=none;
d=google.com; s=arc-20240605;
b=bKpoF6OSXnywlyIXz+Fs6KJicezWGfM3bAyOKSm1TTL3qSpAJr2digbFYirqNONpfl
r4Jfmc18fcdRXLYw+Wkh8P/o89XBDieWbi1YtEWKAPxZSCuI+o6d1LpvX5MaHIBv5HPn
+6SHVX9WxUHq9dvCvEj5ij/PjUOke2+2MquUtBBbHgl7Q9G8rMnARo9Rn2bmn/sxz/Mg
TYb+BKBhT4pYphZGk8oCrVdoT4Ljh1ahkD7kHJRX4PFghYcfiP8KaQbo/Plm9f7Et3T0
cX5UKheBWlpxZtDGGkrfTnNrhXNkseHwytL0Un2VBXTKnaBcAfTuc/sdbpGhI8NkGLHk
VhJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=dkim-signature:to:reply-to:errors-to:sender:from
:content-transfer-encoding:mime-version:date:subject:message-id;
bh=mcbyFD61T+C7wYGy83bl9t2Co16LQqBswj/1LDlX6oM=;
fh=B3oEbGLu6Y17P9aSlsBKwZCcEbLFUCnUg+hgsYg0MBA=;
b=Zne4fq3vwLSWWNteo338FldyR0kmZGLKH+dPwsY+FH1SA9LdKhD/nKbbMgNYEHBScs
BEnwCU5CzynAVSk/4WJvaKnJRm90sIyNtwFvRMfrdBrAucVicg8395C9oB56BGb6WiOg
/0amH/syLKVoDCfhB+VJeE9bYoobEaDp9LKA+zpv6GfbEI6DoLT1ckmxqFG/yL9E9+8i
Zy+X35FreP9ikA+fF+8/l/tZx2IqkAD8MIW9WsA/VB+kl7WkjrcyCvAoY+70Klyoya/n
LfK+4Bvz6pnFppTJDv+AGIOP0x2015c8peAPbIH/f/JGXgEwi1JRU6FZPehSLBH2wFAD
IYOA==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@toastmastersclubs.org header.s=default header.b=s+My1Rvz;
spf=pass (google.com: domain of This email address is being protected from spambots. You need JavaScript enabled to view it. designates 50.19.253.65 as permitted sender) smtp.mailfrom=server@toastmastersclubs.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toastmastersclubs.org
Return-Path: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Received: from toastmastersclubs.org (toastmastersclubs.org. [50.19.253.65])
by mx.google.com with ESMTPS id af79cd13be357-7b2f3a9bb96si498399985a.460.2024.11.01.12.25.35
for <This email address is being protected from spambots. You need JavaScript enabled to view it.>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 01 Nov 2024 12:25:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of This email address is being protected from spambots. You need JavaScript enabled to view it. designates 50.19.253.65 as permitted sender) client-ip=50.19.253.65;
Authentication-Results: mx.google.com;
dkim=pass header.i=@toastmastersclubs.org header.s=default header.b=s+My1Rvz;
spf=pass (google.com: domain of This email address is being protected from spambots. You need JavaScript enabled to view it. designates 50.19.253.65 as permitted sender) smtp.mailfrom=server@toastmastersclubs.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toastmastersclubs.org
Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id 4A1JP3GP029743 for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Fri, 1 Nov 2024 19:25:35 GMT
Message-Id: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Received: from mail.saborespromo.com.br (mail.saborespromo.com.br [201.148.210.68]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id 4A1JP0k0029712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Fri, 1 Nov 2024 19:25:02 GMT
Received: from [189.203.131.78] (port=26170 helo=fixed-189-203-131-78.totalplay.net) by mail.saborespromo.com.br with esmtps
(TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>) id 1t6xGU-00000000CMV-3Ifu for This email address is being protected from spambots. You need JavaScript enabled to view it.; Fri, 01 Nov 2024 16:25:00 -0300
Subject: [HGPMT] Awaiting your payment
Date: 1 Nov 2024 13:24:58 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-Spam-Status: No, score=2.3 required=5.0 tests=BITCOIN_TOEQFM,PDS_BTC_ID, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_ZEN_BLOCKED_OPENDNS,SPF_HELO_PASS, SPF_NONE,URIBL_DBL_BLOCKED_OPENDNS,URIBL_ZEN_BLOCKED_OPENDNS autolearn=no autolearn_force=no version=3.4.3
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on toastmastersclubs.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by toastmastersclubs.org id 4A1JP0k0029712
From: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
X-Loop: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: This email address is being protected from spambots. You need JavaScript enabled to view it.
Errors-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
To: "This email address is being protected from spambots. You need JavaScript enabled to view it." <This email address is being protected from spambots. You need JavaScript enabled to view it.>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=toastmastersclubs.org;
h=content-transfer-encoding:content-type:date:from:mime-version :reply-to:sender:subject:to; s=default; bh=mcbyFD61T+C7wYGy83bl9 t2Co16LQqBswj/1LDlX6oM=; b=s+My1RvzwWgGX/ed2NXSJOjq8kFsqU+z5P7Pw wjzD9DEIPxSqbnbcRul+ySpSh+lih6WMoV0xE/OLPD1lpfLNNLMG4oZK3vb3Bwqa sH57ibRpHOeCREbwyRVuTw4w/laKvzrgOameOu6PVCZzZgRoOj2eJTUoTzUyD7Bi 2RwZSI=

Greetings!

I have to share bad news with you.
Approximately few months ago I have gained access to your devices, which you use for internet browsing.
After that, I have started tracking your internet activities.

Here is the sequence of events:
Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online).
Obviously, I have easily managed to log in to your email account (This email address is being protected from spambots. You need JavaScript enabled to view it.).

One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.
In fact, it was not really hard at all (since you were following the links from your inbox emails).
All ingenious is simple. =)

This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history and contacts list.
My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.

Likewise, I guess by now you understand why I have stayed undetected until this letter…

While gathering information about you, I have discovered that you are a big fan of adult websites.
You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.
I have also no issue at all to make them available for public access.
I guess, you really don’t want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.

Let’s settle it this way:
You transfer $950 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.
After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.

This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.
In case, if you don’t know how to purchase and transfer the bitcoins – you can use any modern search engine.

Here is my bitcoin wallet:
bc1qdtxpx79ck5xfd7xgmlguqc6frgw3rqyfehfvx2

You have less than 48 hours from the moment you opened this email (precisely 2 days).

Things you need to avoid from doing:
*Do not reply me (I have created this email inside your inbox and generated the return address).
*Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) – your video will be shared to public right away.
*Don’t try to find me – it is absolutely pointless. All the cryptocurrency transactions are anonymous.
*Don’t try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.

Things you don’t need to worry about:
*That I won’t be able to receive your funds transfer.
– Don’t worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).
*That I will share your videos anyway after you complete the funds transfer.
– Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago!

Everything will be done in a fair manner!

One more thing… Don’t get caught in similar kind of situations anymore in future!
My advice – keep changing all your passwords on a frequent basis
Club # 1294652
Club name: Houston Galleria Project Management Toastmasters
Club website URL: hgpmt.org
The topic has been locked.

Report of Ransomware Threat to our FTH website using contact@ 1 month 2 weeks ago #93884

  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 12015
  • Thank you received: 3948
You will receive some spam if you have an email on the internet. You have done the correct process by reporting the spam.
We have blocked the source network of the spam and hopefully wull slow them down for a while.

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The following user(s) said Thank You: haeaton
The topic has been locked.
  • Page:
  • 1
Moderators: Pamrhtaylor3jliumarc33NotLiabledeedubbleyooNSBPhyllis Kirouac
Time to create page: 0.037 seconds
Powered by Kunena Forum