I use a Samsung A35 phone, running Android 16 & One UI v8.0
I received this email yesterday.
I don't think it's legitimate & even if it is; I don't use Bitcoin, never have & hope I never do. So I'm not going to pay anyway.
I already scanned my phone (it showed 'No Threats Detected') & have all my information on another device. I just wanted to know if there is anything else I need to do.
Here is the email:
Hello,
We are ShinyHunters hacking group.
We've known each other for a while, at least we know you.
A few months ago, we gained access to your devices and started monitoring your online activities.
What happened:
We got access to HallMark's database where you had an account with and easily accessed your e-mail.
You weren't very careful about the links you opened.
A week later, we installed an exploit on your devices including your phone, giving us access to your microphone,
camera, keyboard, and all your data.
We have your photos,browsing history, conversations, and contact list.
Besides other things, we discovered that you frequently visit adult websites and watch explicit videos.
We managed to record you and created videos of you pleasuring yourself.
With a few clicks, we can share these videos with your friends,
colleagues, and family or even make them public.
Proposal:
Send us $2000 in Bitcoin to the following wallet:
1MsRdEBBvgYinQ5RZFMRXZax9Ki1y2YYdQ
We'll delete everything immediately.
You have 48 hours from the moment you opened this e-mail.
Once the payment is received, we'll remove the malware from your devices.
What you should NOT do:
Do not reply (email is sent from a hacked account).
Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.
Do not try to reset your devices—everything is stored on remote servers.
What you don’t need to worry about:
Will see your payment immediately—The wallet is generated specially for you.
Will not share your videos or other things after payment—There is no reason to keep causing problems.
Don't play with us!
And here is the Headers information:
Authentication-Results: w10.tutanota.de (dis=neutral; info=dmarc domain policy); dmarc=pass (dis=neutral p=quarantine; aspf=r; adkim=r; pSrc=domain) header.from=yk.commufa.jp; dkim=pass header.d=yk.commufa.jp header.s=default-1th84yt82rvi header.b=dAVbvjnlReceived: from mail.w11.tutanota.de ([fd:ac:0:0:0:0:e:11]) by tutadb.w10.tutanota.de with SMTP (SubEthaSMTP 3.1.7) id MO1JL35T for (a throwaway email address I use); Thu, 16 Apr 2026 15:55:56 +0200 (CEST)Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=106.153.250.12; helo=mta-sp-e02.commufa.jp; envelope-from=xfduc@yk.commufa.jp; receiver=tutamail.com Received: from mta-sp-e02.commufa.jp (mta-sp-e02.commufa.jp [106.153.250.12]) by mail.w11.tutanota.de (Postfix) with ESMTPS id AFDC220034107 for (a throwaway email address I use); Thu, 16 Apr 2026 15:55:54 +0200 (CEST)Received: from mta-or-e02.commufa.jp by mta-sp-e02.commufa.jp with ESMTP id <20260416135549937.ALJ.114256.mta-or-e02.commufa.jp@commufa.jp>; Thu, 16 Apr 2026 22:55:49 +0900Received: from oviqgwhl by mta-or-e02.commufa.jp with SMTP id <20260416135549530.DYIM.109147.oviqgwhl@commufa.jp>; Thu, 16 Apr 2026 22:55:49 +0900Message-ID: <af1141ea1edaf0fbdd470ea0f1456e5e98a907@yk.commufa.jp>From: "You've been HACKED" <xfduc@yk.commufa.jp>To: you <you>Subject: Information about your online security !Date: Thu, 16 Apr 2026 06:55:33 -0700MIME-Version: 1.0Content-Type: text/plain; charset="utf-8"Content-Transfer-Encoding: 8bitDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yk.commufa.jp; s=default-1th84yt82rvi; t=1776347749; bh=zT1iXl69rV/dgS2w51fStJb23eOCWD7wzShqpv2N/gg=; h=From:To:Subject
ate; b=dAVbvjnlKhaLTgeI3IBUdnlnyJh92/oXgzqT4OFo7/W4BcjoX66QuaIbt73CoGcXe/s3v08D 4oAZdd5ANG4/Rpngv9Oh3D0DC89ZTg8uPxqsW0jPatp8S47t7HhXqOGmKkB0r+Mv1RzlJ5J6/E 7cM6Q3QkQ3m1NGSowbJ1Bbki1AlS6vu4hkWoInls8X3p/kaaPiy+vu81yZxWUv4/+weq1sa/Rc 2xwmepY2snb9taK89R5qJnEeC3REEEXUpnMEi9NygsHucmNehoZmr8qH+SkBWwxT0kj20VSJ+J VDFzV1HfNTGPWzJ7sgSkJf96vNuAW1kkxBC4QX6hmrVQZpbA==
What I find funny is that:
1. I do not have an account at Hallmark. My wife does, but it's under her email address & a LANDLINE phone number.
2. I have not visited adult sites on my phone in quite some time & don't pleasure myself.
3. And if they know my information, why didn't they use my name?
I received this email yesterday.
I don't think it's legitimate & even if it is; I don't use Bitcoin, never have & hope I never do. So I'm not going to pay anyway.
I already scanned my phone (it showed 'No Threats Detected') & have all my information on another device. I just wanted to know if there is anything else I need to do.
Here is the email:
Hello,
We are ShinyHunters hacking group.
We've known each other for a while, at least we know you.
A few months ago, we gained access to your devices and started monitoring your online activities.
What happened:
We got access to HallMark's database where you had an account with and easily accessed your e-mail.
You weren't very careful about the links you opened.
A week later, we installed an exploit on your devices including your phone, giving us access to your microphone,
camera, keyboard, and all your data.
We have your photos,browsing history, conversations, and contact list.
Besides other things, we discovered that you frequently visit adult websites and watch explicit videos.
We managed to record you and created videos of you pleasuring yourself.
With a few clicks, we can share these videos with your friends,
colleagues, and family or even make them public.
Proposal:
Send us $2000 in Bitcoin to the following wallet:
1MsRdEBBvgYinQ5RZFMRXZax9Ki1y2YYdQ
We'll delete everything immediately.
You have 48 hours from the moment you opened this e-mail.
Once the payment is received, we'll remove the malware from your devices.
What you should NOT do:
Do not reply (email is sent from a hacked account).
Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.
Do not try to reset your devices—everything is stored on remote servers.
What you don’t need to worry about:
Will see your payment immediately—The wallet is generated specially for you.
Will not share your videos or other things after payment—There is no reason to keep causing problems.
Don't play with us!
And here is the Headers information:
Authentication-Results: w10.tutanota.de (dis=neutral; info=dmarc domain policy); dmarc=pass (dis=neutral p=quarantine; aspf=r; adkim=r; pSrc=domain) header.from=yk.commufa.jp; dkim=pass header.d=yk.commufa.jp header.s=default-1th84yt82rvi header.b=dAVbvjnlReceived: from mail.w11.tutanota.de ([fd:ac:0:0:0:0:e:11]) by tutadb.w10.tutanota.de with SMTP (SubEthaSMTP 3.1.7) id MO1JL35T for (a throwaway email address I use); Thu, 16 Apr 2026 15:55:56 +0200 (CEST)Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=106.153.250.12; helo=mta-sp-e02.commufa.jp; envelope-from=xfduc@yk.commufa.jp; receiver=tutamail.com Received: from mta-sp-e02.commufa.jp (mta-sp-e02.commufa.jp [106.153.250.12]) by mail.w11.tutanota.de (Postfix) with ESMTPS id AFDC220034107 for (a throwaway email address I use); Thu, 16 Apr 2026 15:55:54 +0200 (CEST)Received: from mta-or-e02.commufa.jp by mta-sp-e02.commufa.jp with ESMTP id <20260416135549937.ALJ.114256.mta-or-e02.commufa.jp@commufa.jp>; Thu, 16 Apr 2026 22:55:49 +0900Received: from oviqgwhl by mta-or-e02.commufa.jp with SMTP id <20260416135549530.DYIM.109147.oviqgwhl@commufa.jp>; Thu, 16 Apr 2026 22:55:49 +0900Message-ID: <af1141ea1edaf0fbdd470ea0f1456e5e98a907@yk.commufa.jp>From: "You've been HACKED" <xfduc@yk.commufa.jp>To: you <you>Subject: Information about your online security !Date: Thu, 16 Apr 2026 06:55:33 -0700MIME-Version: 1.0Content-Type: text/plain; charset="utf-8"Content-Transfer-Encoding: 8bitDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yk.commufa.jp; s=default-1th84yt82rvi; t=1776347749; bh=zT1iXl69rV/dgS2w51fStJb23eOCWD7wzShqpv2N/gg=; h=From:To:Subject
ate; b=dAVbvjnlKhaLTgeI3IBUdnlnyJh92/oXgzqT4OFo7/W4BcjoX66QuaIbt73CoGcXe/s3v08D 4oAZdd5ANG4/Rpngv9Oh3D0DC89ZTg8uPxqsW0jPatp8S47t7HhXqOGmKkB0r+Mv1RzlJ5J6/E 7cM6Q3QkQ3m1NGSowbJ1Bbki1AlS6vu4hkWoInls8X3p/kaaPiy+vu81yZxWUv4/+weq1sa/Rc 2xwmepY2snb9taK89R5qJnEeC3REEEXUpnMEi9NygsHucmNehoZmr8qH+SkBWwxT0kj20VSJ+J VDFzV1HfNTGPWzJ7sgSkJf96vNuAW1kkxBC4QX6hmrVQZpbA==What I find funny is that:
1. I do not have an account at Hallmark. My wife does, but it's under her email address & a LANDLINE phone number.
2. I have not visited adult sites on my phone in quite some time & don't pleasure myself.
3. And if they know my information, why didn't they use my name?
Facebook
Twitter
Instagram