I grew tired of reporting their IP addresses to their ISPs, which definitely don't care. Specially the Asians.
If you Google some phrases from it it seems like it's been going around nearly verbatim for years.
I think they are probing for mail servers which don't try to force any kind of authentication on From: headers. So mailing lists would probably be a fit for them. They have no idea who their targets are. They are just looking for gullible people to scam.
I'm not sure how a mailing list would end up in a dump like that though, as people don't generally sign up for sites using addresses belonging to mailing lists.
I think these are not terribly sophisticated actors, they're running some scripts and looking for someone gullible enough to give them hundreds of dollars worth of Bitcoin based on what is in the end a pretty far fetched story.
I personally received this exact email just the other day, containing a password that I confirmed I actually used a very long time ago on a now-defunct site (which was known to be in at least one password dump).
I don't buy the "an incorrect password might freak someone out" argument, because the whole point of this scam is that the recipient recognizes the password. Without that password recognition, the inclusion of the password is harmful (because it proves the sender is full of shit) and at best makes the email have no more persuasive power than one that didn't include a password at all.
People do freak out and miss details. Kind of like what people say about 419 scams having poor grammar and spelling. This somewhat ensures that respondents are people who don't read carefully.
And yet some dingus in hyderabad keeps using my email address to sign up on all the job boards in india. Users are weird.
The thing that confuses me about this is that it includes the password. Certainly most people would go "that's not my password" and ignore it. Are they trying to filter out the results to only people with atrocious passwords?
2) Only ever used on one website
3) Was for a LiveJournal account I’d forgotten to delete
Looks similar enough I assume the same script was involved.
Googling the bitcoin addresses I was given gave me zero results, DuckDuckGo gave a small handful of results, so I guess those addresses are also used in bitcoin mining adverts or similar?
To begin I freaked out a bit, then understood it was too old to be meaningfull.
But seeing a password you know in the subject of the mail is a bit scary.
On a side note, while checking here and there, I found a website  displaying password leaked associated with emails. I don't know if they are ok or dangerous, so be carefull.
I tried with emails I knew where in Troy Hunt DB and it gave me the passwords.
It seems that now they just give you the 3 first letters, which is better than last week when you could test other people email just in case !
I like the cut of whoever sent 0.00000666 BTC's jib.
Had me right there. The entertainment value alone would be worth it, if I did not also have to calm down those (few) of my clients who are a little more, shall we say, persuadable?
Then out comes the "good security practices" text, along with credit card monitoring recommendations text, etc.
"I know it's true, 'cause I saw it on tv." - John Fogerty
This is my favorite
> After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
> I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.
+1 for social engineering.
and very similar to the thousands of other such mails sent out every day by scammers.
They're using email/password combinations from lists of leaked accounts. I use a distinct email address for every site (qmail's scheme: x-foo@mydomain), and so the setup was very transparent to me. But I can see the technique totally working on a basic user who reuses passwords and email addresses.
The most impressive part of this hack is that he got read receipts for emails!
How informative and thoughtful of them.
Total Received 2.98619488 BTC (apx $19k USD)
So not an unsuccessful campaign I guess
The unique thing about these ones is that they send it from your own address. I.e. they spoof your address so that it looks like your account really has been compromised.