Thursday, June 30, 2016

Account Alert: Personal Safe Key (PSK)

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance. American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. to create your PSK (Personal Safe Key).
Note: You will be redirected to a secure encrypted website. The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

Create your PSK

Kind regards,
Dave Barry

American Express. All rights reserved.

Screenshot of the email :


Email analysis :

NOTE : AmericanExpress@welcome.aexp.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from adsl-97.79.107.137.tellas.gr (79.107.137.97)


NOTE : Account Alert: Personal Safe Key (PSK)

Phishing analysis :

CLICK : Create your PSK
OPEN : http://verifybyamericanexpress.com/create
NOTE : Website is unresponsive...
NOTE : Domain name analysis...

verifybyamericanexpress.com analysis :

Domain name: verifybyamericanexpress.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-06-27T16:00:00Z
Creation Date: 2016-06-28T14:44:31Z
Registrar Registration Expiration Date: 2017-06-27T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Registrant Name: Mong Lwan
Registrant Organization: n\\a
Registrant Street: 33 Xiamen road
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350318
Registrant Country: CN
Registrant Phone: +86.7543376322
Registrant Fax: +86.7543376322
Registrant Email: cs@now.cn
Admin Name: Mong Lwan
Admin Organization: n\\a
Admin Street: 33 Xiamen road
Admin City: Xiamen
Admin Province/state: FJ
Admin Postal Code: 350318
Admin Country: CN
Admin Phone: +86.7543376322
Admin Fax: +86.7543376322
Admin Email: cs@now.cn
Tech Name: Mong Lwan
Tech Organization: n\\a
Tech Street: 33 Xiamen road
Tech City: Xiamen
Tech Province/state: FJ
Tech Postal Code: 350318
Tech Country: CN
Tech Phone: +86.7543376322
Tech Fax: +86.7543376322
Tech Email: cs@now.cn
Name Server: a.dnspod.com
Name Server: b.dnspod.com
DNSSEC: unsigned
Billing Name: Mong Lwan
Billing Organization: n\\a
Billing Street: 33 Xiamen road
Billing City: Xiamen
Billing Province/state: FJ
Billing Postal Code: 350318
Billing Country: CN
Billing Phone: +86.7543376322
Billing Fax: +86.7543376322
Billing Email: cs@now.cn

FROM:..USA DEPARTMENT OF HOMELAND SECURITY!!!.

I,m Jeh Charles. Johnson. The secretary of the U.S Department of Homeland security Washington DC. Office Address: 3801 Nebraska Ave NW, Washington, DC 20016, United States. We received a report from ECOWAS that you have an abandoned fund worth $4.5 Million in West Africa. I have instructed ECOWAS and the concerned authorities to bring the consignment box to our Head office in Washington DC. the fund will arrive my office today. I want you to kindly Reconfirm Your Full Name, Current Home Address, Nearest Airport and your Direct Cell Phone # So that arrangement can be made for the delivery of the consignment to your home address. You can reach me on this email: Hon.jehjohnson01@gmail.com

I can be reached at: (202) 753_0288. Leave me a text or Voice Message if i am unavailable to answer.

(1)Your Full Name: _______________
(2)Current complete Home Address: ___________
(3)Direct tel/mobile Phone Number: ______________
(4)Name of your Nearest Airport: _______________________
(56)A Copy of Your ID for Identification: _____________________

I wait to hear from you.

Honorable Jeh C. Johnson
The secretary of
the U.S Department of
Homeland security
Washington DC
Office Address:
3801 Nebraska Ave NW,
Washington, DC 20016,
United States.

Email analysis :

NOTE : makeobi@azdiamondbacks.com
NOTE : X-Originating-Ip : [41.86.234.171]


NOTE : 63.144.116.250

From Dr.Isabella Jefferson

Hello dear friend,

I'm Dr.Isabella Jefferson I am a UNITED STATES MILITARY NURSE

From united states of America. Am supportive and caring, looking forward to get a nice friend. I read your profile from professional link network and pick interest on you. I will like to establish mutual friendship with you. Please let continue our conversation through my private email box.Here is my email address ( drisabellajeffersonus@gmail.com ) I will introduce myself better and tell you the reason why i contact you also send you my picture as soon as i receive your mail.Thanks and regards.

Dr.Isabella Jefferson

Email analysis :

NOTE : drisabellajeffersonus@gmail.com
NOTE : aminadukson760@asia.com
NOTE : Received : from 41.82.51.166 ([41.82.39.175])


NOTE : by mail.gmx.com (mrgmxus002)

Attention To This Urgent Message!

UNITED NATIONS / WORLD BANK ORGANIZATION / FBI
UNITED NATIONS HOUSE, 617/618.
BA ZENTRAL BANK, OAK-HILL HOUSE,
130 TON-BRIDGE ROAD, HILDENBOROUGH, TONBRIDGE, KENT TN11 9DZ

Our Ref: YBNGWB/UN/2016.

Attention: Dear Beneficiary,

APPROVED COMPENSATION PAYMENT AWARD OF US$1.5M.

This is to inform you that a Debit Cash Card Number 7876310003001420 Valued at US$1.5 Million United States Dollars has been accredited in your favour.Be aware that you were listed among many who have had various transactions by Republic Du Benin Cotonou banks stalled due to the inability of the corruption riddled past government. Details of the cleared proceedings were erased in a bid to loot funds. As a measure to resolve and correct these mishaps, the present government of the Federal Republic Du Benin Cotonou has approved your bank transaction and certified you to receive the money without hitch. Please contact Barrister.Gilbert Jean, an expertriate mandated by United Nations to cover all outstanding claims due to foreigners since 2014 till date. Contact him via Email:(barrister.gilbert.j.esq.org@gmail.com) with the following information to facilitate your claims as the FBI, WORLD BANK and UNITED NATIONS AUTHORITIES has made every necessary provision to ensure that payment goes to you as the beneficiary:.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,

Sir. Mike Dave.
CIV NAVSUBTORPFAC YORK.
UN ASSIGNED AGENT.

-----------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This message may contain any discussion of legal matters, hence should be taken as an authoritative interpretation of the law.
-----------------------------------------------------------------------------------------------------------------------

Email analysis :

NOTE : barrister.gilbert.j.esq.org@gmail.com
NOTE : comautomotor@speedy.com.ar
NOTE : Received : from localhost (1n1.terra.com [208.84.242.167])


NOTE : (authenticated user comautomotor!speedylm)

Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Dear valued clients,

Our company is a professional manufacturer for Bluetooth earphone,Bluetooth hearing protection earphone, Bluetooth noise cancellation headphone etc., products section, We have been a pioneer for Bluetooth earphone, hearing protection earphone, Active noise cancellation headphone etc., since 2006.

Trust our 10 years of manufacturing experience and strong R & D capability, our professional and powerful 8 members in house R & D team will make your OEM/ODM orders happen!

Contact us today for more our products information and prices lists, look forward receiving your feedback!

Warmest regards,
Frank Young,

Email analysis :

NOTE : huixinsoft41@foxmail.com
NOTE : Return-Path : < tzvseqjkp@wlrl.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : base64
NOTE : Sender : Frank
NOTE : Received : from unknown (HELO wlrl.com) (60.167.133.108)


NOTE : Received : from PC-20150903UGRM ([127.0.0.1])
NOTE : Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Good Day How are you doing.

Good Day,

My name is Miss Ayeisha Nafisa Muhammad a 22 years old girl from Syria, and my father is late Hafez Amin Muhammad who was killed on August 2015 by the Islamic State Terrorist.

I saw your email profile on Google search and I become interested to know you more. I will be very happy to know more about you because I have some thing very important to tell you.

Attachment here is my photo; please reply me so that we can know each other and exchange pleasantries and more photos

Regards
Ayeisha Nafisa Muhammad.

my photo1.jpg

File analysis :

File seems clean : my photo1.jpg
Transmission Reference : UXta1tuzNqKzviXdJnfx
IPTC Digest : b634d4e5e8b221057ad73dd3236c03a6

Instructions :

FBMD01000abf030000e6080000ab100000b6110000ed120000f11700000522000017230000882400001e26000063370000

Special Instructions :

%14%13%03%d3]4%d1%a6%df%d3}4%d3G%ba%d3%cd4%d3F%9b%d7M4%d3F%fa%d7]4%d3G%9d%d7m4%d3G%f5%d7%bd4%d3M9%dbm4%d3M{%db}4%d3O<%db%8d4%d3M^%db%ad4%d3N%b7%df%bd4%d3

Email analysis :

NOTE : ayeishanafisa@yahoo.com
NOTE : Return-Path : < ayeishanafisa@yahoo.com >
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Disposition à prסpos de la ligne mobile (Phishing Free)

Bon jour

CFR

( Centre

Francais de

Recouvrement )

Screenshot of the email :


Email analysis :

NOTE : infos@titowape.com
NOTE : Content-Type : text/html; charset=UTF-8
NOTE : Content-Type : application/xhtml+xml
NOTE : Content-Disposition : inline
NOTE : Return-Path : < prefet@paroles-musique.com >
NOTE : Content-Transfer-Encoding : base64
NOTE : Received : from paroles-musique.com ([104.36.17.205])
NOTE : Disposition à prסpos de la ligne mobile

Phishing analysis :

CLICK : Se connecter
OPEN : http://dakarp.com/jame*.asp
RESULT : Phishing was removed
RESULT : Phishing attempt...

Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Iazalde.Ludwig@alpestour.com
sent you some files
The updated agreement with RTS Consulting

Download

Files (6.24 MB total)
SageAccts 2016-06-29.zip
Will be deleted on
30 June, 2016

Get more out of WeTransfer, get Plus

About WeTransfer Contact Legal Powered by Amazon Web Services To make sure you can receive our emails, please add noreply@wetransfer.com to your trusted contacts

Link analysis :

CLICK : Download
OPEN : https://www.cubbyusercontent.com/pl/SageAccts+2016-06-29.zip/_24cfcb038b1b4223ae0b4d0cc41ecdbe
DOWNLOAD FILE : SageAccts 2016-06-29.zip

File analysis :

FILE : SageAccts 2016-06-29.zip
SHA256 : b50fe4e0b2bfa1e8157c306e7293fb9d097a91b99bf34621a3246211bb5368e2

FILE IS A TROJAN !!!

Avira (no cloud) : HEUR/Suspar.Gen
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@alpestour.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : 1.161.133.80;


NOTE : Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Kindly respond for more details

Am Captain Kelvin Ken Miller currently I need you assistant to move some funds out of Iraq

Email analysis :

NOTE : genjohnwnicholson@ighomail.com
NOTE : abruant@virgilio.it
NOTE : Received : from User (unknown [105.227.180.214])


NOTE : by neptune.exsilia.net (Postfix)