Tuesday, January 31, 2017

Our USPS courier can not contact you parcel # 781125158 (Virus)

Hello,

Your parcel was successfully delivered at Fri, 27 Jan 2017 12:42:51 +0300
to USPS Station, but our courier cound not contact you.
You can find more details in this e-mail attachment!

All the best.
Alishia Rawe - USPS Station Manager.

Delivery-Details.zip

Email analysis :

NOTE : afoytaay7@maurerfunerals.com.au
NOTE : Received : from maurerfunerals.com.au
NOTE : (194-28-243-94.pppoe.scatplus.ru [194.28.243.94])


File analysis :

OPEN : Delivery-Details.zip
SHA256 : 0ec1592225d89afbe04e8d15a16dfbd95b45864e31a60b0dea1d0529367acf50
RESULT : FILE IS A VIRUS

Virus analysis :

ALYac : Trojan.JS.Downloader.HMV
Ad-Aware : Trojan.JS.Downloader.HMV
AegisLab : Troj.Downloader.Script!c
AhnLab-V3 : JS/Obfus
Antiy-AVL : Trojan[Downloader]/JS.Nemucod
Arcabit : Trojan.JS.Downloader.HMV
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.JS.Downloader.HMV
CAT-QuickHeal : JS.Nemucod.BQN
Cyren : JS/Agent.WN!Eldorado
DrWeb : JS.DownLoader.3302
ESET-NOD32 : JS/TrojanDownloader.Nemucod.CBS
Emsisoft : Trojan.JS.Downloader.HMV (B)
F-Prot : JS/Agent.WN!Eldorado
F-Secure : Trojan.JS.Downloader.HMV
Fortinet : JS/Nemucod.D27C!tr
GData : Trojan.JS.Downloader.HMV
Ikarus : Trojan-Downloader.JS.Nemucod
Kaspersky : HEUR:Trojan-Downloader.Script.Generic
McAfee : JS/Nemucod.on
McAfee-GW-Edition : JS/Nemucod.on
eScan : Trojan.JS.Downloader.HMV
Microsoft : TrojanDownloader:JS/Nemucod
NANO-Antivirus : Trojan.Script.Heuristic-js.iacgm
Rising : Downloader.Nemucod!8.34-jtWRudNFo0M (cloud)
Sophos : JS/DwnLdr-RHP
Symantec : Trojan.Gen.7
Tencent : Js.Trojan.Raas.Auto

File analysis :

The file contains 3 elements,

- 1 JS script Delivery-Details.js
- 2 blank filename with hashed content.

To have more information about this virus, contact me contact@scam.cz

Ms.Ella Golan

I am Ms.Ella Golan, I am the Executive Vice President Banking Division with FIRST INTERNATIONAL BANK OF ISRAEL LTD (FIBI). I am getting in touch with you regarding an extremely important and urgent matter. If you would oblige me the opportunity, I shall provide you with details upon your response.

Faithfully,
Ms.Ella Golan

Email analysis :

NOTE : jgonzalez@conacyt.gov.py
NOTE : egolan001@gmail.com
NOTE : Received : from [192.168.0.107] (unknown [103.226.201.126])
NOTE : by correo.conacyt.gov.py (Postfix)
NOTE : conacyt.gov.py


NOTE : A government website was used to relay this scam.

Blocked Transaction. Case No 482168537 (Virus)

The Automated Clearing House transaction (ID: 765241823), recently initiated
from your online banking account, was rejected by the other financial
institution.

Canceled ACH transaction
ACH file Case ID 207878605
Transaction Amount 1220.03 USD
Sender e-mail cyogmu18381025@southwoodchurch.org
Reason of Termination See attached statement

Email analysis :

NOTE : cyogmu18381025@southwoodchurch.org
NOTE : client-ip=83.174.220.43;
NOTE : Received : from southwoodchurch.org
NOTE : (h83-174-220-43.static.bashtel.ru [83.174.220.43])


Open file :

OPEN : document_1.zip
EXTRACT : Empty file...
NOTE : Weird...

[Alibaba Inquiry Notification] Andrew Krivenko has sent you an inquiry (Alibaba Phishing)

www.Alibaba.com Trade Center IP:182.***.***.40 温馨提示:该买家设置了隐私保护,我们提供了代理邮箱帮助您与买家取得联系,现在您可以直接回复该邮件,但注意请不要删除本邮件任何内容否则会无法联系上买家。Andrew Krivenko from UKRAINE has sent you an inquiry View Details Manage Your Orders Jacky Lui Andrew Krivenko

Hi

Dear. Sir

We are Ukraine company. Please i want to know if you have the attached sample in stock and how long it takes to ship to Ukraine we want to place order immediately. Please reply to our email.

Best Regards
Mr. Krivenko

Company Name. U.E.E.S.I.
President. Krivenko
Mobile. 380-10-9118-3105
Company Phone. 380-32-819-3318
Company Fax. 380-32-819-3317
e-mail. import@ueesi.com
WeChat ID : kriven010911383105
attach.png It contains an attachment. Please sign into Trade Center to check it.

FAQ:

1. Tips for International Trading on Alibaba.com
2. Some top tips for safe trading on Alibaba.com

Recent Activity on Alibaba.com:

1. Pipelines for ordering on Alibaba.com
2. Recent new functions and promotions on Alibaba.com

Email Setting | Customer Services |
Help center | My Alibaba
You received this email because you are registered on Alibaba.com
Read our Privacy Policy and Terms of Use
Alibaba.com Hong Kong Limited.
26/F Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong
Tel: (+852) 2215-5100

阿里巴巴香港有限公司
香港銅鑼灣勿地臣街1號時代廣場1座26樓
電話:(+852) 2215-5100

Screenshot of the phishing :


Email analysis :

NOTE : feedback@service.alibaba.com
NOTE : client-ip=210.3.234.46;


Phishing analysis :

CLICK : VIEW Details
OPEN : http://sanantoniodenia.es/94582
REDIRECT : http://iluni-psiui.org/*
NOTE : This Account has been suspended.
NOTE : @AlibabaGroup phishing attempt. | #Alibaba #Phishing

Reply (Phishing)


Dear *@*

We noticed that you are running very low on storage volume.

Kindly verify email with the server to ensure smooth mailing experience.

click here to increase more free data

When data get's to 100% used it will lead to certain mail malfunctions and lost of files in the near future.

Sincerely
Storage Mail Help Desk.
This email can't receive replies.

Email analysis :

NOTE : williamnicole.co.za
NOTE : info@williamnicole.co.za
NOTE : Received : from 199-255-214-84.anchorfree.com
NOTE : ([199.255.214.84]


Phishing analysis :

CLICK : click here to increase more free data
OPEN : https://www.wefirstbranding.com/newsletters/issue55/shl/boxMrenewal.php?Email=*@*&.rand=*&lc=*&id=*&mkt=en-us&cbcxt=mai&snsc=1
NOTE : ERROR
NOTE : Phishing was removed.

Friday, January 27, 2017

Local representation

Dear *,

We are looking for employees working remotely.

My name is Kitty, I am the personnel manager of a large International company.
Most of the work you can do from home, that is, at a distance.
Salary is $2400-$5100.

If you are interested in this offer, please visit Our Site

Good day!

Email analysis :

NOTE : helga.wunder@chemie.uni-beispielstadt.de


NOTE : Received : from dsl-201-110-49-107-dyn.prod-infinitum.com.mx
NOTE : (unknown [201.110.49.107])


NOTE : http://201.110.49.107/html/index.asp

Your Sincere expectation from Rose

Greetings my dear.

How are you doing today, i hope everything is OK with you. I know that this mail will not come to you as a surprise, please bear with me. i will really like to have a good relationship with you, and i have a special reason why i decided to contact you.

I decided to contact you because of the urgency of my situation here, and after reading your profile i believe that your the person i want to spend my live and love together with. I am Miss Rosemary Duma 21 years old girl from Sudan, the only daughter of Late Dr. Duma Duma. my late father was the former deputy minister of national security who is now in Custody at ICC after many innocent soul were killed in my country Sudan, My father was killed by government troops, they accused my father of coup attempt.

I am constrained to contact you because of the maltreatment i am receiving from my step mother. She planned to take away all my late father's treasury and properties from me since the unexpected death of my beloved Father. Meanwhile I wanted to escape to the Europe but she hide away my international passport and other valuable traveling documents. Luckily she did not discover where I kept my late fathers File which contains important documents.

So I decided to ran away to the refugee camp where I am presently seeking asylum under the United Nations High Commission for the Refugees here in Dakar Republic of Senegal, I wish to contact you personally for a long term business relationship and investment assistance in your Country.

My late father of blessed memory deposited the sum of (US$4.6 Milion) in one of the leading bank with my names as the next of kin. But meanwhile you should not allow any other person to know about this money since my late father did not disclose it with any body rather do they know about the valuable documents .

I have informed the bank about my plans of transferring the money to me here in Senegal to start a new life but i don't know that my late father have an agreement with the bank, that i should be up to 30 years of age before i will have direct access to the money, if not then i should provide my partner to stand for me as my trustee and partner to the bank so the bank will make the transfer into my partners account.

However, I shall forward you with the necessary documents on confirmation of your acceptance to assist me for the transfer of the money to your account, and I will like you to help me invest the money in your country, and i will also like to complete my studies, as i was in my 1st year in the university when the crisis started,It is my intention to compensate you with 20% of the total money for your assistance and the balance shall be my investment capital. This is the reason why I decided to contact you. Please all communications should be through this email address only for save and confidential purposes.

As soon as I receive your positive response showing your interest I will put things into action immediately. In the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction sincerely.

so that i will nominate you to the bank so that you stand as my trustee and partner to receive my inheritance funds for our both benefits

Please do keep this only to yourself, please i beg you not to disclose it to anyone until i come over to join you immediately the fund is transferred into your account.

Please send your names__________ and telephone number________________

Thanks hoping to hear from you soon,

Yours faithfully

Miss Rosemary Duma

---------------------------------------------------------------------------
NOTE: If you received this message in your SPAM/BULK folder that is because of the restrictions implemented by your Internet Service Provider.

Email analysis :

NOTE : rosemary.3as@yahoo.com
NOTE : r_rose2@meta.ua
NOTE : X-Original-Senderip : 41.219.52.19

Thursday, January 26, 2017

Heineken Premium Award 2017 "New Edition " (Heineken Scam + Email Leak)

Dear Benficiary,

This is to inform you that we Heineken Company Collaboration with Euro-
Million Lotto Draw on online Sweepstake Promotion Held on 20th
January,2017.

We are pleased to notify you that your email address was among the Email
Address selected randomly through our computer ballot system from world
Email Directories.

These are the lucky Numbers: 34,38,8,23 Bonus 3.
Your winning pin code: Hein/XX/5UNMS/2/17.

you are requested to contact our fiduciary agent for more information and
instructions, Below is the information to contact,

Contact Person: Mr Williams Walker
Office Email: williamswalker160@gmail.com
Website: http://www.heineken.com

Email analysis :

NOTE : tes@aplog.co
NOTE : williamswalker160@gmail.com
NOTE : Received : from zbmboxldap.aplog.co


Email leak :

jswaglord@yahoo.com, pleasefillintheblank@hotmail.com, mizra9062@gmail.com, hugoferreiracamargo@gmail.com, hector.rowles@gmail.com, fisherm@sgaweb.net, mattallegra@mail.com, jasminedelancey@gmail.com, chelleanderson12@gmail.com, pegidaunited@outlook.com, frederic@hotmail.com, cherrybree289@gmail.com, cruise19allyson@gmail.com, rhejean16@gmail.com, lucy04anderson@gmail.com, happyatlast0@yahoo.co.uk, bsartstudios@outlook.com, aaronreid@windowslive.com, bofasaur@gmail.com, sergeikurkov@yahoo.co.uk, dionnex18@hotmail.co.uk, harrold.fiducious@gmail.com, johnnyjones101@mail.com, cj96050@gmail.com, fransi@fransimalin.co.uk, drachenlords1510@live.de, engr.hanks@yahoo.co.za, Webinis123@gmail.com, jessicapierce318@gmail.com, marjac1997@gmail.com, meandcecilia@gmail.com, jw508328@gmail.com, whiter958@gmail.com, reverendtomjones@gmail.com, Jerry.fring@yahoo.com, Salamallikki@hotmail.com, cartoonherodude@gmail.com, richiecool84@hotmail.com, laurenmachan@hotmail.com, garywelburn@hotmail.com, realtopdocument@outlook.com, whiter958@msn.com, rob.karhu@gmail.com, keithspr3@hotmail.com, bill.martins@hotmail.com, rich.dude.swag@gmail.com

Tuesday, January 24, 2017

Verification Required #* Mise à jour de vos coordonnèes. (Phishing Banque Populaire)

Banque populaire Cyberplus
gérez vos Opération bancaires en ligne

Chér(e) client(e)

- Nous tenons a vous informer que vous avez un nouveau message de la part de votre conseiller :

. Veuillez procéder a la validation de Votre PassCyberPlus

- Pour confirmer votre code veuillez cliqes sur le lien ci-dessous:

https://www.icgauth.banquepopulaire.fr/WebSSo-BP/_13907/index.html

Nous vous remerions de votre confiance .

Cordialement

Banque Populaire

Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce message par erreur, merci d'en avertir immédiatement l'émetteur et de détruire le message. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. L'émetteur décline toute responsabilité au titre de ce message s'il a été modifié, déformé, falsifié, infecté par un virus ou encore édité ou diffusé sans autorisation.***********************************************************************************************Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce message par erreur, merci d'en avertir immédiatement l'émetteur et de détruire le message. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. L'émetteur décline toute responsabilité au titre de ce message s'il a été modifié, déformé, falsifié, infecté par un virus ou encore édité ou diffusé sans autorisation. *********************************************************************************************** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. ***********************************************************************************************

Screenshot of the email :


Email analysis :

NOTE : votre-service-cyberplus@web.de
NOTE : Received : from wu548652416341 ([52.164.213.191])
NOTE : by mrelayeu.kundenserver.de (mreue002 [212.227.15.168])

Phishing analysis :

CLICK : https://www.icgauth.banquepopulaire.fr/WebSSo-BP/_13907/index.html
OPEN : http://freelabel.net/css/bootstrap4/ola/cyber
REDIRECT : http://www.icgauth.banquepopulaire.fr.websso-bp.13907.serveur-cyberplus-data.com/populaire/index/*
RESULT : Phishing was removed.

Thursday, January 19, 2017

Please verify your Apple ID. (Apple Phishing)

Dear Customer,

Your AppIe lD has been disabled for security reasons ! To confirm your informations please click on the link below or copy and paste it to your browser then follow the instructions.

https://www.medfuture.com.au/Verification-iTunes/

Once you have update your account records, your information will be confirmed and your account will start to work as normal once again. If you have any questions, or require further assistance, please contact us.

Best Regards,
The AppIe Support Team

Contact Us | Affilaite Program | 1 Infinite Loop, Cupertino, CA 95014

Privacy Policy | Terms of Service | Terms of Sale

Phishing screenshot :


Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset="iso-8859-1"
NOTE : Return-Path :
NOTE : X-Priority : 1
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : Received : from server2.com ([180.210.203.65])
NOTE : Received : by server2.com (Postfix, from userid 48)
NOTE : Message-Id : < *@jobcom.sg >
NOTE : client-ip=180.210.203.65;
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Please verify your Apple ID.

Phishing analysis :

CLICK : https://www.medfuture.com.au/Verification-iTunes/
OPEN : https://www.medfuture.com.au/Verification-iTunes/
REDIRECT : https://www.medfuture.com.au/Verification-iTunes/*/CheckAuth.php?caseID=*&accLocked_websc=*c&processing_unverified?true=*
SCREENSHOT :


VALIDATE : FORM
SCREENSHOT :


RESULT : Phishing

Whois analysis :

Domain Name : medfuture.com.au
Registrant : Thiruchenthoran Sarvanantharaja
Registrant ID : ABN 72260916560
Eligibility Type : Sole Trader
Registrant Contact Name : Niraj Chenthoran
Tech Contact ID : CR210807141
Tech Contact Name : Niraj Chenthoran
Name Server : ns1.medfuture.com.au
Name Server IP : 166.62.39.20
Name Server : ns2.medfuture.com.au

Monday, January 16, 2017

URGENT REPLY


Hello, Dear

I am Hasher Al Maktoum, Chairman of the Dubai International Holding Company.

I am seeking your partnership in going into a private investment venture. I am interested in investing in your country, so I will like us to begin our acquaintance through this medium so we can discuss more.

I hope to hear from you soon.

Regards
Hasher Al Maktoum
Reply Re

Email analysis :

NOTE : hasheralmaktoum22@gmail.com
NOTE : hasheralmaktoum7@outlook.com
NOTE : Received : from HK2PR0401MB1377.apcprd04.prod.outlook.com ([10.165.180.23])

Sunday, January 15, 2017

Compliment" Info From Benson

Compliment,

I am a politician representing my constituency at just concluded election in Ghana and also a member of Ghana's executive committee on contract awards. My Name is Mr. Benson Kwaku. The reason of relating to you is to aid me in securing some money oversea for protected custody which I deliberately reserved for funding of my parliamentary elections campaign under the party leadership of the National Democratic Congress (NDC) last year December 7th 2016, regrettably for me I lost the parliamentary seat to the opposition party of The New Patriotic Party (NPP).

As an executive member on contract award committee, I was able to dump some kickback money emanated from award of contracts awarded to Japanese and German companies in a security vault with a commercial bank in Ghana pending when I will found a reliable individual to budge out the fund from Ghana to offshore bank account for a company venture.

Contacting you arose from the fact that the present-elect government vowed to crack down on our administrative functionaries of (NDC) and will trace all the resources that was made through contract awards and other mouth watering deals during our tenure in the office from the year 2008 to 2016, if they succeed in tracing this fund to me, they will confiscate it and thereby devastating my life time opportunities.

It become paramount for me to move this fund in a foreigner's name to keep away from any trace. What I require from you is a promise that you can hold the total sum involved (US$19.5M) Nineteen Million, Five Hundred Thousand United State Dollars contentedly and that I can also have confidence you.

I want you to instantly inform me of your readiness in supporting and co-operating with me in receiving the above sum in your account, That will enable me send you complete details of this business deal.

Thanks
Benson Kwaku

Email analysis :

NOTE : benson.kwaku@poczta.onet.pl
NOTE : test@imamatjome.com
NOTE : Received : from User by mail.imamatjome.com (MDaemon PRO v14.5.2)

Friday, January 13, 2017

RE: Hello Friend

Hello Friend

I am representing an investment interest from Thailand interested in overseas investment involving large volume of funds, for which we seek your participation as an overseas representative to handle the investment. My client, who is a native of Thailand, has some money from his business savings he wants to invest under qualified foreign partnership. If you feel disposed towards the solicited role, please indicate by prompt response, so that I may provide you further details of the cooperation. Bear in mind however, that this is a legitimate transaction and I look forward to your prompt response to my private email below:

Regards, email: helpthaiinvest@hotmail.com

Email analysis :

NOTE : a*.s*@ext.uni.lu
NOTE : helpthaiinvest@hotmail.com
NOTE : Received : from hercules.uni.lu (hercules.uni.lu. [158.64.76.33])


NOTE : hercules.uni.lu
NOTE : www.uni.lu


NOTE : X-Originating-Ip : [10.34.0.8]

Arthur Wolfe

Sind Sie in irgendeiner Art von finanziellen Schwierigkeiten? Brauchen Sie ein Darlehen, um Ihre Schulden klar? Sind Sie ein Geschäftsmann oder eine Frau, die sein Geschäft ausweiten will? Wir bieten Darlehen aller Art an Einzelpersonen, Firmen und Kooperationsorganisationen, die einen Kredit mit einem niedrigen Zinssatz von 3% benötigen, kontaktieren Sie uns heute

Name des Bewerbers:
Benötigte Menge:
Land:
Telefon:
Darlehenslaufzeit:

Email analysis :

NOTE : arthurwolfeloans2@outlook.com
NOTE : soaring2@singnet.com.sg
NOTE : X-Client-Ip : IPv4[197.210.28.130]

Wednesday, January 11, 2017

Juan Basilio Tahay Aguilar

I am sorry i sent you this mail which came as unsolicited E-mail in your junk Folder, i just want to inform you that Mr Graham Nelson is currently offering 3% Loan to every one. if you are interested contact email: grahamloanfirm01@gmail.com

Fill And Return...

Name:
Country:
Mobile number:
Amount needed as loan:
Loan duration:
Age:
Sex:

ALL REPLIES SHOULD BE SENT TO THIS EMAIL : : grahamloanfirm01@gmail.com

Email analysis :

NOTE : grahamloanfirm01@gmail.com
NOTE : jtahay@mineduc.gob.gt
NOTE : Received : from mail03.mineduc.gob.gt (unknown [172.16.0.2])
NOTE : by mineducantispam.mineduc.gob.gt


NOTE : mineduc.gob.gt server was used to relay this scam.

From: Dr. Emmanuel Ibe Kachikwu (GMD) Nnpc Towers Garki, Abuja.2017:

Nnpc Towers, Central Business District, Herbert Macaulay way, P.m.b. 190, Garki, Abuja.

From: Dr. Emmanuel Ibe Kachikwu (GMD)

Email: nnpcexecutorintrust@gmail.com

Attn. Ceo,

I know that this proposal may come to you as a surprise especially having to come from someone you have not met before I got you information from your country chamber of commerce here in Nigeria.

My name is Dr. Emmanuel Ibe Kachikwu, Group Managing Director of the Nigerian National Petroleum Corporation (NNPC). Be informed that my partner Dr. Maikanti Baru and I awarded a contract to a foreign firm (Sheng Yang Contraction Company) with contract Ref No: NNPC/PED/1462/KADREF/92) for the maintenance of the Nigeria petroleum-chemical complex located at Kaduna, Nigeria.

I know that this proposal may come to you as a surprise especially having to come from someone you have not met before, but I would like you to co-operate with me so that this U$D98, 000,000.00 will be released and transferred into your account, It is my profound intention to contact you for this very important and highly confidential transaction for the transfer of (U$D98, 000,000.00 Ninety Eight Million United State Dollars Only into your bank account.

The contract has been successfully executed by the contractors and their contract sum has been paid to them, leaving our overestimated balance of (U$D98, 000,000.00 Ninety Eight Million United State Dollars Only) still pending at the bank. Right now, we are left with this overestimated balance of (U$D98, 000,000.00) which is still floating at the escrow account in the Central Bank of Nigeria (CBN) waiting for final payment to any reliable foreign bank account you may provide.

We, as government officials, are not permitted to own or operate foreign bank account. therefore we need reliable person who will provide us with a foreign account where to transfer and deposit this US$98,000,000.00, that is the reason we are soliciting for your sincere assistance to provide us with an account where to transfer this money .all moralities for the easy transfer of this money is now in place, the period of this transaction is only two weeks from the day we receive your bank account details.

Note that 10% of our share will be invested in your country, as we propose to give you 30% of the U$D98, 000,000.00, my partners and I will get 60% of the money.

The balance of 10% will be allocated to cover all expenses uncured by both partners, be informed that this proposal is urgent and confidential, Please send to me your bank account details and full address of company name and address, your private phone and fax number for easy communication which will be used in securing all the necessary documents for easy transfer of the fund.

Awaiting your urgent response.

Best regards.

Dr. Emmanuel Ibe Kachikwu.
Group Managing Director of the Nigerian National Petroleum Corporation (NNPC)

Email analysis :

NOTE : nnpccexecutorintrust95@hotmail.com
NOTE : nnpcexecutorintrust@gmail.com
NOTE : Received : from User (unknown [192.69.89.116])


NOTE : by mail.akdgroup.co.bw (Postfix)

Monday, January 9, 2017

Cash Grant For Humanitarian Aid

Dear Email Beneficiary,
We wish to inform you that you are one of the eight email beneficiaries approved to receive the sum of $2,000,000.00 USD in the on-going UN Humanitarian aid/Poverty Alleviation Program (UNPAP) 2016 end of the year cash grant.
CONTACT REMITTANCE DEPT:
Name: Mrs Diana Afiq
Call: +601136954482
Email: wumtremitdesk@gmail.com

Email analysis :

NOTE : admin@un.regt.org
NOTE : wumtremitdesk@gmail.com
NOTE : Received : from [100.117.134.102]
NOTE : (unknown [115.164.178.31]) by mail2.ivic.gob.ve


NOTE : Zimbra server from www.ivic.gob.ve
NOTE : www.ivic.gob.ve : Instituto Venezolano de Investigaciones Científicas (IVIC)


NOTE : ivic server was used to relay this scam.

Merle Butler

Hello,

I'm Mr. Merle Butler the mega winner of $218M In Mega Millions Jackpot, I'm donating to 5 random individuals if you get this email then your email was selected after a spin ball.I have spread most of my wealth over a number of charities and organizations. I and my wife Patricia Butler have voluntarily decided to donate the sum of $2 Million USD to you as one of the selected 5, to verify my winnings please see my you tube page below.

WATCH ME HERE: https://www.youtube.com/watch?v=VXDhZZFzJ34

THIS IS YOUR DONATION CODE: [ 0043034]

Reply with the DONATION CODE to this email: merlepbutler@gmail.com

Hope to make you and your family happy.

Regards
Merle and Patricia Butler

Email analysis :

NOTE : merlepbutler@gmail.com
NOTE : fred@ufma.br
NOTE : Received : from [192.168.1.103]
NOTE : (unknown [175.100.60.230]) by carolina.ufma.br


Video used for this scam :

URGENT RESPOND

Attn; Dear Beneficiary,

Please your urgent Attention is needed, we wish to inform you that our Diplomatic agent conveying your consignment box valued the sum of $6.5 Million United States Dollars misplaced your address, we required you Reconfirm the following information's below so that she can deliver your Consignment box to you today and return immediately,

FULL NAME: ===========
COUNTRY: ===========
CITY: ===========
CURRENT HOME ADDRESS: =========
TELEPHONE/CELL PHONE NUMBER.======
AGE/OCCUPATION: =======
SEX:MAN.

She is waiting to hear from you today with the information's to bring your Consignment funds to your doorstep. NOTE: That Diplomat agent Rose Clara did not know the content of The consignment box
contains a huge amount of money which is $6.5 Million United States Dollars and on No circumstances should you let her be at peril with the Consignment box, The consignments were moved from here as family Treasures, so never Disclose the real content to her until you receive your consignment.

Best Regards
Marquel E. Jallo

Email analysis :

NOTE : diroseclara@gmail.com
NOTE : loveaffair@alice.it
NOTE : Received : from (41.79.217.151) by wmlight.pc.tim.it;

Can You Be Trusted.?

I am Mr. ALI HUSAMEDDIN from war ravaged SYRIA. I am the second son of ABDO HUSAMEDDIN politician and former government minister. He was aide to the oil minister from August 2009 to 7 March 2012, when he became the highest-ranking government minister to defect to the opposition from BASHAR AL-ASSAD'S government, before he was killed, I am sorry for the inconvenience that this letter may cause you, I and my father deposited our family life treasure during his reign with TRANS GLOBAL SECURITY/FINANCE COMPANY LTD in London UK.

I and my father lifted this three trunk boxes which contains the Sum of $85 million US DOLLAR which we deposited with the above mentioned company in UK for salty purposes, After the death of my father I have decided to move this family life treasure to Miami International air port USA, the consignment is in the diplomats ware house there at Miami international air port USA, I arrived London UK this January, before they ask me to get a Partner in your country to receive the boxes on my behalf, based on the Condition that the consignment is tagged diplomatic baggage.

I wanted the box to arrive before I will make contact In your country for someone who has a Godly mind and That can help me invest them to pick it up and assist Me to come over for further business plans, , that is why I have to move it to you in MIAMI for further delivery to you by the diplomat, so I want you to Avoid any stress or fear of insecurity, and irresponsibility.

Please to prove my honesty and sincerity in the Subject matter; send me your fax and private cell Phone number for easy communication during the delivery of the consignment to you, but please you will have to keep it very confidential for both of us and in return to your kind assistant YOU WILL BE GIVEN 35% PERCENT SHARE OF THE FUND.

upon you reply to this massage then I will give you the contact number of the diplomat in MIAMI so that you can call him, and he is a UK government approved diplomat he is there in MIAMI so that you can call him and tell him that you are my partner whom my consignment is to be delivered to, to enable him deliver the consignment to you immediately.

Show original message

Allah bless
Ali Husameddine

Email analysis :

NOTE : lpritchard@frontiernet.net
NOTE : c.cssina@tin.it
NOTE : Received : from [104.41.168.163]


NOTE : (port=1499 helo=bals-kazu.honbu.local)


NOTE : by blinux.thesecurededicatedserver.com

Friday, January 6, 2017

Mr Stanley

Attention,

You Are Expected To UBA Bank Once You Receive this Email UBA Bank has finalize all the necessary arrangement and your fund Is inside ATM CARD this moment your ATM CARD is in UBA Bank OFFICE waiting

For your, information below is necessary, Full Name...
You Country....
Address.... Age..........Your Telephone Number............
As soon as i received these information i will send more details.

Best Regards

Stanley

Email analysis :

NOTE : hugoferreiracamargo@gmail.com
NOTE : cergino@ngi.it
NOTE : X-Originating-Ip : 41.216.50.26

Monday, January 2, 2017

URGENT REPLY

CONTACT DHL COURIER COMPANY LIMITED

Attention

Am MR JEFF DAVIS DHL Director, am writing you regarding my diplomatic agent Mr Patrick Douglas arrival at ORLANDO AIRPORT here in Florida with your ATM CARD worth of $(7.5M) We have finally arranged to deliver your ATM CARD worth $7.5Million USD through the national DHL company. We were able to accomplish this through the help of IMF director John Andy and every necessary arrangement has been made successfully with the National DHL Agent Dr Peter Campbell

Contact the DHL agent with your delivery information, such as
Your full receiver's name..........
your country..........
your phone number,......
your home address............,
your city, ...................
Your nearest airport.....
Age/sex..... Your Id/Driver license.

And also be informed that delivery agent will leave this country as soon as you haveproceed with the DHL requirement for your fund;s delivery, Forward the information Through Email:(atmoffice.depertment6080@gmail.com)Call or sms .Mr.Paul Ronald,+1-(719)938-8676 once he gets to USA,but we will inform you when he leaves here, Note that because of impostors we here by issued your code of conduct which is (ATM-8411)So you have to indicate this code when contacting this office by using it as your subject. And i looks forward to hear from you as soon as possible Thanks for your understand Contact DHL Agent Mr.Paul Ronald with this number +1-(719)938-8676 once he get to USA but we would keep you posted once he leaves the country,
your information is urgent needed for the delivery of your package worth of $18.5M to enable our DHL agent to deliver your fund this month,

DHL COURIER COMPANY LIMITED
Email:(atmoffice.depertment6080@gmail.com)
Direct phone call +229 99131745

your ATM CARD
PIN code Is 4421.)

Sincerely
DHL DIRECTOR MR JEFF DAVIS

Email analysis :

NOTE : atmoffice.depertment6080@gmail.com
NOTE : "www."@wit.ocn.ne.jp