Tuesday, July 24, 2018

I HOPE YOU GOT MY EMAIL

Good day, My name is CPT. Tony Fisher; I am serving in the US military in Afghanistan with the army infantry division, I have some amount of funds that I want to move out of the country, My troop found US$42million in 14 containers. The money had been hidden behind the false wall of a house searched by my troop. It is thought the stashed cash could have been left by fleeing Al-Qaeda and Isis leaders, though my commanding officer did not declare the funds to the Afghanistan Government which we agreed to keep and share among ourselves. I was able to secure US$3.560,000.00 (Three Million, Five Hundred and Sixty Thousand United States Dollars) which I have with me. I guarantee you that this will be executed under a legitimate arrangement that will protect you from any breach of the law, we stand to gain immensely on the successful completion of this mutual undertaking. For your assistance in handling the project, I will map out 35% for your personal use from the deposit if both parties have agreed to the terms and conditions of this mutual partnership. Your part of this deal is to find a safe place where the funds can be sent to. But first you have to assure me that you can handle this consignment and keep it in a safe a secure place when you receive it. This is strictly confidential and must not be disclosed to a third party please, if you do not want to be party to this business please delete this letter from your email box to avoid any leakage of this information. If you want to work with me, kindly indicate your interest to do so and I will give you the details. Please always send me email via: tonyfisher708@yahoo.com / tonyfisher862@protonmail.ch I wait to receive your acceptable reply as soon as you read this letter. Thanks and best Regards. CPT. Tony Fisher Bagram Air Base, Bagram District Parvan Province, Afghanistan.

Email analysis :

NOTE : tonyfisher708@yahoo.com
NOTE : tonyfisher862@protonmail.ch
NOTE : tonyfisher862@usa.com
NOTE : client-ip=88.99.33.244;⁩

Friday, July 13, 2018

RYP

My name is Hassan Karmal, an administrator with Maybank Berhad, Malaysia. I like to discuss an immediate opportunity with you. Regarding (USD $8,000,000.00) under your name. Get back to me as soon as possible for more details, thanks

Email analysis :

NOTE : Hassankarmal@foxmail.com
NOTE : schwingshackl.walter@alice.it
NOTE : Received : ⁨from User (173.234.41.130)

Hello!!!

Hi,

I am Ms. Amina Usman a banker here in Syria. Because of the nature of what i want to tell you, i will like that all our discussion be made private and secret even if you don't want to do it with me.

The reason i contacted you is because of one of my late customer Mr. Adel Walid. He died 3 years ago in the Syria war and left 8.2 million United States dollars in his account. Since then no relative have come to claim his money . I think we can work things out.

Unfortunately, my client died with his family by a bomb blast in his home and his account mandate does not have any contact of any of his relatives as next of kin. I have made several inquiries to locate any of his relatives without any success and upon further inquiries, i found out that my late customer as an international businessman mandated that in case of death and no relatives come up for his money after 2 years, the money should be given to his foreign business partner whom he did not mention his name or nationality.

As his personal account officer before he died, I have been mandated by my bank management to provide the next of kin to his account. If i don't get any of his relatives in 29 days the account balance of $8.200,000 will be returned to the government treasury.

Since you are a foreigner and i cannot find any of his relatives, I now seek your consent to present you as the next of kin to the late account holder. You and I will share the money 50/50 after the money is transferred to you. I think this is fair decision instead of the Syrian government and top bank officials taking the money

I was his personal accountant before he died, i have all the vital information for us to claim the money without any problem I only worry about your ability to handle this deal properly and to keep this transaction secret to protect my job. The transaction is 100% risk free as I have studied and investigated the transaction properly as a professional banker and discovered that it's risk free before making contact to you.

I will make sure that everything works out hence it is for our benefit, also be rest assured that whoever that I present to the bank remains the next of kin to our late customer .

I will be here to back it up with every legal documents in your favor to enable the bank give approval to the fund in our own interest and have the fund transferred to your account in over there for our mutual benefit . I will immediately arrange for my traveling to come over for the sharing as soon as it is confirmed in your account.

If you are interested to do the deal, write to me and i will tell you what we need to do.

Sincerely,
Ms. Amina

Email analysis :

NOTE : usmina756@gmail.com
NOTE : jdmzainab@gmail.com
NOTE : domain of centralaboratory@gmail.com designates 209.85.220.65 as permitted sender

Thursday, July 12, 2018

Yоu're my viсtim

Hi, viсtim.
I write you beсause I рut a malwаrе оn the wеb pаgе with роrn whiсh yоu have visited.
My virus grаbbed all yоur persоnal infо аnd turned оn your сamеra which саpturеd thе рrocеss оf yоur оnanism. Just after thаt the soft sаved your contaсt list.
I will dеlеtе thе comprоmising videо and info if yоu рay mе 999 EURO in bitcоin. This is аddrеss for payment : 16QvCe5fNwK4TXXG7gaxZbtFyJ5sypaba1

I give yоu 30 hоurs аftеr yоu орen my mеssаge fоr mаking thе transаctiоn.
As sооn аs yоu rеаd the messаgе I'll see it right аwаy.
It is not nеcessary tо tеll mе that you hаve sеnt monеy tо me. This аddrеss is соnnеctеd tо you, my system will delete еvеrything аutоmatiсаlly after transfer сonfirmatiоn.
If you nееd 48 h just reрly оn this lettеr with +.
You сan visit thе роlice stаtiоn but nobody саn help you.
If you try to deceivе me , I'll see it right away !
I dоnt livе in yоur country. Sо they can not trаck my loсаtiоn еvеn for 9 months.
Goodbye. Dont fоrget аbоut thе shamе and to ignorе, Your life cаn be ruined.

Email analysis :

NOTE : noreply@portdouglasdaintree.com
NOTE : Received : ⁨from portdouglasdaintree.com (portdouglasdaintree.com [185.144.29.166])
NOTE : Received-Spf : ⁨Pass (sender SPF authorized) identity=mailfrom; client-ip=185.144.29.166;


NOTE : helo=portdouglasdaintree.com; envelope-from=noreply@portdouglasdaintree.com;

Domain analysis :

Domain Name: portdouglasdaintree.com
Registry Domain ID: 547796162_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.synergywholesale.com
Registrar URL: http://whois.synergywholesale.com
Updated Date: 2017-08-15 04:16:29
Creation Date: 2006-08-08 20:14:10
Registrar Registration Expiration Date: 2018-08-08 20:14:10
Registrar: Synergy Wholesale
Registrar IANA ID: 1609
Registrar Abuse Contact Email: noc@synergywholesale.com
Registrar Abuse Contact Phone: +61 3 8399 9483
Reseller: VentraIP Australia
Reseller: http://www.ventraip.com.au
Reseller: noreply@ventraip.com.au
Registrant Name: Stephen Nutt
Registrant Street: P.O.Box 744
Registrant City: Port Douglas
Registrant State/Province: QLD
Registrant Postal Code: 4877
Registrant Country: AU
Registrant Phone: +61.740993356
Registrant Email: stephen@showmedia.com.au
Registry Admin ID: Not Available From Registry
Admin Name: Stephen Nutt
Admin Street: P.O.Box 744
Admin City: Port Douglas
Admin State/Province: QLD
Admin Postal Code: 4877
Admin Country: AU
Admin Phone: +61.740993356
Admin Email: stephen@showmedia.com.au
Registry Tech ID: Not Available From Registry
Tech Name: Stephen Nutt
Tech Street: P.O.Box 744
Tech City: Port Douglas
Tech State/Province: QLD
Tech Postal Code: 4877
Tech Country: AU
Tech Phone: +61.740993356
Tech Email: stephen@showmedia.com.au
Name Server: NS29.DOMAINCONTROL.COM
Name Server: NS30.DOMAINCONTROL.COM

Saturday, July 7, 2018

Security Upgrade Alert. (Wells Fargo Phishing)

Dear Customer Esteemed,

Wells Fargo Technical Department is carrying out a planned Security upgrade.

Access to your online banking is currently Limitted.

To get started, Click on the "Security Upgrade" Below to validate your online services.

"Security Upgrade"

This instruction has been sent to all Wells Fargo Bank customers and is MANDATORY.

Thank you for Banking with us.

© 1999 - 2018 Wells Fargo. All rights reserved. NMLSR ID 399801

Email analysis :NOTE :

NOTE : ar.harati@t-online.de
NOTE : Received : ⁨from mailout08.t-online.de
NOTE : (mailout08.t-online.de. [194.25.134.20])


Phishing analysis :

CLICK : "Security Upgrade"
OPEN : http://lobofer.com.br/wp-admin/includ/online.php
SCREENSHOT :

Tuesday, July 3, 2018

Refer to this following Invoice#******* (Dropbox Phishing)

***@***

View the Document i attached to you via Dropbox. Sent on 21/02/2018.

View document

Kind Regards.
Cindy Whitfield
Rich Rags
Designer Wearable Art
My cell Phone number is 530-520-5540

Email analysis :

NOTE : dirkschulzegronover@t-online.de
NOTE : 81.133.119.148


Phishing analysis :

CLICK : View document
OPEN : http://huzaifamarble.com/redirect/ch.html
REDIRECT : http://www.bashtv.com.au//telekomlomel/drp/page.php?id=*
NOTE : http://www.bashtv.com.au//telekomlomel/drp/page.php
SCREENSHOT :

Important Notice!!! ( American Express Phishing )


This is an automated email, please do not reply

Important Update

We noticed there's a problem associated with your account due to breakdwon in security.
For protection, Require you to update it immediately so as to have your account restored.
Kindly use the link below to sign in and restore your account.
Click Here To Update

Regards,
American Express Company

© All users of our online services subject to Privacy Statement and agree to be bound by Terms of Service. Please review. © 2018 American Express Company. All rights reserved.

Email analysis :

NOTE : safeguards@mt.com
NOTE : client-ip=68.99.120.44;⁩


Phishing analysis :

CLICK : Click Here To Update
OPEN : http://www.getsmartcenter.com/wp-admin/bless.htm


RESULT : Phishing was removed