Saturday, April 2, 2016

Please Confirm (Dropbox Phishing)

Please confirm

Attached PO and TT copy, check on dropbox. Our agent will contact you soon for Carton design.

Regards,
UhlSport Gmbh
+49-219383112

http://www.diabeez.in/cgisys/dropboxx/downloadPO-D1956-1.htm?

Phishing analysis :

CLICK : http://www.diabeez.in/cgisys/dropboxx/downloadPO-D1956-1.htm?
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://www.dropbox.com/s/paic7kvmg1lqnsg/PO%201026240.pdf?dl=0
SCREENSHOT :


Email analysis :

NOTE : mldminn@outlook.com
NOTE : 25.152.2.60 as permitted sender
NOTE : X-Ms-Exchange-Crosstenant-Originalarrivaltime : 01 Apr 2016 08:47:01.9167 (UTC)
NOTE : X-Originatororg : outlook.com
NOTE : X-Ms-Exchange-Transport-Crosstenantheadersstamped : VE1EUR01HT230
NOTE : X-Forefront-Antispam-Report : CIP:25.152.2.60;IPV:NLI;CTRY:GB;EFV:NLI;SFV:NSPM;SFS:(10019020)
NOTE : Authentication-Results : spf=softfail (sender IP is 25.152.2.60)
NOTE : X-Ms-Exchange-Crosstenant-Fromentityheader : Internet
NOTE : Accept-Language : en-US
NOTE : Content-Language : en-US
NOTE : Mime-Version : 1.0
NOTE : Please Confirm

Notes from Scam.cz :


  • 25.152.2.60 servers were used to relay this phishing.
  • 25.152.2.60 = UK Ministry of Defence
  • https://www.gov.uk/government/organisations/ministry-of-defence
  • Inside the UK ministry of defence, there is a station relaying dropbox phishing.