Monday, March 21, 2016

е931017364 (Apple Phishing attempt)

Our commitment to protecting your privacy comes from a deep respect for our customers.

Related image
iApple

Hello *@*,

We would like to inform you that we have experienced some technical difficulties last night which might have prevented you from accessing your account. We'd like you to review your information to ensure you get an up-to-date level:

Continue and review

Thank you!
Staff iApple!

We apologize for the inconvenience caused and thank you for your patience and understanding. 112 3 We know that your trust doesn’t come easy. That’s why we have and always will work as hard as we can to earn and keep it. This notification was sent to scamcz@gmail.com. Don't want occasional updates about Google+ activity and friend suggestions? Unsubscribe from these emails. iApple Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043 USA

Phishing analysis :

CLICK : Continue and review
OPEN : http://nfloridahook.com/pan.php?847DE55546747A5D6543F2C54A9C44F1FB69801DBE9482D48F2B9716F52BC6D3AB7FFB657FCF72475864E87B59FEC2D2B93E8C9F565936199A330E7ED5994

REDIRECT : https://box1117.bluehost.com/suspended.page/disabled.cgi/nfloridahook.com?847DE55546747A5D6543F2C54A9C44F1FB69801DBE9482D48F2B9716F52BC6D3AB7FFB657FCF72475864E87B59FEC2D2B93E8C9F565936199A330E7ED5994

NOTE : Phishing attempt...

Email analysis :

NOTE : 41.222.211.140
NOTE : replyonline@cs.iapple.com
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=utf-8
NOTE : Return-Path : < replyonline@cs.iapple.com >
NOTE : Received : from mailgateway01.galaxybackbone.com
NOTE : (mx1.nmodepic.gov.ng. [41.222.211.140])
NOTE : Received : from unknown (HELO asgard5) ([104.215.249.224])
NOTE : by mailgateway01.galaxybackbone.com with ESMTP;
NOTE : client-ip=41.222.211.140;
NOTE : Content-Transfer-Encoding : base64
NOTE : е931017364

Wednesday, March 16, 2016

Action Needed: Verify Account Information's (USAA Phishing Attempt)

To ensure the clear view of the message, please click show images and move it to your inbox folder.

USAA Member Home
Verify Account Information's

Dear USAA Customer,

We're currently upgrading our systems to bring enhanced features to your USAA Account experience. As a result, your account is temporarily unavailable.
Please download the file attached and upgrade your USAA Account to our new system.

Note: FAIL TO UPGRADE YOUR ACCOUNT, IT WILL BE AUTOMATICALLY CLOSED.

After this step, you are permitted to access your usaa.com System.

Thank you,
USAA

Please do not reply to this e-mail. To ensure the safety of your account, please update your information in our database.
USAA, 9800 Fredericksburg Road, San Antonio, Texas 78288.

USAA means United Services Automobile Association and its insurance, banking and investment affiliates.
87832-0713

Update_Account_Information's-USAA.html

USAA Phishing attempt analysis :

- The phishing was an html page.
- The page is also available as a raw file : http://pastebin.com/raw/B4DLgJe8

Email analysis :

NOTE : fevima@infonegocio.com
NOTE : Mime-Version : 1.0
NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < fevima@infonegocio.com >
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Received : from pop.prtcnet.org (pop.prtcnet.org. [69.176.19.5])
NOTE : Received : from [46.21.150.135] (helo=User) by pop.prtcnet.org


NOTE : client-ip=69.176.19.5;
NOTE : Action Needed: Verify Account Information's