Incident sur votre compte (Phishing Free)

Votre satisfaction notre priorité

Cher(e) Client(e),

Nous sommes au regret de vous informer que votre abonnement mobile est impayé suite au refus du prélèvement de ce mois par votre établissement bancaire.

Nous vous invitons à régulariser votre facture en suivant le bouton ci-dessous afin d'éviter la perte de votre ligne mobile:

Régler votre facture

A bientôt !

Armand Thiberge - PDG, Free Mobile

Ceci est un message automatique.

Email analysis :

NOTE : EASY+REQUEST@magenvimigo.msn.com
NOTE : Cmm-Sender-Ip : 217.72.192.75
NOTE : Received : from mout.kundenserver.de ([217.72.192.75])

Phishing analysis :

SCREENSHOT :

CLICK : Régler votre facture
OPEN : http://requestfree.eu/*
REDIRECT : freemobileapp.eu/request/*
SCREENSHOT :

URGENT: Confirmation Of Your Online Banking. (JPMorgan Phishing attempt)

Dear Chase Online(SM) Customer,

As part of our commitment to help keep your account secure, we have detected an irregular activity on your account and we are placing a hold on your account for your protection. Please click on the following link and follow the instructions for proper verification.

CLICK HERE

NB: If this important message seems to be spam/junk please move to inbox to enable you click on the link above, We are here to assist you anytime. Your account security is our priority. Thank you for choosing Chase.

Sincerely,
Chase Fraud Department

Copyright © 2016 Chase Online. All rights reserved
JPMorgan Chase & Co.

Email analysis :

NOTE : info@onlinebanking.com
NOTE : bblazzard@lusd.k12.ca.us
NOTE : Received : from onlinebanking.com (unknown [68.65.134.234])

Phishing analysis :

CLICK : CLICK HERE
OPEN : http://mobwarsdoa.com/banking/chaseonline/Logon.php?LOB=RBGLogon&_pageLabel=page_logonform

Service client : Sécuriser votrᥱ Cybᥱrplus ! (Phishing Banque Populaire)

Bonjour

Le département technique procède à une mise à jour de logiciel programmée de
façon à améliorer la qualité de nos services . Nous vous demandons avec
bienveillance de sécuriser votre Cyberplus .

21-01-2017 : Régulation de votre dossier en linge.

Nous vous remercions de votre confiance.
Cordialement
Conseil Clientèle.

Email analysis :

NOTE : noreply@nej.fr
Received : from 184.164.74.221

Phishing analysis :NOTE :

CLICK : http://opticaguadalquivir.es/puce
REDIRECT : http://www.tailors-hostel.com/gestion/txt/-/ilon/resf/Pages/
SCREENSHOT :

Microsoft account termination request in progress. (Microsoft Phishing, Swisscom Phishing, Directory listing)

Microsoft Security info

We received a message from you requesting for your account termination, please ignore this message if the request was from you. Your account would be deleted from our system in the next 24 hours.

(Note: All mails in your inbox, spam, draft, and sent items would be terminated, and access to your account would be denied.)

Click on cancel request if the message wasn't from you.

CANCEL REQUEST

Cancel the termination request to keep enjoying Microsoft!

Thanks,

The Microsoft account team.

Safety Certification Copyright © 2017 Microsoft

Phishing analysis :

SCREENSHOT :

CLICK : http://ow.ly/***
RESULT : A BASE64 is loaded in the url bar.
RESULT : data:text/html;base64,
SCREENSHOT :

RESULT : Microsoft phishing
CODE SOURCE ANALYSIS : form action="http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/result.php
NOTE : Another wordpress website hacked...
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/

RESULT : Repository of phishing.
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/bluewin

RESULT : Swisscom Phishing

GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/

RESULT : Microsoft phishing

GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/viko/

RESULT : Microsoft phishing

[Alibaba Inquiry Notification] Andrew Krivenko has sent you an inquiry (Alibaba Phishing)

www.Alibaba.com Trade Center IP:182.***.***.40 温馨提示：该买家设置了隐私保护，我们提供了代理邮箱帮助您与买家取得联系，现在您可以直接回复该邮件，但注意请不要删除本邮件任何内容否则会无法联系上买家。Andrew Krivenko from UKRAINE has sent you an inquiry View Details Manage Your Orders Jacky Lui Andrew Krivenko

Hi

Dear. Sir

We are Ukraine company. Please i want to know if you have the attached sample in stock and how long it takes to ship to Ukraine we want to place order immediately. Please reply to our email.

Best Regards
Mr. Krivenko

Company Name. U.E.E.S.I.
President. Krivenko
Mobile. 380-10-9118-3105
Company Phone. 380-32-819-3318
Company Fax. 380-32-819-3317
e-mail. import@ueesi.com
WeChat ID : kriven010911383105
attach.png It contains an attachment. Please sign into Trade Center to check it.

FAQ:

1. Tips for International Trading on Alibaba.com
2. Some top tips for safe trading on Alibaba.com

Recent Activity on Alibaba.com:

1. Pipelines for ordering on Alibaba.com
2. Recent new functions and promotions on Alibaba.com

Email Setting | Customer Services |
Help center | My Alibaba
You received this email because you are registered on Alibaba.com
Read our Privacy Policy and Terms of Use
Alibaba.com Hong Kong Limited.
26/F Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong
Tel: (+852) 2215-5100

阿里巴巴香港有限公司
香港銅鑼灣勿地臣街1號時代廣場1座26樓
電話：(+852) 2215-5100

Screenshot of the phishing :

Email analysis :

NOTE : feedback@service.alibaba.com
NOTE : client-ip=210.3.234.46;

Phishing analysis :

CLICK : VIEW Details
OPEN : http://sanantoniodenia.es/94582
REDIRECT : http://iluni-psiui.org/*
NOTE : This Account has been suspended.
NOTE : @AlibabaGroup phishing attempt. | #Alibaba #Phishing

Reply (Phishing)

Dear *@*

We noticed that you are running very low on storage volume.

Kindly verify email with the server to ensure smooth mailing experience.

click here to increase more free data

When data get's to 100% used it will lead to certain mail malfunctions and lost of files in the near future.

Sincerely
Storage Mail Help Desk.
This email can't receive replies.

Email analysis :

NOTE : williamnicole.co.za
NOTE : info@williamnicole.co.za
NOTE : Received : from 199-255-214-84.anchorfree.com
NOTE : ([199.255.214.84]

Phishing analysis :

CLICK : click here to increase more free data
OPEN : https://www.wefirstbranding.com/newsletters/issue55/shl/boxMrenewal.php?Email=*@*&.rand=*&lc=*&id=*&mkt=en-us&cbcxt=mai&snsc=1
NOTE : ERROR
NOTE : Phishing was removed.

Verification Required #* Mise à jour de vos coordonnèes. (Phishing Banque Populaire)

Banque populaire Cyberplus
gérez vos Opération bancaires en ligne

Chér(e) client(e)

- Nous tenons a vous informer que vous avez un nouveau message de la part de votre conseiller :

. Veuillez procéder a la validation de Votre PassCyberPlus

- Pour confirmer votre code veuillez cliqes sur le lien ci-dessous:

https://www.icgauth.banquepopulaire.fr/WebSSo-BP/_13907/index.html

Nous vous remerions de votre confiance .

Cordialement

Banque Populaire

Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce message par erreur, merci d'en avertir immédiatement l'émetteur et de détruire le message. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. L'émetteur décline toute responsabilité au titre de ce message s'il a été modifié, déformé, falsifié, infecté par un virus ou encore édité ou diffusé sans autorisation.***********************************************************************************************Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce message par erreur, merci d'en avertir immédiatement l'émetteur et de détruire le message. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. L'émetteur décline toute responsabilité au titre de ce message s'il a été modifié, déformé, falsifié, infecté par un virus ou encore édité ou diffusé sans autorisation. *********************************************************************************************** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. ***********************************************************************************************

Screenshot of the email :

Email analysis :

NOTE : votre-service-cyberplus@web.de
NOTE : Received : from wu548652416341 ([52.164.213.191])
NOTE : by mrelayeu.kundenserver.de (mreue002 [212.227.15.168])

Phishing analysis :

CLICK : https://www.icgauth.banquepopulaire.fr/WebSSo-BP/_13907/index.html
OPEN : http://freelabel.net/css/bootstrap4/ola/cyber
REDIRECT : http://www.icgauth.banquepopulaire.fr.websso-bp.13907.serveur-cyberplus-data.com/populaire/index/*
RESULT : Phishing was removed.

Please verify your Apple ID. (Apple Phishing)

Dear Customer,

Your AppIe lD has been disabled for security reasons ! To confirm your informations please click on the link below or copy and paste it to your browser then follow the instructions.

https://www.medfuture.com.au/Verification-iTunes/

Once you have update your account records, your information will be confirmed and your account will start to work as normal once again. If you have any questions, or require further assistance, please contact us.

Best Regards,
The AppIe Support Team

Contact Us | Affilaite Program | 1 Infinite Loop, Cupertino, CA 95014

Privacy Policy | Terms of Service | Terms of Sale

Phishing screenshot :

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset="iso-8859-1"
NOTE : Return-Path :
NOTE : X-Priority : 1
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : Received : from server2.com ([180.210.203.65])
NOTE : Received : by server2.com (Postfix, from userid 48)
NOTE : Message-Id : < *@jobcom.sg >
NOTE : client-ip=180.210.203.65;
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Please verify your Apple ID.

Phishing analysis :

CLICK : https://www.medfuture.com.au/Verification-iTunes/
OPEN : https://www.medfuture.com.au/Verification-iTunes/
REDIRECT : https://www.medfuture.com.au/Verification-iTunes/*/CheckAuth.php?caseID=*&accLocked_websc=*c&processing_unverified?true=*
SCREENSHOT :

VALIDATE : FORM
SCREENSHOT :

RESULT : Phishing

Whois analysis :

Domain Name : medfuture.com.au
Registrant : Thiruchenthoran Sarvanantharaja
Registrant ID : ABN 72260916560
Eligibility Type : Sole Trader
Registrant Contact Name : Niraj Chenthoran
Tech Contact ID : CR210807141
Tech Contact Name : Niraj Chenthoran
Name Server : ns1.medfuture.com.au
Name Server IP : 166.62.39.20
Name Server : ns2.medfuture.com.au

Your account will be blocked!!! (Dropbox Phishing)

Dear User,

Your Mail Storage Limit has exceeded you might not be able to send or receive new messages; Click or Copy the link below onto your browser to verify your email and increase storage limit.

http://www.powerline.or.kr/zboard/data/dpbx/index.php

Note: Failure to heed strictly to this notification will lead to Email Account deletion thereby causing lost of files.

Thank you for using our mail system

Mail Administrator

Email analysis :

NOTE : hr@mail.com
NOTE : Received : from User (unknown [104.194.2.16])
NOTE : (Authenticated sender: admin) by mail.vps.com (Postfix)

Phishing analysis :

CLICK : http://www.powerline.or.kr/zboard/data/dpbx/index.php
OPEN : http://www.powerline.or.kr/zboard/data/dpbx/index.php
SCREENSHOT :

RESULT : Dropbox phishing
CLICK : Other Emails
SCREENSHOT :

CLICK : Submit
REDIRECT : https://www.dropbox.com/

FW: FTC subpoena (Phishing attempt)

You've been subpoenaed by the FTC.
FTC Subpoena

Please get back to me about this.
Thank you
Richard Kent
Senior Accountant
richard@*.*
Phone: 441-216-2849
Fax: 441-216-5880

Email analysis :

NOTE : richard@*.*
NOTE : Received : from unknown (HELO IEOSOZAX) (117.247.121.182)

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : BSNL was used to relay this phishing.

Phishing analysis :

CLICK : FTC Subpoena
OPEN : http://benxethainguyen.vn/api/get.php?id=dGVzdEB0ZXN0LmNvbQ==
RESULT : 404, removed...
WHOIS : benxethainguyen.vn

benxethainguyen.vn whois :

TÊN MIỀN benxethainguyen.vn
Ngày đăng ký: 16-03-2012
Ngày hết hạn : 16-03-2017
Tên chủ thể đăng ký sử dụng :Ông Nguyễn Sự
Trạng thái : clientTransferProhibited
Quản lý tại Nhà đăng ký: Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
Máy chủ DNS chuyển giao: + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn
Registration date : 16-03-2012
Expiration date : 16-03-2017
Registrant : Ông Nguyễn Sự
Status : clientTransferProhibited
Current Registrar : Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
DNS Server : + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn

Rappel ! (Phishing Carte Bleue)

Bonjour,

Une nouveau message en ligne est disponible sur votre Messagerie e-carte bleue.

Pour la consulter et accéder a votre messagerie sécurise.

veuillez vous adresser à https://service.e-cartebleue.com/fr/

Nous vous remercions par avance et restons bien sur à votre disposition pour
toute précision utile.

Cordialement.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique. Cette adresse e-mail ne peut pas recevoir de réponses.

Phishing screenshot :

Phishing analysis :

CLICK : https://service.e-cartebleue.com/fr/
OPEN : http://edilbarbetta.com/wp-content/them/
SCREENSHOT :

DETAIL : Wordpress website...

Domain analysis :

Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Expiration Date 11-sep-2017
Registrar Ascio Technologies, Inc
Registrant Name Luca Barbetta
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Domain Name EDILBARBETTA.COM
Sponsoring Registrar IANA ID 106
Whois Server whois.ascio.com
Referral URL http://www.ascio.com
Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Status ok https://icann.org/epp#ok
Updated Date 16-aug-2016
Creation Date 11-sep-2015
Expiration Date 11-sep-2017
Last update of whois database Fri, 02 Dec 2016 09:37:40 GMT
Registry Domain ID 1959304579_DOMAIN_COM-VRSN
Registrar WHOIS Server whois.ascio.com
Registrar URL http://www.ascio.com
Updated Date 2016-08-16T08:16:43Z
Creation Date 2015-09-11T00:00:00Z
Registrar Registration Expiration Date 2017-09-11T18:13:36Z
Registrar Ascio Technologies, Inc
Registrar IANA ID 106
Registrar Abuse Contact Email abuse@ascio.com
Registrar Abuse Contact Phone +44.2070159370
Domain Status OK
Registrant Name Luca Barbetta
Registrant Street via Tasso 8
Registrant Street Ve
Registrant City La Salute di Livenza
Registrant Postal Code 30029
Registrant Country IT
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Admin Name Master Host
Admin Organization One.com
Admin Street Kalvebod Brygge 24
Admin City Copenhagen V
Admin State/Province Copenhagen V
Admin Postal Code 1560
Admin Country DK
Admin Phone +45.46907100
Admin Fax +45.70205872
Admin Email hostmaster@one.com
Tech Name Master Host
Tech Organization One.com
Tech Street Kalvebod Brygge 24
Tech City Copenhagen V
Tech State/Province Copenhagen V
Tech Postal Code 1560
Tech Country DK
Tech Phone +45.46907100
Tech Fax +45.70205872
Tech Email hostmaster@one.com
DNSSEC unsigned
Last update of WHOIS database 2016-12-02T09:37:52 UTC

Email analysis :

NOTE : services.e-cartebleue@bell.net
NOTE : services.e-cartebleue@service.fr
NOTE : 184.150.200.79

Maerskline Shipping BL (Phishing + Virus)

FYI

Please see attached shipping documents.

1 attachment(s)
Download | View

Best Regards

MAERSK LINE
One Commercial Place, 20th Floor
Norfolk, VA 23510
Phone: 757-857-4800
Fax: 757-852-3232
© Maersk Group.

Virus :

CLICK : DOWNLOAD
OPEN : http://original-documents.alkhalifa.pw/document/FAX_001.zip
RESULT : UNRESPONSIVE

Phishing analysis :

CLICK : View
OPEN : http://eretailday.org/img/shippingdoc/index.html
SCREENSHOT :

VALIDATE : FORM
REDIRECT : https://my.maerskline.com/?_nfpb=true&_pageLabel=page_tracking3_trackSimple

Email analysis :

NOTE : logistics@maerskline.com
NOTE : Received : from unknown (HELO ?192.168.2.254?)
NOTE : (198.72.31.234)

Vital Update is Required (Lloyds Phishing)

Security Alert

Your Lloyds Online access need to be upgraded to match the details we hold on record for you. Failure to upgrade means you will encounter problem logging on to your online profile next time. Thanks for your co-operation.

Please update and verify your information.

Get Started ?

Please note: Failure to restore full access can lead to permanent suspension of access to our online banking service.

Best regards,
Lloyds Online Banking Team
Legal Privacy Security www.lloydsbankinggroup.com Rates and Charges

Phishing analysis :

CLICK : Get Started ?
OPEN : www.schlosserei-moser.it/wp-content/plugins/Lloyds(1)/
RESULT : Unresponsive

Email analysis :

NOTE : id-@hltv.org
NOTE : Mime-Version : 1.0
NOTE : smtp.mailfrom=id-@hltv.org
NOTE : Received : from nataraya.thirdeye.it (nataraya.thirdeye.it. [185.19.185.34])
NOTE : Received : from rudra.thirdeye.it (rudra.thirdeye.it [185.19.184.135])
NOTE : by nataraya.thirdeye.it
NOTE : Received : by rudra.thirdeye.it (Postfix)
NOTE : Received : from rudra.thirdeye.it ([127.0.0.1])
NOTE : by localhost (rudra.thirdeye.it [127.0.0.1])
NOTE : Received : from Admin-PC (unknown [41.207.200.91])

NOTE : by rudra.thirdeye.it (Postfix)
NOTE : X-Thirdeye-Mailscanner-From : id-@hltv.org
NOTE : Vital Update is Required

RE: shipping done

We shipped your crap.
Here s the tracking invoice :
https://www.ups.com/?tracking_invoice=219371293129312& action=download

Let us know when it arrives.
Thanks

Phishing analysis :

CLICK : https://www.ups.com/?tracking_invoice=219371293129312& action=download
OPEN : http://invoice-portal.com/invoices/get.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Download a file called : inv11172016.doc

File analysis :

ESET-NOD32 : VBA/Kryptik.T
F-Secure : Trojan:W97M/Nastjencro.A
Fortinet : WM/Agent.5110!tr
Kaspersky : HEUR:Trojan.Script.Agent.gen
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Panda : O97M/Downloader 20161117
Qihoo-360 : virus.office.gen.75
Symantec : W97M.Downloader
TrendMicro : W2KM_HANCITOR.YYSXC
TrendMicro-HouseCall : W2KM_HANCITOR.YYSXC

inv11172016.doc is a virus.

Email analysis :

NOTE : Return-Path : < rm@restaurantcocotte.com >
NOTE : 162.252.121.130 ()
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : iPad Mail (11D169)
NOTE : Message-Id : < *@restaurantcocotte.com >
NOTE : Content-Type : text/html; charset="utf-8"
NOTE : Received : from unknown (HELO restaurantcocotte.com) (162.252.121.130)

NOTE : RE: shipping done

ACCESS YOUR FUND URGENT NOW !!! (BOA Phishing)

Good Day..

Please my Dear we are sorry for our delaying so far!!, you can now access your compensation of $10.5 million U.S Dollar which has been credited on online account, it was registered with your Email, so log in to access the fund online now, with your Email and its password to clarify that this Email that is used to set up your online bank account is still active and to help us verify the real beneficiary,for easy access to your fund online , click here Online Fund Status to start the process, remember you can only log in with your email address and its password because it was registered with your email, for recognition of the real beneficiary of the fund, Note; even if it the site doesn't log you in at the first attempt try continuously okay, it will log you in to access your fund online and get back to me once you transfer total amount into your Bank account thanks..

Thanks
God bless!

Online Fund Status

Await your reply
Mrs Sandra Sandra

Email analysis :

NOTE : customer.rbos@gmail.com
NOTE : < bergenoid@gmail.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative;
NOTE : ACCESS YOUR FUND URGENT NOW !!!

Phishing analysis :

CLICK : Online Fund Status
OPEN : http://bit.ly/2fp5j9R
REDIRECT : http://deregulatedfxsolous.top/ZW50OiAiXGUwNTEiOw0KfQ0KLmljb24tZ2xvYmFsOmJlZm9yZSB7DQoJY29udGVudDogI/
SCREENSHOT :

CLICK : Login Now!
RESULT : ERROR MESSAGE.

Failed Delivery for Package #085043120 (USPS Phishing)

We tried but failed to deliver your package again today, because no one was present at the destination address. On the delivery day, there must be someone present at the destination address to receive the parcel.

Shipping type: Priority 1day
Box size: Large Flat Rate box
Date : Nov 14th 2016
Delivery Notification : e-mail sent

To reschedule the parcel delivery, visit our nearest office, with a printed copy of the Delivery Notice Card. An electronic copy of the Delivery Notice Card, in Microsoft Word format, can be downloaded from our website :

https://tools.usps.com/go/TrackConfirmAction?action=download&invoice=82 108506870

The tracking number can be found on the Delivery Notice Card and can be used to track your parcel:

https://t ools.usps.com/go/TrackConfirmAction_input

Thanks for shipping with us

© 2016 United States Postal Service

Phishing analysis :

CLICK : https://tools.usps.com/go/TrackConfirmAction?action=download&invoice=82 108506870

OPEN : http://hoasan.vn/js/view.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Phishing attempt.

Email analysis :

NOTE : usps@transitsystems.com
NOTE : Content-Type : text/html; charset="UTF-8"
NOTE : Mime-Version : 1.0
NOTE : X-Mailer : PHPMailer 5.2.8 (https://github.com/PHPMailer/PHPMailer/)
NOTE : X-Priority : 3
NOTE : Return-Path : < usps@transitsystems.com >
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Received : from unknown (HELO transitsystems.com) (194.75.227.248)

NOTE : Message-Id :
NOTE : Failed Delivery for Package #085043120

Rappel (Phishing Chronopost)

Cher(e) Client(e),

Je suis Vanessa Esseau responsable Livraison Chronopost, je vous informe que vous avez un colis au bureau de la poste. Vous disposez d'un délai de 48 heures pour récupérer votre colis, Sinon il sera retourné à l'expéditeur. Veuillez confirmer l'envoi du colis à votre domicile en suivant les étapes ci-dessous:

1- Appeler le numéro de notre service clients 3 fois ( 08 99 63 ** ** )

Cliquez-ici pour afficher le numéro

2- Recevoir le code de confirmation (8 chiffres) par téléphone.
3- Valider le code sur notre site pour suivez votre colis.

Veuillez lire attentivement les instructions suivants :

* Si vous ne pouvez pas recevoir le code veuillez essayer d'appeler jusqu'à 3 fois le numéro en rouge au-dessus.

* Après que vous passez la confirmation avec succès, un e-mail sera envoyé à votre adresse Mail avec tous les informations nécessaires à propos de votre colis (expéditeur, date, code, bureau de poste le plus proche..).

Cordialement.

---------- Original Message ----------From: "laposte.service vocale" < la.poste.service.vocale@hotmail.com >
Date: November 14, 2016 at 11:25 AM
De : Outlook < outlook@email2.office.com >
Envoyé : samedi 5 novembre 2016 21:01:57
À : la.poste.service.vocale@hotmail.com
Objet : Bienvenue dans Outlook.com—Simplifiez-vous la planification
De : Service B-Postale < mitznika@bell.net >
Envoyé : samedi 15 octobre 2016 16:58:36
À : service
Objet : jhh

Déclaration de confidentialité

Si vous pensez qu'il peut s'agir d'un email frauduleux, saisissez directement l'adresse www.westernunion.com dans la barre d'adresse de votre navigateur. En savoir plus sur la manière de vous protéger contre les fraudes.

Phishing analysis :

CLICK : Cliquez-ici pour afficher le numéro
OPEN : http://fitnesstorget.se/wp-content/theme/
SCREENSHOT :

NOTE : Phishing attempt.

Email analysis :

NOTE : outlook@email2.office.com
NOTE : mitznika@bell.net
NOTE : Return-Path : chronoplivraison@bell.net
NOTE : la.poste.service.vocale@hotmail.com
NOTE : Authentication-Results : spf=pass (sender IP is 184.150.200.79)

NOTE : from mtlgui03 ([10.90.35.142]) by mtlspm01.bell.net
NOTE : Cmm-Sending-Ip : 184.150.200.79
NOTE : Cmm-X-Sid-Pra : chronoplivraison@bell.net

PENDING DEPOSIT (Standard Bank Phishing)

Dear customer,

You just received a pending payment in your Standard Bank account, kindly login to your online banking by clicking-here or login with the below web-
link to receive your pending payment in your Standard Bank account:

http://bit.do/www22-encrypt-standardbank-co-za-ibstbsa-InternetBanking

Thank you for banking with Standard Bank.

Email analysis :

NOTE : X-Atmail-Account : tfscenter@qwestoffice.net
NOTE : Return-Path : < noreply@standardbank.co.za >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@qwestoffice.net >
NOTE : X-Mailer : AtMail PHP 5.5
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Origin : 122.152.167.26

NOTE : Content-Type : text/plain; charset="utf-8"
NOTE : client-ip=64.26.60.155;

NOTE : PENDING DEPOSIT

Article N° 1606281234CZF9E (Phishing Cdiscount)

Cdiscount

Bonjour,

Félicitation vous etes GAGNANT du: 3eme Prix: iPad Air 2.
Pour plus d'informations, veuillez acceder a notre page :

Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%

A bientôt,
Votre Service Client
Cdiscount

Cdiscount, C aussi...

... la fourmilière, un espace d’échange entièrement dédié à la Relation Clients de Cdiscount.
Retrouvez sur la Fourmilière, un forum pour vous exprimer et partager votre expérience avec les autres clients Cdiscount. Mais aussi des guides pratiques, des actus, des tutoriaux et un médiateur pour vous informer et vous guider tout au long de vos commandes !

🏈 Offre exceptionnelle pour France/Australie Si vous ne visualisez pas bien cet e-mail, cliquez ici OFFRE EXCEPTIONNELLE Bénéficiez dès aujourd'hui d'une réduction de - 40 %* sur les derniers billets mis en vente pour le match France / Australie FRANCE / AUSTRALIE Samedi 19 novembre 2016 à 21h00 au Stade de France *Offre valable uniquement sur les catégories 6 et 9 dans la limite des places disponibles Pour vous désabonner, cliquez ici

Phishing screenshot :

Email analysis :

NOTE : Cadeau_iPad_Air_2-Cdiscount@mail.live.fr

Phishing analysis :

CLICK : Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwi0xLz3naPQAhVCuRQKHVx3AiwQFgglMAI&url=http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F&usg=AFQjCNHlFFJAM-e7Ef16rEjcZMCdBNewPA&sig2=rLcfO8_NS1EXdCvy21UNVA&bvm=bv.138493631,d.d2s&cad=rja
SPLIT : http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F
DECODE : http://carambolabykids.com.br/categoria-produto/bebe-menina/conjunto-verao/
OPEN URL : REDIRECT
REDIRECT : http://archicad.kark.fi/js/Cdiscount/Cadeau_iPad_Air_2/
NOTE : Phishing was removed.

Mandatory Upgrade is Required (Lloyd Banking Scam)

Security Alert

Your Lloyds Online access need to be upgraded to match the details we hold on record for you. Failure to upgrade means you will encounter problem logging on to your online profile next time. Thanks for your co-operation..

Please update and verify your information

Get Started ?

Please note: Failure to restore full access can lead to permanent suspension of access to our online banking service.

Best regards,
Lloyds Online Banking Team
Legal Privacy Security www.lloydsbankinggroup.com Rates and Charges

Email screenshot :

Email analysis :

NOTE : Content-Type : multipart/alternative;
NOTE : Mime-Version : 1.0
NOTE : id-@hltv.org
NOTE : Received : from WIN-LER4ISVBPKO.home (bahar.tehranhost.com. [79.175.163.50])

NOTE : Received : from Admin-PC ([41.207.9.193])

NOTE : client-ip=79.175.163.50;
NOTE : Mandatory Upgrade is Required

Phishing analysis :

CLICK : Get Started ?
OPEN : http://www.xerussurgical.co.za/wp-includes/images/media/Lloyds(1)/
REDIRECT : http://www.xerussurgical.co.za/wp-includes/images/media/Lloyds(1)/Login.php?sslchannel=true&sessionid=*
SCREENSHOT :

CLICK : CONTINUE
SCREENSHOT :

CLICK : CONTINUE
REDIRECT : https://www.lloydsbank.com/