05224 24243
agence SG vous informe
Gestion de votre compte - Mes Comptes - SG
Vous avez choisi de gérer vos comptes en ligne depuis le site sg.fr ou l'application Ma banque, mais vous n'avez pas encore reconfirmer vos données personnelles dans votre profil.
ATTENTION : à partir du 09 Mars 2023, afin de renforcer votre sécurité et conformément à la seconde directive européenne sur les services de paiement(2), votre identifiant et votre code secret de connexion ne suffiront plus pour accéder à votre Espace Client.
Tous les 90 jours calendaires, une authentification forte sera nécessaire. Pour cela, vous devez réactiver votre numéro de mobile et la marque de votre téléphone à l'aide du code unique reçu par sms ou une authentification forte via SecuriPass . À défaut, l'accès à votre Espace Client sera bloqué dans 24h.
Pour continuer à rester connecté à vos comptes, merci de reconfirmer vos données personnelles en cliquant ici :
Accéder à mon Service
Une question ?
Contactez gratuitement nos conseillers au 05224 24243, du lundi au vendredi de 9h à 19h (accessible aux horaires métropolitains, appel gratuit depuis un poste fixe).
Nous vous invitons à finaliser dès que possible. Au-delà de 48 h, .
Nous vous remercions de votre confiance.
A très bientôt.
Société Générale SA
** Ce message est généré automatiquement. Merci de ne pas y répondre. **
Phishing screenshot :
Email analysis :
NOTE : gguilbert@pages.fr
NOTE : Received-Spf : www-data@webmail.capelec.fr does not designate 95.110.178.156
NOTE : Received-Spf : as permitted sender)
NOTE : Received-Spf : helo="node32793-env-239.it1.eur.aruba.jenv-aruba.cloud";
NOTE : Received-Spf : envelope-from="www-data@webmail.capelec.fr";
Phishing analysis :
CLICK : Accéder à mon Service
OPEN : https://strafverteidiger-langen-duesseldorf.de/?*
REDIRECT : http://familienrecht-langen-duesseldorf.de/pro-sg-fr/esapce/fr/pass/dsp2/app.html
SCREENSHOT :
Wednesday, March 8, 2023
Monday, August 27, 2018
FWD (Phishing Société Générale)
Validez votre Pass Sécurité
Bonjour,
-Nous vous invitons à consulter votre compte pour mettre à jour vos coordonnées personnelles.
Pour le consulter,vous devez vous connecter a votre espace securise de Banque en Ligne.
Valider mon Pass Sécurité
Ce message est genere automatiquement, ne repondez pas a l'expediteur.
Si vous n'etes pas destinataire(s) de ce message, merci de le detruire.
Directoire et Conseil de Surveillance au capital de 4 046 407 595 euros - Siege social et adresse postale : 115, rue de Sevres - 75 275 Paris Cedex 06 - RCS Paris 421 100 645 - Code APE 6419Z, intermediaire d'assurance, immatricule A l'ORIAS sous le n° 07 023 424
Jedsetde
Votre N° Client : E19081690
© dfoRi.
Phishing screenshot :
Email analysis :
NOTE : societegeneraleclientreplyservices1@movistar.es
NOTE : X-Sender-Ip : 86.109.101.142
Phishing analysis :
CLICK : Valider mon Pass Sécurité
OPEN : http://mowallet.co.za/img/common/
REDIRECT : http://mowallet.co.za/img/common/4b5fe/login.php?*
SCREENSHOT :
NOTE : TEST CODE
REDIRECT : http://mowallet.co.za/img/common/4b5fe/dcr-web/
Bonjour,
-Nous vous invitons à consulter votre compte pour mettre à jour vos coordonnées personnelles.
Pour le consulter,vous devez vous connecter a votre espace securise de Banque en Ligne.
Valider mon Pass Sécurité
Ce message est genere automatiquement, ne repondez pas a l'expediteur.
Si vous n'etes pas destinataire(s) de ce message, merci de le detruire.
Directoire et Conseil de Surveillance au capital de 4 046 407 595 euros - Siege social et adresse postale : 115, rue de Sevres - 75 275 Paris Cedex 06 - RCS Paris 421 100 645 - Code APE 6419Z, intermediaire d'assurance, immatricule A l'ORIAS sous le n° 07 023 424
Jedsetde
Votre N° Client : E19081690
© dfoRi.
Phishing screenshot :
Email analysis :
NOTE : societegeneraleclientreplyservices1@movistar.es
NOTE : X-Sender-Ip : 86.109.101.142
Phishing analysis :
CLICK : Valider mon Pass Sécurité
OPEN : http://mowallet.co.za/img/common/
REDIRECT : http://mowallet.co.za/img/common/4b5fe/login.php?*
SCREENSHOT :
NOTE : TEST CODE
REDIRECT : http://mowallet.co.za/img/common/4b5fe/dcr-web/
Monday, December 18, 2017
Attention: Your account status change ! (PayPal Phishing attempt)
PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?
Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.
Phishing screenshot :
Email analysis :
NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php
Phishing analysis :
CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt
Sunday, December 10, 2017
Final reminder: update your payment details
Please Update Your Payment Method Now
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.
Email analysis :
NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])
Phishing screenshot :
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.
Email analysis :
NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])
Phishing screenshot :
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :
Tuesday, October 24, 2017
Hi User, you have 2 important invitations on your LinkedIn network
LinkedIn
These invitations are expiring this month.
Remember, each connection extends the reach of your network.
Dale Christel
CEO, Perm Mold Alum Castings and Machining at Watry Ind. 920-457-4886
Invitation expires: November 14
Yes, connect
Scott Fraser SIOR, CCIM
Senior Vice President at Kidder Mathews
Invitation expires: November 9
Yes, connect
See all invitations
Unsubscribe | Help
You are receiving Invitation emails.
This email was intended for LinkedIn user. Learn why we included this.
LinkedIn
© 2017 LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : chair-e.business@meu.edu.jo
NOTE : X-Originating-Ip : [105.112.16.129]
Phishing screenshot :
Phishing analysis :
CLICK : Yes, connect
OPEN : https://pt-ipm.co.id/imcp2/wp-admin/includes/lm/js/i.php
REDIRECT : https://tachimitatape.co.id/xc/www.linkedin/53f12518b4dce443ab52eb662098f8cf/
SCREENSHOT :
These invitations are expiring this month.
Remember, each connection extends the reach of your network.
Dale Christel
CEO, Perm Mold Alum Castings and Machining at Watry Ind. 920-457-4886
Invitation expires: November 14
Yes, connect
Scott Fraser SIOR, CCIM
Senior Vice President at Kidder Mathews
Invitation expires: November 9
Yes, connect
See all invitations
Unsubscribe | Help
You are receiving Invitation emails.
This email was intended for LinkedIn user. Learn why we included this.
© 2017 LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : chair-e.business@meu.edu.jo
NOTE : X-Originating-Ip : [105.112.16.129]
Phishing screenshot :
Phishing analysis :
CLICK : Yes, connect
OPEN : https://pt-ipm.co.id/imcp2/wp-admin/includes/lm/js/i.php
REDIRECT : https://tachimitatape.co.id/xc/www.linkedin/53f12518b4dce443ab52eb662098f8cf/
SCREENSHOT :
Wednesday, October 18, 2017
Final reminder: update your payment details (Netflix Phishing)
Please Update Your Payment Method Now
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system.
You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032.
You can un-subscribe to security alerts by configuring your online account.
We are sending this email to provide support for your personal online Netflix account.
Phishing screenshot :
Email analysis :
NOTE : mail@sfr.fr
NOTE : Received : from eee ([185.12.177.121])
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://www.mynetchecking.com/browse/user
RESULT : Phishing is not responsive.
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system.
You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032.
You can un-subscribe to security alerts by configuring your online account.
We are sending this email to provide support for your personal online Netflix account.
Phishing screenshot :
Email analysis :
NOTE : mail@sfr.fr
NOTE : Received : from eee ([185.12.177.121])
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://www.mynetchecking.com/browse/user
RESULT : Phishing is not responsive.
Tuesday, October 10, 2017
Lors votre dernier achats (Phishing Société Générale)
Adhésion : Faite votre demande en ligne en cliquant-ici
Email analysis :
NOTE : Received : from 5.62.57.67 (IP may be forged by CGI script)
NOTE : by infong73.kundenserver.de
NOTE : Return-Path : < noreply@nrj.fr >
NOTE : noreply@nrj.fr
NOTE : X-Mailer : PHPMailer [version 1.73]
Phishing screenshot :
Phishing analysis :
CLICK : Faite votre demande en ligne en cliquant-ici
OPEN : http://hinsorn.ac.th/obeclms/osita/
REDIRECT : http://seraylv3.beget.tech/near/sg/ce18c0b32e0328aa61d8c9d10b1f34c6/
SCREENSHOT :
SPOOFED EMAIL : noreply@nrj.fr
Email analysis :
NOTE : Received : from 5.62.57.67 (IP may be forged by CGI script)
NOTE : by infong73.kundenserver.de
NOTE : Return-Path : < noreply@nrj.fr >
NOTE : noreply@nrj.fr
NOTE : X-Mailer : PHPMailer [version 1.73]
Phishing screenshot :
Phishing analysis :
CLICK : Faite votre demande en ligne en cliquant-ici
OPEN : http://hinsorn.ac.th/obeclms/osita/
REDIRECT : http://seraylv3.beget.tech/near/sg/ce18c0b32e0328aa61d8c9d10b1f34c6/
SCREENSHOT :
SPOOFED EMAIL : noreply@nrj.fr
Tuesday, September 19, 2017
Add me on Linkedln (LinkedIn Phishing Attempt)
LinkedIn
Ahmed Kinawy wants to add you to their network
mahmoud ahmed
Ahmed Kinawy
CEO at LAKHRAIM BUSINESS GROUP
Dubai:· 5,640 connections
Accept Ahmed's invitation
LinkedIn is a social network and online platform for professionals. Learn More
Unsubscribe | Help
You are receiving Invitation emails. LinkedIn will use your email address to make suggestions to our members in features like People You May Know.
This email was sent to you.
LinkedIn
© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : Jnsour@meu.edu.jo
NOTE : client-ip=104.47.0.219;
Phishing analysis :
CLICK : Accept Ahmed's invitation
OPEN : http://www.bristolflying.co.uk/wp-includes/js/wp-admin/Linkedln/
NOTE : ERROR.
NOTE : Phishing attempt.
Ahmed Kinawy wants to add you to their network
mahmoud ahmed
Ahmed Kinawy
CEO at LAKHRAIM BUSINESS GROUP
Dubai:· 5,640 connections
Accept Ahmed's invitation
LinkedIn is a social network and online platform for professionals. Learn More
Unsubscribe | Help
You are receiving Invitation emails. LinkedIn will use your email address to make suggestions to our members in features like People You May Know.
This email was sent to you.
© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : Jnsour@meu.edu.jo
NOTE : client-ip=104.47.0.219;
Phishing analysis :
CLICK : Accept Ahmed's invitation
OPEN : http://www.bristolflying.co.uk/wp-includes/js/wp-admin/Linkedln/
NOTE : ERROR.
NOTE : Phishing attempt.
please add me on your LinkedIn network (LinkedIn Phishing)
Hi, Mohamed El Wahab sent message on your LinkedIn network
Mohamed El Wahab
CHIEF EXECUTIVE at LLC TRADING IMP & EXP TRADE CO.,LTD
Dubai, UAE.
Connected in August 2017
View Message Here
2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.
You are receiving Activity You Missed emails. Unsubscribe
This email was intended for you (owner). Learn why we included this.
LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland
Email analysis :
NOTE : LinkedInCorporation2017@service.net
NOTE : linkedin-service@noreply.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : Received : from localhost (HELO webmail.sai.org.in)
Phishing analysis :
CLICK : View Message Here
OPEN : http://ramonbmejia.myjino.ru/mejia/linnkedin/www.linkedin/Linkedin1/
VALIDATE : FORM
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://www.linkedin.com/start
SCREENSHOT :
Mohamed El Wahab
CHIEF EXECUTIVE at LLC TRADING IMP & EXP TRADE CO.,LTD
Dubai, UAE.
Connected in August 2017
View Message Here
2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.
You are receiving Activity You Missed emails. Unsubscribe
This email was intended for you (owner). Learn why we included this.
LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland
Email analysis :
NOTE : LinkedInCorporation2017@service.net
NOTE : linkedin-service@noreply.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : Received : from localhost (HELO webmail.sai.org.in)
Phishing analysis :
CLICK : View Message Here
OPEN : http://ramonbmejia.myjino.ru/mejia/linnkedin/www.linkedin/Linkedin1/
VALIDATE : FORM
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://www.linkedin.com/start
SCREENSHOT :
Monday, September 4, 2017
TR :lmportant (Phishing Banque Postale)
Cher(e) Client(e),
Dans le cadre de l'amélioration continue de nos services, nos conseilles est à votre écoute.
La Banque Postale effectuent un mise a niveau du logiciel prevu.
Nous vous demandons instamment de visiter le lien suivant pour commencer la confirmation de votre login.
Pour commencer, s'il vous plait cliquer sur le lien ci-dessous:
Cliquez ici
Si vous souhaitez prendre contact avec nous, veuillez Contacter nous sur «Aide et contact».
Email analysis :
NOTE : p.vloon@home.nl
NOTE : 212.54.34.166
NOTE : Received : from vm4.bonachats.net
NOTE : ([52.169.121.142] helo=52.169.121.142)
Screenshot of the Phishing :
Phishing analysis :
CLICK : Cliquez ici
OPEN : https://goo.gl/d9zaHc
SCREENSHOT :
COPY LINK : http://tunarp.se/wp-content/labanquepostale/
OPEN : http://tunarp.se/wp-content/labanquepostale/
RESULT : Phishing attempt
Dans le cadre de l'amélioration continue de nos services, nos conseilles est à votre écoute.
La Banque Postale effectuent un mise a niveau du logiciel prevu.
Nous vous demandons instamment de visiter le lien suivant pour commencer la confirmation de votre login.
Pour commencer, s'il vous plait cliquer sur le lien ci-dessous:
Cliquez ici
Si vous souhaitez prendre contact avec nous, veuillez Contacter nous sur «Aide et contact».
Email analysis :
NOTE : p.vloon@home.nl
NOTE : 212.54.34.166
NOTE : Received : from vm4.bonachats.net
NOTE : ([52.169.121.142] helo=52.169.121.142)
Screenshot of the Phishing :
Phishing analysis :
CLICK : Cliquez ici
OPEN : https://goo.gl/d9zaHc
SCREENSHOT :
COPY LINK : http://tunarp.se/wp-content/labanquepostale/
OPEN : http://tunarp.se/wp-content/labanquepostale/
RESULT : Phishing attempt
Sunday, September 3, 2017
Notification(1) (PayPal Phishing Attempt)
ΡayΡal
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
Saturday, September 2, 2017
Please verify your email address (Dropbox Phishing Attempt)
The Dropbox logo
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : no-reply@dropbox.com
NOTE : Received : from [177.182.101.95] (unknown [177.182.101.95])
NOTE : Received : from ip-161-245.vnt.net.id (unknown [103.58.161.245])
NOTE : Received : from unitel.com.la (unknown [183.182.101.232])
Phishing analyis :
CLICK : Verify your email
OPEN : http://jaysonmorrison.com/dropbox.html
SCREENSHOT :
CLICK : click here
OPEN : http://dippydado.net/json.php
RESULT : website broken...
OPEN : Another dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://dar-alataa.com/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
OPEN : Another Dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://potamitis.gr/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : no-reply@dropbox.com
NOTE : Received : from [177.182.101.95] (unknown [177.182.101.95])
NOTE : Received : from ip-161-245.vnt.net.id (unknown [103.58.161.245])
NOTE : Received : from unitel.com.la (unknown [183.182.101.232])
Phishing analyis :
CLICK : Verify your email
OPEN : http://jaysonmorrison.com/dropbox.html
SCREENSHOT :
CLICK : click here
OPEN : http://dippydado.net/json.php
RESULT : website broken...
OPEN : Another dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://dar-alataa.com/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
OPEN : Another Dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://potamitis.gr/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
Saturday, August 19, 2017
Votre demande d'ahésion ! (Phishing Société Générale)
vos information
SG
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < noreply@tix.fr >
NOTE : X-Sender-Info : < 349043243@infong732.kundenserver.de >
NOTE : Received : from mout.kundenserver.de ([212.227.126.133])
NOTE : Received : from infong732.kundenserver.de (infong732.kundenserver.de [212.227.29.55])
NOTE : by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis)
NOTE : Received : from 62.210.15.181 (IP may be forged by CGI script)
NOTE : by infong732.kundenserver.de
NOTE : Votre demande d'ahésion !
Phishing analysis :
CLICK : SG
OPEN : x-webdoc://***
OPEN : SOURCE CODE
EXTRACTED : http://apalomino.com/calson/ - http://peinturesdusud-avignon.com/sec
EXTRACTED : cyberzoide@multimanoi.com_body
OPEN : http://apalomino.com/calson/
REDIRECT : http://cubiertasbarcelona.es/eteg/nera/
SCREENSHOT :
Impacted services :
Relay : kundenserver.de
Open Redirect : apalomino.com
Phishing hosted on : cubiertasbarcelona.es
Victim : Société Générale
Tuesday, August 15, 2017
FWD:TR:RE (Phishing attempt Société Générale)
SOCIETE GENERALE
Cher client,
Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.
Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.
https://www.societegenerale.fr/customercare/banque/confprocedure.asp
Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.
© Société Générale 2017
Phishing screenshot :
Email analysis :
NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]
Phishing analysis :
CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.
Cher client,
Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.
Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.
https://www.societegenerale.fr/customercare/banque/confprocedure.asp
Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.
© Société Générale 2017
Phishing screenshot :
Email analysis :
NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]
Phishing analysis :
CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.
Tuesday, August 8, 2017
FWD:RE (Phishing Société Générale)
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit
Notre systeme a detecte que vous n'avez pas active Pass securite
Cliquez ici Pour activez ce service
NOUVEAU: Votre identifiant evolue
NOTE : Ne pas repondre a ce courrier electronique car il est emis
automatiquement depuis une adresse technique
Cordialement
Alexandre krivine
Directeur de la relation clients
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Apply Now >
Facebook
Twitter
Instagram
RSS
Appstore
Android
This message was sent to ilyass-maradona@live.fr
If you would like to update your email address, please click here.
To unsubscribe from emails, please log in to your Mint account
where you can manage your email and mobile alerts setting.
©2007—2017 Mint Software, Inc. | All Rights Reserved.
Mint.com 2632 Marine Way, Mountain View, CA 94043
Privacy Policy | Terms and Conditions
Phishing screenshot :
Email analysis :
NOTE : ing22@telus.net
NOTE : ilyass-maradona@live.fr
NOTE : Received : from cmta16.telus.net ([209.171.16.89])
NOTE : Received : from mtlp000023.email.telus.net ([172.20.100.250])
NOTE : by cmsmtp with SMTP
NOTE : X-Originating-Ip : [105.149.30.122]
Phishing anaylsis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://www.goingesten.se/wp-snapshots/tmp/
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/Action.php?*
SCREENSHOT :
CLICK : VALIDATE WRONG CODE
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/deconnecter.php?date=0000000000&crd=0000&date-ex=00&year-ex=0000&cv=000&numo=0000000000&zob1=00000000&zob2=000000
REDIRECT : http://societegenerale.fr/
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit
Notre systeme a detecte que vous n'avez pas active Pass securite
Cliquez ici Pour activez ce service
NOUVEAU: Votre identifiant evolue
NOTE : Ne pas repondre a ce courrier electronique car il est emis
automatiquement depuis une adresse technique
Cordialement
Alexandre krivine
Directeur de la relation clients
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Apply Now >
RSS
Appstore
Android
This message was sent to ilyass-maradona@live.fr
If you would like to update your email address, please click here.
To unsubscribe from emails, please log in to your Mint account
where you can manage your email and mobile alerts setting.
©2007—2017 Mint Software, Inc. | All Rights Reserved.
Mint.com 2632 Marine Way, Mountain View, CA 94043
Privacy Policy | Terms and Conditions
Phishing screenshot :
Email analysis :
NOTE : ing22@telus.net
NOTE : ilyass-maradona@live.fr
NOTE : Received : from cmta16.telus.net ([209.171.16.89])
NOTE : Received : from mtlp000023.email.telus.net ([172.20.100.250])
NOTE : by cmsmtp with SMTP
NOTE : X-Originating-Ip : [105.149.30.122]
Phishing anaylsis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://www.goingesten.se/wp-snapshots/tmp/
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/Action.php?*
SCREENSHOT :
CLICK : VALIDATE WRONG CODE
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/deconnecter.php?date=0000000000&crd=0000&date-ex=00&year-ex=0000&cv=000&numo=0000000000&zob1=00000000&zob2=000000
REDIRECT : http://societegenerale.fr/
Monday, July 31, 2017
FWD:RE (Phishing Société Générale)
En ce qui concerne les informations relatives à votre compte bancaire:
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Facebook
Instagram
Twitter
Pinterest
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Wednesday, July 26, 2017
Agence ClientèIe SBE : RappeI (Phishing Bred)
Cher(e) Client(e),
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Saturday, July 15, 2017
Avis Important : Activation de votre PASS SECURITE
Bouygues Telecom
ACTIVATION DE VOTRE PASS SECURITE
Chère Cliente, Cher Client,
Nous vous présentons le nouveau : PASS SECURITE .Un service simple et rapide pour confirmer vos transactions en ligne. Intégré dans l’Appli(1) Smartphone Société Générale, ce nouveau service vous permet de confirmer rapidement et directement vos opérations réalisées en ligne. Une simple démarche vous permettra l'adhésion à ce service.
Nous vous prions de remplir le formulaire demandé en cliquant ici.
Veuillez saisir de votre identifiant et mot de passe banque en ligne en premier lieu.
Nous vous remercions de votre confiance ainsi que du temps accordé
À très bientôt.
Alain Angerame
Directeur de la Relation Clients
Pensez-y
Societe Generale, SA au capital de 2 492 770 306 euros - Siège social : 16, boulevard des Italiens - 75009 PARIS.
Immatriculée sous le n° 662
Merci de ne pas répondre à ce courrier électronique : il est émis depuis une adresse technique.
Facebook est une marque déposée de Facebook, Inc.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute, copy or take any action in reliance on the contents of this e-mail and these activities are strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Phishing screenshot :
Phishing analysis :
CLICK : en cliquant ici
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjfmPKqlojVAhWHWRoKHT2lAuEQFggmMAA&url=http%3A%2F%2Fwww.losramonvanenmoto.com%2F%3Fp%3D398&usg=AFQjCNGf_uOWCXPgrOUk9HQftp6Bw-MSOQ
EXTRACT LINK : http://www.losramonvanenmoto.com/?p=398
REDIRECT : http://sh212342.website.pl/clientsg/
NOTE : As you can see inside this phishing, the fraud used a Google approach.
Email analysis :
NOTE : no.reply@clarabridge.com
NOTE : Cmm-Sender-Ip : 64.78.52.184
NOTE : Received : from vultrguest (185.92.222.28)
NOTE : by east.exch023.serverdata.net (10.240.8.31)
ACTIVATION DE VOTRE PASS SECURITE
Chère Cliente, Cher Client,
Nous vous présentons le nouveau : PASS SECURITE .Un service simple et rapide pour confirmer vos transactions en ligne. Intégré dans l’Appli(1) Smartphone Société Générale, ce nouveau service vous permet de confirmer rapidement et directement vos opérations réalisées en ligne. Une simple démarche vous permettra l'adhésion à ce service.
Nous vous prions de remplir le formulaire demandé en cliquant ici.
Veuillez saisir de votre identifiant et mot de passe banque en ligne en premier lieu.
Nous vous remercions de votre confiance ainsi que du temps accordé
À très bientôt.
Alain Angerame
Directeur de la Relation Clients
Pensez-y
Societe Generale, SA au capital de 2 492 770 306 euros - Siège social : 16, boulevard des Italiens - 75009 PARIS.
Immatriculée sous le n° 662
Merci de ne pas répondre à ce courrier électronique : il est émis depuis une adresse technique.
Facebook est une marque déposée de Facebook, Inc.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute, copy or take any action in reliance on the contents of this e-mail and these activities are strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Phishing screenshot :
Phishing analysis :
CLICK : en cliquant ici
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjfmPKqlojVAhWHWRoKHT2lAuEQFggmMAA&url=http%3A%2F%2Fwww.losramonvanenmoto.com%2F%3Fp%3D398&usg=AFQjCNGf_uOWCXPgrOUk9HQftp6Bw-MSOQ
EXTRACT LINK : http://www.losramonvanenmoto.com/?p=398
REDIRECT : http://sh212342.website.pl/clientsg/
NOTE : As you can see inside this phishing, the fraud used a Google approach.
Email analysis :
NOTE : no.reply@clarabridge.com
NOTE : Cmm-Sender-Ip : 64.78.52.184
NOTE : Received : from vultrguest (185.92.222.28)
NOTE : by east.exch023.serverdata.net (10.240.8.31)
Subscribe to:
Posts (Atom)