Sunday, June 5, 2016

Notification (Phishing Crédit Agricole)

Cher(e) Client(e) :
Nous tenons de vous informer que vous avez un nouveau message.
Pour consulter votre boite de messagerie cliquez sur le lien ci-dessous :

Cliquez ici

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.

Pour être sûr de recevoir nos e‑mails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Email screenshot :


Phishing analysis :

CLICK : Cliquez ici
OPEN : http://hemval.se/media
REDIRECT : http://103.200.5.135/c/0x0/
SCREENSHOT :


FILL : Postal code
CLICK : Arrow
REDIRECT : http://103.200.5.135/c/0x0/auth.php
SCREENSHOT :


CLICK : Confirmer
REDIRECT : https://www.credit-agricole.fr/

Email analysis :

NOTE : "CREDIT AGRlCOLE"@kiabi.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < kjhsSjd@kiabi.com >
NOTE : Received : from kiabi.com ([84.39.40.155])
NOTE : Received : by kiabi.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:Yasodm.php
NOTE : Message-Id : < *.*@kiabi.com >
NOTE : Notification
NOTE : Kiabi.com servers were used to relay this scam.

Update Your Information Account !! (eBay Phishing attempt)

eBay

Account ID: 0073621101

We have reason to believe that your eBay account has been used fraudulently without your permission. In addition, any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

To secure your eBay account, you need to:

1 - Login to your account.
2 - Verify the contact information.
3 - Update your payment informations and other stored information on your eBay account is correct.

For detailed instructions, please visit: www.ebɑy.com/help/account/securing-account-ID-0073621101.html

We appreciate your understanding and thank you for being part of our community.

Regards, eBay

Please don't reply to this message. It was sent from an address that doesn't accept incoming email.

Copyright © 2016.

Phishing analysis :

CLICK : www.ebɑy.com/help/account/securing-account-ID-0073621101.html
OPEN : https://www.secure-account-update-online.aloobein.ga/
REDIRECT : Phishing was removed...

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cpanel.hostnet.ge: authenticated_id: hostnet/only user confirmed/virtual account not confirmed
NOTE : Return-Path :
NOTE : X-Authenticated-Sender : cpanel.hostnet.ge: hostnet
NOTE : Received : from cpanel.hostnet.ge (cpanel.hostnet.ge. [212.72.155.189])
NOTE : Received : from hostnet by cpanel.hostnet.ge with local (Exim 4.87) (envelope-from < hostnet@cpanel.hostnet.ge >)
NOTE : Message-Id : < *@cpanel.hostnet.ge >
NOTE : smtp.mailfrom=hostnet@cpanel.hostnet.ge
NOTE : Update Your Information Account !!

Phishing attempt on bitcointalk email addresses

Greetings,

We know that some of you have accounts on bitcointalk.org and we wanted to let you know that a phishing attempt was made on bitcointalk email addresses earlier today.
If you received an email with the subject Mtgox.Claim assessment process, delete it and do not click on the link it contains! This email did not come from Kraken, but was spoofed to look as though it came from our support email (support@kraken.com).

We do not know how the bitcointalk email addresses were obtained, however the bitcointalk database has been compromised in the past. You can be assured that this incident was not the result of any breach in Kraken’s database and your personal information with Kraken is safe.

Even if you did receive the email, you are safe so long as you do not click on the link (just delete the email and you will be fine). If you did click on the link and are concerned about it, please contact us at: support@kraken.com.

Stay safe,

The Kraken Team

no-reply (Hameçonnage Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://comercialvans.com.mx/30
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/
SCREENSHOT :


CLICK : Accéder aux comptes

Screenshot :


CLICK : Vérifier
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/checked.html


REDIRECT : https://www.hellobank.fr/fr/espace-client

Email analysis :

NOTE : __Hellobank__@swd.nl
NOTE : binc@swd.nl
NOTE : X-Php-Originating-Script : 0:send.php
NOTE : Received : from swd.nl ([185.48.33.90])

Lisez votre messagew (Phishing Crédit Agricole) (Attempt)

Cher(e)dClient(e)dd

Lors de votre dérnier achats,vous avez été averti par un message vous informant de l'obligation d'adhérer à la
nouvelledréglementation conçernant la flabilité pour les achats pardC.Bdsur internet et de la mise en place d'un
arrêt pour vos futursdachats.
Or,nousfn'avons pas, cefjour,d'adhésionfdefvotrefpart et nousfsommes aufregret de vousdinformer que vous
pouvez plus utiliser votredcarte surfinternet

Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici

Cordialementggg

Copyright © 2016 Crédit Agricole

Copyright © 2016 A2 Hosting, All rights reserved.
You are receiving this email because you are an A2 Hosting Customer. If you don't wish to be on the Newsletter you can easily unsubscribe here or by controlling your contact options at My A2 Hosting.

Our mailing address is:
A2 Hosting
PO Box 2998
Ann Arbor, MI 48106

Add us to your address book
Quick Links

We're Hiring
My A2 Hosting
Open a Support Ticket
Affiliate Program - Earn $85!
Refer a Friend - Earn $50!
Review A2 Hosting!
Unsubscribe from this List Update Subscription and Notification Settings

Phishing analysis :

CLICK : Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici
OPEN : http://www.dong3.com.au/acces/
RESULT : Phishing is unresponsive

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.132.93])
NOTE : Received : by nice.fr (Postfix, from userid 33)
NOTE : NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Message-Id : < *.*@nice.fr >
NOTE : Lisez votre messagew

Lisez votre message! (Phishing Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://supportsinformation.com/hellobnk/
THE URL CHANGED TO :

data:text/html;base64,PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPiBzdHI9J0AzQ0A2OEA3NEA2REA2Q0AzRUAwQUAzQ0A2OEA2NUA2MUA2NEAzRUAwQUAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2OUA2NUA2RUA3NkA2NUA2RUA3NUA2NUAyMEA3M0A3NUA3MkAyMEA0M0A3OUA2MkA2NUA3MkA3MEA2Q0A3NUA3M0AzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAzQ0A3M0A3MEA2MUA2RUAzRUAzQ0A2Q0A2OUA2RUA2QkAyMEA3MkA2NUA2Q0AzREAyMkA3M0A2OEA2RkA3MkA3NEA2M0A3NUA3NEAyMEA2OUA2M0A2RkA2RUAyMkAyMEA2OEA3MkA2NUA2NkAzREAyMkA2OEA3NEA3NEA3MEA3M0AzQUAyRkAyRkA3N0A3N0A3N0AyRUA2OEA2NUA2Q0A2Q0A2RkA2MkA2MUA2RUA2QkAyRUA2NkA3MkAyRkA3MkA3M0A2M0AyRkA2M0A2RkA2RUA3NEA3MkA2OUA2MkAyRkA2OUA2REA2MUA2N0A2NUAyRkA2MUA3MEA3MEA2Q0A2OUA2M0A2MUA3NEA2OUA2RkA2RUAyRkA3N0A2MUA2Q0A2Q0A2NUA3NEAyREA0OEA0MkA1RkA2OUA2M0A2RkA2RUA2NUAyRUA3MEA2RUA2N0AyMkAyMEA3NEA3OUA3MEA2NUAzREAyMkA2OUA2REA2MUA2N0A2NUAyRkA3NkA2RUA2NEAyRUA2REA2OUA2M0A3MkA2RkA3M0A2RkA2NkA3NEAyRUA2OUA2M0A2RkA2RUAyMkAyMEAyRkAzRUAzQ0AyRkA3M0A3MEA2MUA2RUAzRUAwQUAwOUAzQ0A2REA2NUA3NEA2MUAyMEA2M0A2OEA2MUA3MkA3M0A2NUA3NEAzREAyMkA3NUA3NEA2NkAyREAzOEAyMkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2REA2NUA3NEA2MUAyMEA2OEA3NEA3NEA3MEAyREA2NUA3MUA3NUA2OUA3NkAzREAyMkA1OEAyREA1NUA0MUAyREA0M0A2RkA2REA3MEA2MUA3NEA2OUA2MkA2Q0A2NUAyMkAyMEA2M0A2RkA2RUA3NEA2NUA2RUA3NEAzREAyMkA0OUA0NUAzREA0NUA2NEA2N0A2NUAyMkAyMEAyRkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2MUA2RUA3MUA3NUA2NUAyMEA2NEA2OUA2N0A2OUA3NEA2MUA2Q0A2NUAyMEA0OEA2NUA2Q0A2Q0A2RkAyMEA2MkA2MUA2RUA2QkAyMUAyMOKAk0AyMEA2M0A2RkA2RUA2RUA2NUA3OEA2OUA2RkA2RUAyMEBFMEAyMEA2Q+KAmUA2NUA3M0A3MEA2MUA2M0A2NUAyMEA2M0A2Q0A2OUA2NUA2RUA3NEAzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAwOUAwQUAwOUAwOUAwQUAzQ0A3M0A3NEA3OUA2Q0A2NUAzRUAwQUAyQUAyMEAyMEAyMEAyMEAyMEAyMEA3QkA2REA2MUA3MkA2N0A2OUA2RUAzQUAzMEAzQkA3MEA2MUA2NEA2NEA2OUA2RUA2N0AzQUAzMEAzQkA3REAwQUA2OEA3NEA2REA2Q0AyQ0AwQUA2MkA2RkA2NEA3OUAyMEAyMEAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA2RkA3NkA2NUA3MkA2NkA2Q0A2RkA3N0AzQUA2OEA2OUA2NEA2NEA2NUA2RUAzQkA3REAwQUA3NEA2MUA2MkA2Q0A2NUAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3NEA2MUA2MkA2Q0A2NUAyREA2Q0A2MUA3OUA2RkA3NUA3NEAzQUA3M0A3NEA2MUA3NEA2OUA2M0AzQkAwQUA2MkA2RkA3MkA2NEA2NUA3MkAyREA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQUA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQkA3REAwQUA2OUA2NkA3MkA2MUA2REA2NUAyMEAyMEA3QkA2NkA2Q0A2RkA2MUA3NEAzQUA2Q0A2NUA2NkA3NEAzQkAyMEA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAyRUA2OEA2NUA2MUA2NEA2NUA3MkAyMEA3QkA2MkA2RkA3MkA2NEA2NUA3MkAyREA2MkA2RkA3NEA3NEA2RkA2REAzQUAzMUA3MEA3OEAyMEA3M0A2RkA2Q0A2OUA2NEAyMEAyM0AzMEAzMEAzMEA3REAwQUAyRUA2M0A2RkA2RUA3NEA2NUA2RUA3NEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAzQ0AyRkA3M0A3NEA3OUA2Q0A2NUAzRUAwQUAzQ0AyRkA2OEA2NUA2MUA2NEAzRUAwQUAzQ0A2MkA2RkA2NEA3OUAzRUAwQUAyMEAyMEAyMEAwQUAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2OUA2NkA3MkA2MUA2REA2NUAyMEA3M0A3MkA2M0AzREAyMkA2OEA3NEA3NEA3MEAzQUAyRkAyRkA3N0A3N0A3N0AyRUA2NEA2RkA2RUA2N0AzM0AyRUA2M0A2RkA2REAyRUA2MUA3NUAyRkA2OEA2NUA2Q0A2Q0A2RkAyRkAyMkAyMEA2NkA3MkA2MUA2REA2NUA2MkA2RkA3MkA2NEA2NUA3MkAzREAyMkAzMEAyMkAzRUAzQ0AyRkA2OUA2NkA3MkA2MUA2REA2NUAzRUAwQUAzQ0AyRkA2MkA2RkA2NEA3OUAzRUAwQUAzQ0AyRkA2OEA3NEA2REA2Q0AzRSc7IGRvY3VtZW50LndyaXRlKHVuZXNjYXBlKHN0ci5yZXBsYWNlKC9AL2csJyUnKSkpOyA8L3NjcmlwdD4=

SCREENSHOT :


CLICK : Accéder aux comptes

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.143.49])


NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Lisez votre message!