FROM C.B.P {TREAT AS URGENT}!!

U.S. Customs and Border Protection
1300 Pennsylvania Ave NW, Washington, DC 20229,
United States.

Urgent Attention: Beneficiary,

I am Assistant Commissioner Kevin K. McAleenan head of Field Operations (OFO) of the U.S. Customs and Border Protection (CBP). We have just intercepted and confiscated two trunks at John F Kennedy International Airport in New York, NY 11430 coming from a foreign country. We crosschecked the content of the boxes and found it contained a total sum of $4.1 million dollars. Also with one of the trunks were documents with your name as the receiver of the money. As we progressed in our investigations of the Diplomat which accompanied the trunks into the United States we learned that he was to deliver these funds to your residence as payment of an inheritance/winning, which was due to you. Further checks on the consignment, we found out that the consignment paperwork lacked the PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE forms. We then confiscated both trunks and released the Diplomat.

The trunks According to section 229 subsection 31 of the International, Commerce Regulators Code Enforcement Guidelines, your consignment lacks PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE from the joint team of Homeland Security and therefore you must contact us for direction on how to procure the two certificates, so that you can be relieved of the charges of evading tax which is a jail offense under section 12 subsection 441 of the Tax Code. We will also be asking the IRS to launch an investigation of money laundering if you do not follow our instructions.

You are therefore required to contact me within 72 hours, at that point I will walk you through the process of clearing and claiming the money.

Failure to comply may lead to your arrest, interrogation and/or you being prosecuted in the Court of Law for tax evasion and or money laundering. You are also advised not to contact any bank in Africa, Europe or banking institution.

Yours in service,
Kevin K. McAleenan
Head of Field Operations (OFO),
U.S. Customs and Border Protection (CBP)

Email analysis :

NOTE : kevin@uscbp.com
NOTE : postmaster@gmx.net
NOTE : Received : from [222.124.18.76] (helo=fm1.smtp.telkom.net)

NOTE : by smtp-out091-sv3.telkom.net with esmtps
NOTE : Received : from User (74.subnet222-124-201.astinet.telkom.net.id [222.124.201.74]

NOTE : (may be forged)) by fm1.smtp.telkom.net

RE: TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA

MY NAME IS MR.FRANK .E RYAN OF TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA. I AM SENDING THIS PRIVATE EMAIL BASED ON THE CONFIDENTIALITY OF THE TRANSACTION. PLEASE, I WILL LIKE TO ADVISE; IF AFTER GOING THROUGH MY PROPOSAL AND YOU DO NOT ACCEPT IT, KINDLY KEEP IT TO YOURSELF.

AS OF THIS MOMENT, I AM STILL IN SERVICE WITH THE AB GHANA. AND I WILL NOT BY ANY MEANS LIKE TO LOSE MY JOB, SO IF YOU ARE NOT INTERESTED, KEEP THIS TO YOURSELF. I HAVE PUT IN OVER 23 YEARS IN THIS BANK BUT I DO NOT HAVE ANYTHING TO SHOW FOR IT. THIS IS JUST MY OPPORTUNITY TO MAKE SURE THAT I GIVE MY CHILDREN A DECENT TRAINING SINCE MY GOVT WHICH IS CORRUPT HAS REFUSED TO TAKE CARE OF ITS RESPONSIBILITY. INFANT I AM SICK AND TIRED OF EVERYTHING HERE AND I NEED TO GET OUT. I FOUND OUT THAT YOU ALMOST MET ALL THE STATUTORY REQUIREMENTS IN RESPECT OF YOUR PAYMENT. PLEASE BE EQUALLY ADVISED THAT NO SECURITY COMPANY IN AFRICA CAN HANDLE YOUR CONTRACT PAYMENT/INHERITANCE FUND WITH ANY BANK WITHOUT THE INSTRUCTIONS OF THE AFI BANK, YOUR PROBLEM IS THAT OF INTEREST GROUP IN THE FEDERAL MINISTRY OF FINANCE THAT IS SUPPOSED TO ORDER TRANSFER OF YOUR FUND WITH THE APPROVAL OF THE AB. A LOT OF PEOPLE ARE INTERESTED IN YOUR PAYMENT AND THAT EXPLAINS WHY YOU RECEIVE EMAILS AND PHONE CALLS FROM DIFFERENT PEOPLE EVERYDAY, THEIR WHOLE GAME PLAN IS TO FRUSTRATE YOU; IN-ORDER FOR YOU TO ABANDON THE PAYMENT AND THEN, THEY WILL BE COMFORTABLE AND BE FREE ENOUGH TO TRANSFER THE FUNDS INTO THEIR OVERSEAS ACCOUNT. THEIR AIM AND TARGET IS NOT THE MONEY YOU ARE GIVING THEM BUT TO FRUSTRATE YOU, HENCE, YOU HAVE LOST TRUST ON WHOM TO BELIEVE TO BE GENUINE. I CAN ASSURE YOU THAT THIS MAY LAST FOR YEARS, YET NOTHING HAPPENS,TO SUM IT UP, I WISH TO ASSURE YOU THAT WITH MY POSITION HERE IN THE TELEX DEPARTMENT, I CAN PUNCH THE COMPUTER AND CREDIT YOUR ACCOUNT STRAIGHT, I CAN ACCOMPLISH THIS UNDER FIVE WORKING DAYS, BUT WE HAVE TO REACH AN AGREEMENT. FIRST OF ALL, YOU HAVE TO LET ME KNOW HOW MUCH YOU WILL GIVE ME AT THE CONSUMMATION OF THIS DEAL. FINALLY, YOU WILL HAVE TO ACCEPT TO KEEP THIS TRANSACTION STRICTLY CONFIDENTIAL IF YOU ACCEPT MY PROPOSAL, KINDLY GET BACK TO ME IMMEDIATELY ON MY PRIVATE MAIL ADDRESS (frankryanbb@outlook.com) AND CONFIRM YOUR PARTICULARS ON REPLY.

REGARDS,

MR.FRANK RYAN
+233-541863101

Email analysis :

NOTE : frankryanbb@outlook.com
NOTE : FRANKMORGAN@AFRIBANK.COM.GH
NOTE : Received : from User (76-8-85-59.dbshosting.com [76.8.85.59])
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : by bsmtpd at dbshosting.com
NOTE : Authentication-Results : 76.8.85.230
NOTE : X-Priority : 3
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Barracuda-Connect : 76-8-85-59.dbshosting.com[76.8.85.59]

NOTE : Content-Type : text/plain; charset="Windows-1251"

Kindly respond for more detail

Am Gen John W Nicholson Jr. i am with the us army in Camp Abu Naji / FOB Garry Owen (Al Amarah)I need your assistant to move some funds out of Iraq.Kindly respond for more detail

Email analysis :

NOTE : Return-Path :
NOTE : X-Originatingip : 105.225.245.50 (printing)
NOTE : Mime-Version : 1.0
NOTE : smtp.mailfrom=Gen_John@us.army.mil
NOTE : Message-Id : < *.*@mgip.com >
NOTE : X-Mailer : OpenWebMail 2.53
NOTE : X-Col-Mta : smtp.colbd.com
NOTE : X-Col-Mta : dhs01.colbd.net
NOTE : Content-Type : text/plain; charset=utf-8
NOTE : Received-Spf : client-ip=202.65.168.39;
NOTE : Received : from mta.colbd.net (mta.colbd.net. [202.65.168.39])
NOTE : Received : from dhs01.colbd.net (mailx.regentfashion.com [202.65.168.44])
NOTE : Received : from mail.superknittingbd.com (mail.superknittingbd.com [202.65.169.46])
NOTE : Received : from superknittingbd.com (localhost [127.0.0.1] (may be forged))
NOTE : by mail.superknittingbd.com (8.14.4/8.14.4)
NOTE : Kindly respond for more detail

Please Act Accordingly

Dear Beneficiary,

I am Jacob J. Lew, Secretary of the Treasury under the U.S. Department of the Treasury. You can get more details about me here;

https://en.wikipedia.org/wiki/Jack_Lew

At the recently concluded meeting with the World Bank and the United Nations, an agreement was reached between both parties for us to settle all outstanding payments accrued to individuals/corporations with respect to local and overseas contract payment, debt re-scheduling and outstanding compensation payment. Fortunately, you have been selected alongside a few other beneficiaries to receive your own payment of $1.5million (One Million five hundred thousand United States Dollars only). We have been notified that you are yet to receive your fund valued at $1.5million This money will now be transferred to your nominated bank account. You are advised to kindly reply this email with the below details enclosed to help us process your payment;

(1) Full Names:
(2) Residential Address:
(3) Country of Residence:
(4) Age:
(5) Phone/Cell Number:
(6) Occupation:

Yours faithfully,

Jacob J. Lew
Secretary of the Treasury
(U.S. Department of the Treasury)

Note: The information contained in this e-mail is private & confidential and may also be legally privileged. If you are not the intended recipient, please notify us, preferably by e-mail, and do not read, copy or disclose the contents of this message to anyone.

Email analysis :

NOTE : info@usa.gov
NOTE : mrjacklew74@gmail.com
NOTE : X-Authenticated-Sender : vps.massautocomponents.com: info@massautocomponents.com
NOTE : X-Get-Message-Sender-Via : vps.massautocomponents.com:
NOTE : authenticated_id: info@massautocomponents.com
NOTE : Received : from [167.88.9.70] (port=54680 helo=User) by vps.massautocomponents.com

Notification (Phishing Crédit Agricole)

Cher(e) Client(e) :
Nous tenons de vous informer que vous avez un nouveau message.
Pour consulter votre boite de messagerie cliquez sur le lien ci-dessous :

Cliquez ici

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.

Pour être sûr de recevoir nos e‑mails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Email screenshot :

Phishing analysis :

CLICK : Cliquez ici
OPEN : http://hemval.se/media
REDIRECT : http://103.200.5.135/c/0x0/
SCREENSHOT :

FILL : Postal code
CLICK : Arrow
REDIRECT : http://103.200.5.135/c/0x0/auth.php
SCREENSHOT :

CLICK : Confirmer
REDIRECT : https://www.credit-agricole.fr/

Email analysis :

NOTE : "CREDIT AGRlCOLE"@kiabi.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < kjhsSjd@kiabi.com >
NOTE : Received : from kiabi.com ([84.39.40.155])
NOTE : Received : by kiabi.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:Yasodm.php
NOTE : Message-Id : < *.*@kiabi.com >
NOTE : Notification
NOTE : Kiabi.com servers were used to relay this scam.

Update Your Information Account !! (eBay Phishing attempt)

eBay

Account ID: 0073621101

We have reason to believe that your eBay account has been used fraudulently without your permission. In addition, any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

To secure your eBay account, you need to:

1 - Login to your account.
2 - Verify the contact information.
3 - Update your payment informations and other stored information on your eBay account is correct.

For detailed instructions, please visit: www.ebɑy.com/help/account/securing-account-ID-0073621101.html

We appreciate your understanding and thank you for being part of our community.

Regards, eBay

Please don't reply to this message. It was sent from an address that doesn't accept incoming email.

Copyright © 2016.

Phishing analysis :

CLICK : www.ebɑy.com/help/account/securing-account-ID-0073621101.html
OPEN : https://www.secure-account-update-online.aloobein.ga/
REDIRECT : Phishing was removed...

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cpanel.hostnet.ge: authenticated_id: hostnet/only user confirmed/virtual account not confirmed
NOTE : Return-Path :
NOTE : X-Authenticated-Sender : cpanel.hostnet.ge: hostnet
NOTE : Received : from cpanel.hostnet.ge (cpanel.hostnet.ge. [212.72.155.189])
NOTE : Received : from hostnet by cpanel.hostnet.ge with local (Exim 4.87) (envelope-from < hostnet@cpanel.hostnet.ge >)
NOTE : Message-Id : < *@cpanel.hostnet.ge >
NOTE : smtp.mailfrom=hostnet@cpanel.hostnet.ge
NOTE : Update Your Information Account !!