During your last purchase (Phishing Paypal)

Header Image

Privacy Policy for PayPal Services Copyright ©2016

PayPal fraud prevention set standards by presenting the best security solution in the industry that make your business more secure.If you do not renew your paypal account will be limited or closed permanently

Update Your Account Info. Please click below.

Thank you for choosing PayPal

border

Copyright ©2016 All rights reserved.

Email analysis :NOTE :

NOTE : Return-Path : < *@sendgrid.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : ColdFusion 9 Application Server
NOTE : client-ip=50.31.42.127;
NOTE : Received : from o1.email.britishsoapawards.tv ([50.31.42.127])
NOTE : Received : by filter0036p1las1.sendgrid.net
NOTE : Received : from vaya-backend09-optusrts (unknown [103.1.216.177])
NOTE : by ismtpd0018p1sin1.sendgrid.net (SG)
NOTE : During your last purchase

Phishing analysis :

CLICK : THE BUTTON
OPEN : https://bit.ly/1RFlDg4
REDIRECT : http://64.71.78.238/CFIDE/web.html
REDIRECT : http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php
SCREENSHOT :

CLICK : Log In
REDIRECT http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php?error_login_id=*#

NOTE : THE LOGIN ASK FOR A VALID PASSWORD...
NOTE : SHORT THE URI TO http://horseridingholidaysgb.co.uk/php/update_info/
SCREENSHOT :

NOTE : FUNNY...
NOTE : CHANGE IP
SCREENSHOT :

NOTE : LAUGHT...

Do you need a loan? $5,000.00 to $1,000,000.00 at 2%

Do you need a loan? $5,000.00 to $1,000,000.00 at 2%, Interested and serious person contact us.

Name:
Amount needed:
Duration:
country:
Mobile Number:

Thanks.

Email analysis :

NOTE : unbloaninvestment@gmail.com
NOTE : phong_tdda_skhdt@bacgiang.gov.vn
NOTE : Return-Path : < phong_tdda_skhdt@bacgiang.gov.vn >
NOTE : X-Originating-Ip : [10.9.11.2]
NOTE : Dkim-Filter : OpenDKIM Filter v2.9.2 mta1.bacgiang.gov.vn E73EA1220B5
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*.*.JavaMail.zimbra@bacgiang.gov.vn >
NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (ZimbraWebClient - GC51 (Win)/8.6.0_GA_1153)
NOTE : Thread-Topic :
NOTE : client-ip=125.212.128.218;
NOTE : Received : from mta1.bacgiang.gov.vn (mail.bacgiang.gov.vn. [125.212.128.218])

NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : Received : from mta1.bacgiang.gov.vn ([127.0.0.1])
NOTE : by localhost (mta1.bacgiang.gov.vn [127.0.0.1])
NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : Received : from mta1.bacgiang.gov.vn ([127.0.0.1])
NOTE : by localhost (mta1.bacgiang.gov.vn [127.0.0.1])
NOTE : Received : from mailstore1.bacgiang.gov.vn (unknown [10.9.11.12])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : The bacgiang.gov.vn servers were used to relay this scam.

vous avez un nouveau ✉ (Phishing CIC)

CI C

Cher(e) Client(e),

Lors de votre dérnier achat, vous avez été averti par un message vous informant de l'obligation d'adhérer à la nouvelle réglementation concernant la fiabilité pour les achats par C.B sur internet et de la mis en place d'un arrét pour vos futurs achats

Or, nous n'avons pas, ce jour , d'adhésion de votr part et nous sommes ou regret de vous informer que vous pouvez plus utiliser votr cart sur internet

Adhésion : cIiquant ici

Merci de la confiance que vous nous témoignez

Cordialement

Conseil d'administration

Email screenshot :

Email analysis :

NOTE : mdl@geosoc.fr
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < www-data@geosoc.fr >
NOTE : Received : from geosoc.fr ([84.39.46.170])
NOTE : Received : by geosoc.fr (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:lkhourza.php
NOTE : Message-Id : < 20160628050458.0648121078@geosoc.fr >
NOTE : vous avez un nouveau ✉

Phishing analysis :

CLICK : Adhésion : cIiquant ici
OPEN : http://royalapparels.com/cgi/
REDIRECT : http://marcellocampos.com.br/loja/magmi/state/-/mpl/lpf/zero/normal42/accorde/*
REDIRECT : http://marcellocampos.com.br/loja/magmi/state/-/mpl/lpf/zero/normal42/accorde/*/lb.php?id=*&default=*
SCREENSHOT :

CLICK : OK
SCREENSHOT :

NOTE : ANALYSIS WITH NO REDIRECT IF THE PASSWORD IS WRONG

Domain analysis : marcellocampos.com.br

domain: marcellocampos.com.br
owner: Marcelo Campos
responsible: Turbo Web Internet
country: BR
owner-c: MAACA45
admin-c: ZAB
tech-c: WAA218
billing-c: MAACA45
nserver: nsbra16.hostgator.com.br
nsstat: 20160627 AA
nslastaa: 20160627
nserver: nsbra17.hostgator.com.br
nsstat: 20160627 AA
nslastaa: 20160627
created: 20070704 #3724896
expires: 20220704
changed: 20150719
status: published
nic-hdl-br: MAACA45
person: Marcelo Andr? de Campos
created: 20070109
changed: 20160126
nic-hdl-br: WAA218
person: Willianson de Almeida Araujo
created: 20050409
changed: 20130401
nic-hdl-br: ZAB
person: Zilda Aparecida Bagattini
created: 19971223
changed: 20151230

Dr. David Patrick

Read carefully ,

This is to inform you that International Monetary Fund IMF is compensating all the scam victims $2.700,000.00USD each, and your email address was found in the scam victim's list. This Western Union head office has been mandated by the IMF Director to transfer your compensation fund to you via Western Union Transfer Daily. We the western union office here stated that you will be receiving your fund $2.700.000.00 at the maximum of $5,000.00 daily until the whole money is completely transfer to you. We have sent out your first payment $5,000 but it placed on hold because your payment is not yet activated. BELOW IS YOUR FIRST PAYMENT $5,OOO.OOUSD but still on hold

MTCN#________________________ 8860-3341-09#
Sender’s First Name:------- David
Sender’s Last Name:------Patrick
Sender’s Location:------- Seattle,Benin Republic
Amount sent:------- $5000

Remember we need your full information as where we will be sending the funds, such as to avoid wrong transfer,

Receiver name:-________
Address:-__________
Country:-____________
Phone number:-_____________

Note that you are not expected to pay for transfer charges all the fee has been paid by International Monetary Fund the depositor. The only fee you will you send before you will start picking up your daily payment $5,000.00 as it was sign is only $105.00 for the activation of your western union payment transfer files. Note that your payment files will be returned to the IMF within 72 hours if we did not hear from you, this was the instruction given to us by the IMF.

Contact us Below:westernunionm4@gmail.com
Call me now +229-98151176

Thanks,
Dr.David Patrick
The Western Union Director Benin Republic
Call me now +229-98151176

Email analysis :

NOTE : westernunionm4@gmail.com
NOTE : massage.@ocn.ne.jp
NOTE : X-Originating-Ip : [104.167.217.234]

Steiner, D Ms : Dir NEPAD, Africa Multilateral, DIRCO

Hello, can i share with you a business? kindly reply!! (sergio_bed111@163.com)

Disclaimer: This email and files transmitted with it contain confidential and privileged information and are intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please -

- do not read, disseminate, distribute, copy or take action in reliance on this email and
- delete it immediately and arrange for the deletion thereof on your server, and
- notify the administrator of the Department of International Relations and Cooperation at postmaster@dirco.gov.za immediately.

Any unauthorised, use duplication or interception of this e-mail or any files transmitted with it is expressly and strictly prohibited. No representation, guarantee or undertaking (expressed or implied) is made or given

- As to the confidentiality or security of the e-mail system' Or
- As to the accuracy of the information in this email and any files transmitted with it is virus-free.

No responsibility or liability is accepted for:

- the proper, complete transmission of the information contained in this email or any files transmitted with it or any delay in its receipt; or rising from or as a result of the use of or reliance on the content of this email or any files transmitted with it. Any views expressed in this email or any files transmitted with it are not necessarily the views of the Department of International Relations and Cooperation. Queries regarding this emails or any files transmitted with it, should be directed to postmaster@dirco.gov.za.

This disclaimer forms part of the content of this e-mail for purposes of section 11 of the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Email analysis :

NOTE : SteinerD@dirco.gov.za
NOTE : Content-Language : en-ZA
NOTE : Mime-Version : 1.0
NOTE : client-ip=196.14.41.164;

FW: Your Shipping Documents (DHL Phishing)

Shipping Documents Receiver's eMail: ***@***.com

Greetings,

As instructed by your shipper, we have attached below the secured PDF copies of your shipping documents and your shipment tracking details from our international logistic partner, DHL Epress.

Click Here To View Your Documents And Shipment Tracking Details : www.dhl.com/documents/0094325.pdf

At Co-Logistics we offer best Service Delivery Commitment with shipper & client.

*´¨)
¸.• ´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•'* Best Regards
(¸.•'* .•*´¨)
Smith Wan *
(¸.•'*
Sales Excutive

Cooperate Logistics Co.,Ltd
************************

Head Office
Rm 2401-2502,Guidu Bld, Chungfeng Rd,
Luohu, Shenzhen, China
Phone: (86) 755 88863799
Email: info@co-logistics.com
URL: www.co-logistics.com
Image result for Carrier: DHL FedEx UPS TNT

Phishing analysis :

CLICK : www.dhl.com/documents/0094325.pdf
REDIRECT : http://namaren.com/jyg/DHL/tracking.php?userid=***@***.com

Email analysis :

NOTE : jbarba@morsco.com
NOTE : Mime-Version : 1.0
NOTE : X-Originating-Ip : [14.139.59.197]

NOTE : client-ip=157.56.111.70;