[Alert] Account Notification ( PayPal Phishing )

PayPal

Access a new device

A device or website that we do not know request access to your account :

Location : Ukraine
IP adress : 176.97.101.83
Navigator : Chrome (Windows)

If you were not please update your account information from the link below:

Update My Account

If you are not responsible for this operation, contact us support@paypal.com.

© PayPal 2016

Email screenshot :

Email analysis :

NOTE : servi@updat.admin.com
NOTE : Received : from sagitta by serwer.hosting-desire.pl with local (Exim 4.87)
NOTE : (envelope-from < sagitta@serwer.hosting-desire.pl >)
NOTE : X-Php-Originating-Script : 1168:rebels.php
NOTE : client-ip=176.112.79.50;

Phishing analysis :

CLICK : Update My Account
OPEN : http://antikytheramech.culture.gr/sites/default/files/Redirect.php
NOTE : Phishing was removed...

You Have Won Our Lottery (Congratulations)

Dear Lottery Winner,

Your e-mail address attached to ballot number: (02-01-19-72-27-16-05) with Serial number 5368/16 drew the lucky numbers: 11-07-02-08-01-27 which subsequently won you the BMW South Africa Lottery in the 3rd category. You have therefore been approved to claim a total sum of Two Million United States Dollars, credited to file BMWSAL/9GM/327739.

Please contact our BMW South African Claim Agent below for further instruction on how to process your payment immediately.

Name: MOHAMMED KHUTA
Email: mohammedkuta27@yahoo.com.sg
Phone: +27622709260

Thanks for your expected cooperations in this regard.

Mr.Sean Moore.
President,BMW South Africa Lottery Board

Email analysis :

NOTE : mohammedkuta27@yahoo.com.sg
NOTE : damok@damok.com
NOTE : Received : from User
NOTE : (62-210-178-122.rev.poneytelecom.eu [62.210.178.122])

NOTE : (authenticated bits=0)

FAMILY GOLD FOR SALE

*This message was transferred with a trial version of CommuniGate(r) Pro* Dear Sir/Madam, We are the Family of Chief Nana Kwaku Baah II, a local miners, we located in New Atuabo Tarkwa in Western Region Ghana; we are seeking for a reliable gold buyer who can be buying our gold in a regular supply basics. We also needs some modern gold mining equipment and machines for the development of the family’s mining concessions and to enhance our production to enable us meet up the supplying demands. Details of Commodity Commodity - Au Dory Bar/Dust Quantity – 50-100KGS Per Month Purity – 98.69 purity Carat - 23. 69 carats Our Local price - $24,500usd per kilo. Awaiting your response to provide you with more details required. Best Regards. Kofi,

Email analysis :

NOTE : koffialbert@yandex.com
NOTE : norlaili.mi@klkoleo.com.my
NOTE : Received : from [176.61.142.204] (account info@cisalmaty.kz HELO User)

NOTE : by cisalmaty.kz (CommuniGate Pro SMTP 6.0.9 _trial_)

Security update regarding your account (PayPal Phishing)

This is an automated email, please do not reply

Dear User
(*@* ),

Our advanced security system detected that your account information has been compromised, We need to verify your account in order to continue using your Paypal services, Please understand that this is a security measure to protect you & your account. We apologize for any inconvenience.

Check your account

Thanks for choosing us,
PayPal Team

© 1999-2016 PayPal. All rights reserved.
Email ID: 865009
2016/07/28 00:15:00

Email analysis :

NOTE : support@estet.az
NOTE : Mime-Version : 1.0
NOTE : Authentication-Results : support@estet.az designates 94.20.30.223
NOTE : X-Priority : 1
NOTE : Content-Transfer-Encoding : 8bit
NOTE : X-Mailer : PHPMailer 5.2.8Wahib Priv8 Mailer
NOTE : X-Php-Script : estet.az/aa.php for 117.244.23.108

NOTE : X-Get-Message-Sender-Via : ns001.datacenter.az: authenticated_id: estet/from_h
NOTE : X-Authenticated-Sender : ns001.datacenter.az: support@estet.az
NOTE : Received-Spf : client-ip=94.20.30.223;

NOTE : Security update regarding your account

Phishing analysis :

CLICK : Check your account
OPEN : http://cirt.mx//images/Secure//
REDIRECT : http://cirt.mx/images/Secure//MGen/*/?dispatch=*
SCREENSHOT :

CLICK : Log In
SCREENSHOT :

FINAL WARNING: Verify Your Email Account Within 12 Hours! (Phishing)

Your Account & Email Has Been Blocked!
Your account has been Blocked due to system error CODE:YB261729285.
If you would like to continue using your Email Address,

VerifyYour Account Now

YOU WILL COMPLETELY LOSE YOUR EMAIL ADDRESS IF NO ACTION IS TAKEN.

Sincerely,

©2016 Mail Team - Terms & Privacy

Email screenshot :

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Authentication-Results : saleshf@helnan.com
NOTE : Return-Path : < saleshf@helnan.com >
NOTE : Received : from ahvm102rry.activehost.com
NOTE : (ahvm102.activehost.com. [66.165.144.25])
NOTE : Received : from [192.168.43.215] (UnknownHost [197.211.57.14])
NOTE : client-ip=66.165.144.25;
NOTE : FINAL WARNING: Verify Your Email Account Within 12 Hours!

Phishing analysis :

CLICK : VerifyYour Account Now
OPEN : http://ecogreentec.com.au/san/index.htm
NOTE : http://ecogreentec.com.au/san/mail.htm?cmd=LOB=RBGLogon&_pageLabel=page_logonform&secured_page
SCREENSHOT :

INTERESTING FIELDS : (form) method="post" action="up.php"
INTERESTING FIELDS : (css) http://www.outitgoes.com/default.css
CLICK : Re-Validate My Mailbox!
REDIRECT : http://ecogreentec.com.au/san/index.htm
REDIRECT : http://ecogreentec.com.au/san/mail.htm?cmd=LOB=RBGLogon&_pageLabel=page_logonform&secured_page

Payment notification.

FEDERAL MINISTRY OF FINANCE
NATIONAL HOUSE OF ASSEMBLY COMPLEX
SENATE HOUSE - UPPER CHAMBERS WUSE DISTRICT, COTONOU BENIN
OFFICE LINE: +(229) 9948-5442

Our Ref: FGN /SNT/STB

IF YOU FAIL TO SEND THE $39 THIS WEEK YOUR $2.500, 000.00 IS GONE

I have to inform you again, that we are not playing over this, I know my reason for the continuous sending of this notification to you, the fact is that you can't seem to trust any one again over this payment and we have now curt the prize of $126 to $39 for what you have been in cantered in many months ago, but I want you to trust me, I cannot scam you for $39 it is for bank processing of your payment, the fees is $126 but we have curt to $39 so that you can be able to send it today, $39 is clearly written to you before, and the good part of this, is that you will never, ever be disturbed again over any kind of payment, this is final, and the forms from there becomes effective once we submit your payment application processing fee and pay the form fee of $39 I don't want you to loose this fund this time, because you may never get another such good opportunity, the federal government is keen and very determined to pay your overdue debts, this is not a fluke, I would not want you to loose this fund out of ignorance, I will send you all the documents as soon as bank payment processing fee is paid, you have to trust me, you will get your fund, find a way to get $39 you will not loose it,instead it will bring your financial breakthrough, find the money and send it to our bursary. The reason why am sending you this because I want you to receive your USD2.5Million immediately we are trying to round up for this payment program.The processing charges which was initially on the high price has been cut down by the payout bank considering the poor economic situations that make it difficult for the middle class citizens to meet up with the processing charges of their entitlement. Upon the confirmation of your processing charges you will get your $2.500, 000.00 into your account within 4hrs.

Here is the payment information, send Through Western Union Money Transfer OR Money Gram.

Receiver Name ...Victor Obi
Country .....Benin Republic.
City .................Cotonou.
Amount .....$39.00 US Dollars
Text question: When
Answer: Today

Sender's full banking details to avoid wrong transfer:

Bank Name:.......
Bank Address:....
Account Number:..
Account Name:....
Routing Number:..

As soon as the payment is received today, you will receive your $2.5M in your account the same today without any delay.

Best Regards
Mark Damion
+(229) 9948-5442

Email analysis :

NOTE : markdamion00@gmail.com
NOTE : OiS.@plum.ocn.ne.jp
NOTE : X-Originating-Ip : [46.246.93.15]

NOTE : Remote : 153.149.233.40 (mbkd0239.ocn.ad.jp)