Friday, October 14, 2016

[SPAM] Confirm your deposit (Required)

Hello,

In order to activate the Cash Formula you need to confirm your deposit!

>> Confirm Your Deposit Here

Once confirmed you can access your dashboard where you can view your funding balance. The Cash Formula will start to earn you profits upon activattion.

Thank you,

William D. Campbell
638 Cambridge Court
Little Rock, AR 72211

Scam analysis :

CLICK : >> Confirm Your Deposit Here
OPEN : http://safestpayment.net/?hop=test@test.com
SCREENSHOT :


REDIRECT : http://freedomcircle.co/?ot=*&token=*&clickid=*&aff=*&ct=*
SCREENSHOT :


Email analysis :NOTE :

NOTE : client-ip=45.40.124.96; helo=legitcheckout.net;


NOTE : [SPAM] Confirm your deposit (Required)

FBI Disclaimer paper

OFFICIAL LETTER FROM FBI NEW YORK, Your fund was received at U.S Custom Authority at (JFK) John F. Kennedy Int'l Airport NYC and necessary fees/charges has been paid by sender except $150 for Customs Clearance Certificate CCC, but a lady Janet Fred., came forward claimed you sent her to claim your $8Million, is it true? did you order her to pay $150 for CCC? Also be informed that we came to an agreement with the U.S Custom Authority at (JFK) John F. Kennedy Int'l Airport NYC that you will send fee latest tomorrow, unless you want your fund to be hand over to her, while you will expect FBI Disclaimer paper to sign or else you will be arrested for assigning her without informing us. Just click on reply, to reply back to FBI-Director-James B Comey Jr to his private email uspdf587@yeah.net immediately. Yours sincerely, FBI email Dept.Reply To E-mail: uspdf587@yeah.net Phone 202 852 0499 uspdf587@yeah.net

Email analysis :NOTE :

NOTE : uspdf587@yeah.net
NOTE : Return-Path : < ikgomnkhkhkhk@yahoo.co.jp >
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-5
NOTE : Authentication-Results : 182.22.91.88 as permitted sender


NOTE : smtp.mailfrom=ikgomnkhkhkhk@yahoo.co.jp
NOTE : X-Mailer : YahooMailWebService/0.8.111_69
NOTE : Received : from [41.79.219.219]

Your Netflix Membership has been suspended [#348963] (Phishing)

Validation failed

During a routine check of your account we have failed to validate the billing method we have on record for your account. To continue using the Netflix service you will need to update/verify your billing information.

CONTINUE >>

Please note that failure to complete the validation process will result in permanent suspension of your netflix membership.

We thank you for your understanding.

Netflix Billing Support

TWEET LIKE FORWARD

Preferences | Unsubscribe

Phishing analysis :

CLICK : CONTINUE >>
OPEN : http://newdata01.com/
RESULT : Phishing was removed

Email analysis :

NOTE : Return-Path:
NOTE : Received: from [146.20.110.156] (port=57419 helo=User)


NOTE : From: " Netflix"< no-reply@netflix.ssl.com>
NOTE : Subject: Your Netflix Membership has been suspended [#348963]
NOTE : MIME-Version: 1.0
NOTE : Content-Type: text/html;charset="Windows-1251"
NOTE : Content-Transfer-Encoding: 7bit
NOTE : X-AntiAbuse: Sender Address Domain - netflix.ssl.com
NOTE : X-Get-Message-Sender-Via: server-33:
NOTE : authenticated_id: pro/only user confirmed/virtual account not confirmed
NOTE : X-Authenticated-Sender: server-33: pro
NOTE : X-Remote: 162.242.219.144 ()

Une nouvelle conseille.

Bonjour ,

Vous avez reçu une nouvelle conseille sur votre espace client en ligne.

Pour le consulter, merci de vous connecter à votre espace client credit lyonnais,

En cliquant içi

A très bientôt sur le service lcl de gestion des comptes.

L'équipe Banque en Ligne.

Phishing analysis :

CLICK : En cliquant içi
OPEN : http://lidingösegelsällskap.se/wp-content/lcl/
RESULT : Phishing was removed.

Email analysis :


NOTE : Importance : high
NOTE : Return-Path : mabanqueprivee@bell.net
NOTE : Cmm-X-Sid-Pra : mabanqueprivee@bell.net
NOTE : Cmm-Sender-Ip : 184.150.200.80


NOTE : Une nouvelle conseille.

Thursday, October 13, 2016

Aviso !!! (Phishing Attempt)

Aviso !!!

Nos dimos cuenta de que su cuenta de correo electrónico se ha casi exceder su límite. Y usted no puede enviar o recibir mensajes en cualquier momento a partir de ahora.

Haga clic en el enlace para iniciar la sesión y renovar su cuenta: http://ow.ly/JT19304XkK2

AVISO:

El no hacer login y renovar su cuenta de correo electrónico que será una incapacidad permanente.

Gracias,
cuenta de servicio

Phishing analysis :

CLICK : http://ow.ly/JT19304XkK2
SCREENSHOT :


NOTE : Phishing attempt...

Email analysis :

NOTE : Content-Type : text/plain; charset="iso-8859-1"
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < cgajardo@sence.cl >
NOTE : Return-Path : cgajardo@sence.cl
NOTE : account : cgajardo


NOTE : X-Originating-Ip : [120.146.244.171]


NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : Received : from cipres.sence.local (osopanda.sence.cl. [163.247.55.173])


NOTE : Received : from ARAUCARIA.sence.local (192.9.200.57)
NOTE : by cipres.sence.local (192.9.200.55)
NOTE : Received-Spf : client-ip=163.247.55.173;
NOTE : Content-Description : Mail message body
NOTE : Aviso !!!
NOTE : sence.cl server with account cgajardo were used to relay this phishing...

Email Account Re-activation (Move To Inbox) (Phishing)

Dear User prout@prout.com

We noticed that your email account has been outdated . Your prout@prout.com account has been placed on temporary block, it would be permanently blocked if you do not unblock within 48hours.

Click here to unblock your account

Note:

Failure to unblock your e-mail account. It will be permanently disabled.

Thank you for using our service.

Phishing analyis :

CLICK : Click here to unblock your account
OPEN : http://parijatpackaging.com/wp-content/Auth//aut.php?email=prout@prout.com
SCREENSHOT :


CLICK : Submit Now
REDIRECT : http://parijatpackaging.com/wp-content/Auth//success.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
SCREENSHOT :


Email analysis :

NOTE : kbeneteau@tmmsinc.com
NOTE : Mime-Version : 1.0
NOTE : Remote : 124.24.62.192 (pcweb03.mcdonalds.co.jp)
NOTE : Return-Path : < kbeneteau@tmmsinc.com >
NOTE : Received : from pcweb03.mcdonalds.co.jp (HELO pcweb03.www.mcdonalds.co.jp) (124.24.62.192)


NOTE : Received : from Server-PC.LangBak.local (unknown [10.73.24.16])
NOTE : by pcweb03.www.mcdonalds.co.jp (Postfix)
NOTE : Email Account Re-activation (Move To Inbox)

Compte Alerte! [Signature=664QT6]

BMO Banque de Montreal Canada

Cher (*@*),

Vous n'êtes plus autorisé à accéder à votre service en ligne.

Nous avons dû désactiver votre accès pour votre sécurité.

Cela a pu être le cas du fait d'un changement intervenu récemment dans votre adresse, ou parce que des informations incorrectes ont été fournies durant le processus d'enregistrement initial. Veuillez vérifier votre compte dans les 48 prochaines heures afin d'éviter une suspension complète de votre compte en ligne. À l'issue d'une vérification réussie de votre compte vous pourrez utiliser votre identifiant comme d'habitude.

Suivez cette page de vérification sécurisée afin de réaliser une authentification en ligne efficace:

https://www1.bmo.com/onlinebanking/cgi-bin/netbnx/NBmain?product=6

Nous prenons la sécurité de votre compte très au sérieux, et nous avons besoin de ces informations pour nous aider à empêcher des tiers d'accéder à votre compte.

Par contre, en ce qui concerne les comptes BMO bloqués, seule une utilisation responsable de votre compte BMO peut empêcher sa désactivation. La politique de BMO sur le déblocage de comptes semble dépendre de la fourniture de données précises, grâce auxquelles les opérateurs prennent une décision sur le compte. Les informations peuvent être mal interprétées, et les questions et réponses de sécurité peuvent être oubliées, il est donc plus pratique d'éviter ce genre de problème en utilisant votre compte de manière responsable.

%%%ID: 6640285754

Phishing analysis :

CLICK : https://www1.bmo.com/onlinebanking/cgi-bin/netbnx/NBmain?product=6
OPEN : http://www.marking-sb.hr/aget7/index.php
RESULT : Phishing is unresponsive...

Email analysis :

NOTE : X-Clientproxiedby : EMSERVER.CANNONKALLAR.local (10.1.1.3)
NOTE : To EMSERVER.CANNONKALLAR.local (10.1.1.3)
NOTE : Received : from [192.168.0.23] (75.151.23.97)


NOTE : by EMSERVER.CANNONKALLAR.local (10.1.1.3)
NOTE : Received : from mail.kallars.com (mail.kallars.com. [81.136.176.71])

Hi Friend (Can you handle USD$21.5M?)

Good day,

Can you handle USD$21.5M for a contract (GNPC) investment fund,(FIXED) deposited and i'll like to know how you can be trusted to execute this project with me?

If yes, Please kindly get back to me with your direct Cell-phone Number,Home Telephone Number and Contact Address if you can really be trusted, to enable us discuss further.

I await your prompt response.

Yours Sincerely,

Mr. Martin Kofi Adu, Manager,
Engineering and Head of Project and
Planning of the Ghana National Petroleum Corporation (GNPC)

Email analysis :

NOTE : zone@saudimall.net
NOTE : Received : from User (unknown [212.76.87.115])


NOTE : by mta.saudimall.net (Postfix)

Tuesday, October 11, 2016

Let's Talk Please?

My dear

It will very much interest you that I summoned a lot of courage to send this email to you. My client, Engineer Andrew died without a will and the rules of intestacy in this country permits the government to seal up his estate and push them into the government treasury as unclaimed. I have tried to reach his family but all efforts proved void since he was on my legal retainer-ship for just two years before his untimely date.

I am contacting you believing you are related to him and bear the same surname. The estate is worth millions and there are no surviving relatives known to me or to the administrators and the bank.

Note that this claim will be made under a legitimate framework and under the inheritance arbitration act. I have been an inheritance lawyer for over 15years now and if you respond with your willingness to work with me, I will clarify you in details what needs to be done and the sharing pattern.

Regards
Attorney David Hesse
Curtis, Mallet-Prevost, Colt & Mosle LLP,
London
United Kingdom

Email analysis :

NOTE : david.hesse@yandex.com
NOTE : david.hesse1@yandex.com
NOTE : Received : from [64.71.77.91] ([64.71.77.91]) (authenticated bits=0)
NOTE : by netsys.kaist.ac.kr
NOTE : client-ip=143.248.56.3;