Rép : Bonjour cher correspondant (e)

Bonjour Je réponds au nom de Carolle Marran je suis de nationalité française, Je suis Veuve. Ex Ambassadrice de la France près du Bénin, d'où j'ai servis Pendant 3 ans de 1994 a 1997. J'ai décidé de vous légués ma fortune. Une somme de $ 800.000 usd dans une banque du Bénin avec toute la modestie et la sincérité d'une donation. Toute ma famille a qui je pouvais léguer cette fortune est mort suite à un Crash aérienne Boeing 772 qui s'est explosé en 1989 dans le désert de Ténéré au Niger. Cette vol avait quitté Brazzaville via N’Djamena pour Paris Celui-ci avait été explosé par un attentat libyen (la jamayiriya). mon mari avec mes deux enfants ont perdu la vie lors de cette accident. Actuellement je souffre du cancer de siens et du diabète. J'aimerai faire don de cette somme a une personne responsable humble qui pourra m'aider a créé des centre d'aide aux enfants pauvres, démunis et orphelins et même pour les personnes en difficultés. Contactez-moi à mon adresse émail: carollemarran@outlook.com pour que je sois rassurée de votre bonne personnalité afin de vous mettre en contact avec ma Banque et mon notaire.

Mme Carolle Marran

Les phrases chocs :

• Actuellement je souffre du cancer de siens et du diabète
• J'ai décidé de vous légués ma fortune

Email analysis :

NOTE : carollemarran@outlook.com
NOTE : Mime-Version : 1.0
NOTE : X-Sensitivity : 3
NOTE : Return-Path : < amministrazione@lifecostruzioni.it >
NOTE : X-Xam3-Api-Version : V3(R2)
NOTE : Received : from lifecostruzioni.it ([62.149.158.90])

NOTE : client-ip=62.149.156.78;
NOTE : X-Senderip : 41.86.238.84

NOTE : amministrazione@lifecostruzioni.it
NOTE : Rép : Bonjour cher correspondant (e)

ACCESS YOUR FUND URGENT NOW !!! (BOA Phishing)

Good Day..

Please my Dear we are sorry for our delaying so far!!, you can now access your compensation of $10.5 million U.S Dollar which has been credited on online account, it was registered with your Email, so log in to access the fund online now, with your Email and its password to clarify that this Email that is used to set up your online bank account is still active and to help us verify the real beneficiary,for easy access to your fund online , click here Online Fund Status to start the process, remember you can only log in with your email address and its password because it was registered with your email, for recognition of the real beneficiary of the fund, Note; even if it the site doesn't log you in at the first attempt try continuously okay, it will log you in to access your fund online and get back to me once you transfer total amount into your Bank account thanks..

Thanks
God bless!

Online Fund Status

Await your reply
Mrs Sandra Sandra

Email analysis :

NOTE : customer.rbos@gmail.com
NOTE : < bergenoid@gmail.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative;
NOTE : ACCESS YOUR FUND URGENT NOW !!!

Phishing analysis :

CLICK : Online Fund Status
OPEN : http://bit.ly/2fp5j9R
REDIRECT : http://deregulatedfxsolous.top/ZW50OiAiXGUwNTEiOw0KfQ0KLmljb24tZ2xvYmFsOmJlZm9yZSB7DQoJY29udGVudDogI/
SCREENSHOT :

CLICK : Login Now!
RESULT : ERROR MESSAGE.

Failed Delivery for Package #085043120 (USPS Phishing)

We tried but failed to deliver your package again today, because no one was present at the destination address. On the delivery day, there must be someone present at the destination address to receive the parcel.

Shipping type: Priority 1day
Box size: Large Flat Rate box
Date : Nov 14th 2016
Delivery Notification : e-mail sent

To reschedule the parcel delivery, visit our nearest office, with a printed copy of the Delivery Notice Card. An electronic copy of the Delivery Notice Card, in Microsoft Word format, can be downloaded from our website :

https://tools.usps.com/go/TrackConfirmAction?action=download&invoice=82 108506870

The tracking number can be found on the Delivery Notice Card and can be used to track your parcel:

https://t ools.usps.com/go/TrackConfirmAction_input

Thanks for shipping with us

© 2016 United States Postal Service

Phishing analysis :

CLICK : https://tools.usps.com/go/TrackConfirmAction?action=download&invoice=82 108506870

OPEN : http://hoasan.vn/js/view.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Phishing attempt.

Email analysis :

NOTE : usps@transitsystems.com
NOTE : Content-Type : text/html; charset="UTF-8"
NOTE : Mime-Version : 1.0
NOTE : X-Mailer : PHPMailer 5.2.8 (https://github.com/PHPMailer/PHPMailer/)
NOTE : X-Priority : 3
NOTE : Return-Path : < usps@transitsystems.com >
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Received : from unknown (HELO transitsystems.com) (194.75.227.248)

NOTE : Message-Id :
NOTE : Failed Delivery for Package #085043120

I'm Money Gram Agent

I'm Money Gram Agent Your first payment of $5000 has been sent today via Money Gram. You are advise to Contact MG with your full information to enable them give you Sender Name, Question and Answer to pick up your First Payment MTCN= 63606850 ,For more information contact , Tell: +229 98541140 Email:(paulmoorre95@gmail.com ) he'll keep sending you payment until your total fund is Completed
Regard

Thank you for cooperation
Best Regard

Email analysis :

NOTE : paulmoorre95@gmail.com
NOTE : hpantoja@mindeporte.gob.ve
NOTE : X-Originating-Ip : [46.23.66.107]

Rappel (Phishing Chronopost)

Cher(e) Client(e),

Je suis Vanessa Esseau responsable Livraison Chronopost, je vous informe que vous avez un colis au bureau de la poste. Vous disposez d'un délai de 48 heures pour récupérer votre colis, Sinon il sera retourné à l'expéditeur. Veuillez confirmer l'envoi du colis à votre domicile en suivant les étapes ci-dessous:

1- Appeler le numéro de notre service clients 3 fois ( 08 99 63 ** ** )

Cliquez-ici pour afficher le numéro

2- Recevoir le code de confirmation (8 chiffres) par téléphone.
3- Valider le code sur notre site pour suivez votre colis.

Veuillez lire attentivement les instructions suivants :

* Si vous ne pouvez pas recevoir le code veuillez essayer d'appeler jusqu'à 3 fois le numéro en rouge au-dessus.

* Après que vous passez la confirmation avec succès, un e-mail sera envoyé à votre adresse Mail avec tous les informations nécessaires à propos de votre colis (expéditeur, date, code, bureau de poste le plus proche..).

Cordialement.

---------- Original Message ----------From: "laposte.service vocale" < la.poste.service.vocale@hotmail.com >
Date: November 14, 2016 at 11:25 AM
De : Outlook < outlook@email2.office.com >
Envoyé : samedi 5 novembre 2016 21:01:57
À : la.poste.service.vocale@hotmail.com
Objet : Bienvenue dans Outlook.com—Simplifiez-vous la planification
De : Service B-Postale < mitznika@bell.net >
Envoyé : samedi 15 octobre 2016 16:58:36
À : service
Objet : jhh

Déclaration de confidentialité

Si vous pensez qu'il peut s'agir d'un email frauduleux, saisissez directement l'adresse www.westernunion.com dans la barre d'adresse de votre navigateur. En savoir plus sur la manière de vous protéger contre les fraudes.

Phishing analysis :

CLICK : Cliquez-ici pour afficher le numéro
OPEN : http://fitnesstorget.se/wp-content/theme/
SCREENSHOT :

NOTE : Phishing attempt.

Email analysis :

NOTE : outlook@email2.office.com
NOTE : mitznika@bell.net
NOTE : Return-Path : chronoplivraison@bell.net
NOTE : la.poste.service.vocale@hotmail.com
NOTE : Authentication-Results : spf=pass (sender IP is 184.150.200.79)

NOTE : from mtlgui03 ([10.90.35.142]) by mtlspm01.bell.net
NOTE : Cmm-Sending-Ip : 184.150.200.79
NOTE : Cmm-X-Sid-Pra : chronoplivraison@bell.net

PENDING DEPOSIT (Standard Bank Phishing)

Dear customer,

You just received a pending payment in your Standard Bank account, kindly login to your online banking by clicking-here or login with the below web-
link to receive your pending payment in your Standard Bank account:

http://bit.do/www22-encrypt-standardbank-co-za-ibstbsa-InternetBanking

Thank you for banking with Standard Bank.

Email analysis :

NOTE : X-Atmail-Account : tfscenter@qwestoffice.net
NOTE : Return-Path : < noreply@standardbank.co.za >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@qwestoffice.net >
NOTE : X-Mailer : AtMail PHP 5.5
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Origin : 122.152.167.26

NOTE : Content-Type : text/plain; charset="utf-8"
NOTE : client-ip=64.26.60.155;

NOTE : PENDING DEPOSIT

I need your sincere support !!!

Sehr geehrte Damen und Herren,

Ich benötige Ihre Unterstützung, um in Ihrem Land zu verlagern und zu investieren.
Ich bitte um Ihre Unterstützung, weil ich keine Kenntnisse über Unternehmen und die

Regeln, die Ihr Land für sichere Investitionen zu führen.

Willst du versprechen, aufrichtig mit mir zu sein?

Bitte kontaktieren Sie mich für weitere Informationen Details!

Mit freundlichen Grüßen,
Fräulein Martins Paulina,

Email analysis :

NOTE : martinspaulina121@gmail.com
NOTE : martinspaulina212@gmail.com
NOTE : Received : from [91.109.30.91]

NOTE : X-Rocketymmf : osuinuyoshinori
NOTE : Sender : osuinuyoshinori@yahoo.co.jp
NOTE : X-Mailer : YahooMailWebService/0.8.111_70
NOTE : client-ip=183.79.56.158;
NOTE : by web101516.mail.kks.yahoo.co.jp via HTTP;

Your G8 Clearance Approval

European Union

PRESIDENT OF THE EUROPEAN COMMISSION. JOSE MANUEL BARROSO

Following Clearance Received From United Nation And The World Bank during the G8 Summit on April, 2016. Confirming You As The Genuine Beneficiary Of The Said Payment. We Are Hereby Informing You That the European commission Has Been Officially Adviced by the G20 summit and the world To Credit Your Fund Into Your Account Through our payment Bank (Citibank China) Within The Next 72 banking hours From Now.

Note that you have to make sure you make available the necessary credentials needed by our payment bank for your transfer to be done this week. Because after the meeting with the Secretary General of the European commission, your payment will be confiscated by EU by next month, so you have to make sure you contact Mr. John Winter of the Citibank today and I know you have his contact information below:

Mr. John Winter
Director, Financial Management Department Citibank China (FMDCBC)
Direct line: +862128966000
Email: johnwinter241@gmail.com
Email: officefile1963@gmail.co m
Office Address: Citigroup Tower. No.33 Hua Yuan Shi Qiao Road. Lu Jia Zui, Shanghai, 200120. China.

Your urgent call to him is important and also contact our office as soon as you receive your payment with citibank.

Congratulations.

PRESIDENT OF THE EUROPEAN COMMISSION.
JOSE MANUEL BARROSO
officefile1963@gmail.com

Email analysis :

NOTE : mrjohnteddy@gmail.com
NOTE : mdanielndoye@gmail.com
NOTE : officefile1963@gmail.com

Rép : FINANCING YOUR PROJECT

Fund available for investment please get in touch for more details.

Regional Representative
Sheikh Naseefa Investment Group Company

Telfax: +971 2413 0001

Email analysis :

NOTE : sheikhnaseefinvestmentgroup020@gmail.com
NOTE : User-Agent : Horde Application Framework 5
NOTE : Rép : FINANCING YOUR PROJECT
NOTE : client-ip=202.128.161.127;

Attention

The delivery of your package is currently ongoing with our Dip. Richard Great
and he has arrived at Washington DC International Airport with the package
Please send him your delivery details as stated below; contact info is;

@ phone# +1 828-756-0997 or text him in case he may be busy.

SINCERELY
Mr.Tony Dan

Email analysis :

NOTE : morganobeche@gmail.com
NOTE : gaelle.cohen@gmail.com
NOTE : markdon@cantv.net
NOTE : X-Originating-Ip : [23.27.244.254]

bernadette

Je me permets de vous contacter pour parler de mon expérience. J'ai rencontré un homme sur un site de rencontre du non de Didier Lapierre, et nous avons échangé nos adresses mail pour mieux converser, je me suis fait arnaquer sur le site de rencontre meetic: je me rends compte que je suis en communication avec exactement le même profil, juste un petit changement de nom. La personne avec qui je discute est Donald Thivolle, pseudo la force sur meetic, il me dit d’être sur Angers, que son meilleur ami s’appelle Pascal Pichon. Qu’il a dû partir en Italie pour son fils Thomas qui doit subir un greffe de poumon. Que pour cela, il faut qu’il paye 14 000€. Il m’a demandé si je pouvais l’aider, et c’est malheureusement ce que j’ai fait, avec un mandat cash urgent envoyé hier de 1 200€, au frère de son ami, un soi-disant Mallet Christophe, habitant allée de Beauregard, 37200 Tours Quand je lis les témoignages, j’ai eu le même discours. Ce qui me perturbe vraiment, c’est que je l’ai eu au téléphone et il a bien un accent polonais, je l’ai eu en webcam et c’est bien la même personne que sur les photos. Cela me détruit, car j’y croyais vraiment Ensuite, il me demanda une somme de 1800 euros, car il devait payer sa chambre d'hôtel, car on lui menaçait de le jeter à la porte-là, j'ai commencé à douter de sa sincérité alors j'ai exposé mon cas à une amie qui, ma mise en contact avec Mr George Arthuro qui est un agent Interpole qui m'a beaucoup aidé. En effet, il m'a démonté que s'était de l'arnaque alors il m'a aidé à récupérer tout mon argent Voici L'Adresse : lieutenant.george.arthuro@francemel.fr pour ceux qui sont dans une situation d'arnaque.

Email analysis :

NOTE : bernadette2011@hotmail.fr
NOTE : lieutenant.george.arthuro@francemel.fr

Oxfam Donation!!!

Dear E-mail Account User,

Congratulations! You e-mail has just won you the sum of $3,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you so get back to us for more information.

Email analysis :

NOTE : oxfaminternational786@gmail.com
NOTE : aldila@yes24.co.id
NOTE : Received : from User (8ta-146-92-50.telkomadsl.co.za [41.146.92.50])

NOTE : (Authenticated sender: aldila@yes24.co.id) by mail.hanastar.net.id

< no subject >

2016111105002973550858.zip

File analysis :

Download : 2016111105002973550858.zip
Result : 2016111105002973550858.zip is a virus.

Virus analysis :

ALYac Trojan.JS.Downloader.GYQ
AVG JS/Downloader.Agent.62_I
AVware Trojan-Downloader.JS.Nemucod.bbp (v)
Ad-Aware Trojan.JS.Downloader.GYQ
AegisLab Troj.Downloader.Js.Cryptoload!c
AhnLab-V3 JS/Obfus
Antiy-AVL Trojan/Generic.ASVCS3S.3F7
Arcabit Trojan.JS.Downloader.GYQ
Avast JS:Downloader-DSB [Trj]
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.od
BitDefender Trojan.JS.Downloader.GYQ
CAT-QuickHeal JS.Locky.JE
Cyren JS/Nemucod.CA2
DrWeb JS.DownLoader.1225
ESET-NOD32 JS/TrojanDownloader.Nemucod.BMK
Emsisoft Trojan.JS.Downloader.GYQ (B)
F-Prot JS/Nemucod.CA2
F-Secure Trojan.JS.Downloader.GYQ
Fortinet JS/Nemucod.BDA!tr
GData Trojan.JS.Downloader.GYQ
Ikarus Trojan-Downloader.JS.Nemucod
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 )
Kaspersky Trojan-Downloader.JS.Agent.nbi
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan Trojan.JS.Downloader.GYQ
Microsoft TrojanDownloader:JS/Nemucod!rfn
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
Rising Downloader.Cryptoload!8.7DA (topis)
Sophos Mal/DrodZp-A
Symantec Trojan.Gen.NPE
Tencent Js.Trojan.Raas.Auto
TrendMicro JS_NEMUCOD.SMK14
VIPRE Trojan-Downloader.JS.Nemucod.bbp (v)

Final result :

I opened the virus, and the raw version of this virus is here : http://pastebin.com/raw/FVM8wh4v

This virus sounds like a ransomware...

Email analysis :

NOTE : diann.laughton99@winterbrew.com
NOTE : User-Agent : Microsoft-MacOutlook/14.0.0.100825
NOTE : Received : from customer-SLRC-130-213.megared.net.mx
NOTE : (unknown [201.164.130.213])

!!!World Bank Notification!!!

Attention: Beneficiary

The office of the European Union, the President Federal Republic of Nigerian (Mohammed Buhari), the CIA, FBI, EFCC, British Government, American Government and United Nations Organization in Benin Republic, Ghana, Burkina Faso, Malaysia, South Africa, Togo, Senegal in collaboration with UK (London) Anti-Crime Squad received a report of fund transaction/scam against you and other British, US and Asian citizens including other countries whom the aforementioned countries vital offices/authorities have recompensed you due to meeting held with the International Financial Agency, the IMF, four countries Government and the World High Commission against fraud and other international fund transaction activities by the four country Citizens during the recent G20 and ACSP meeting. Your name was among those approved listed beneficiary to be paid by the International Financial Intelligent Unit (NFIU) through the United Nations account holder bank.

You are to contact the UN appointed officer immediately for the release/transfer of your approved compensation fund valued $750,000.00 United States Dollars only. With matter of urgency, you are to reconfirm to the UN appointed officer your full data as follows:

A)Your Full Name, B) Present Address, C) Home and Mobile Telephone Numbers, D) Occupation, E) Company Name and Position.

As soon as you send this information to the officer he will direct you accordingly on the release of your Fund. You are to contact Mr.Mensha Baah Head supervisor with the information below, for the release of your fund now.

Contact Person: Mr.Mensha Baah.
C/8815 off Ring Road, P.O.Box 2515
Cadastral, Zone A, Central Business District
Accra-Ghana.
Email: officeunited@yahoo.com.hk
smtp.office365.com:587
Yours in Service,

Maria Colgate (Secretary Foreign Affair)
World Bank Payment Monitoring Unit.
1818 H Street, N.W.Washington, DC 20433

Email analysis :

NOTE : officeunited@yahoo.com.hk
NOTE : prova@thsbo.com
NOTE : Ms.Maria Colgate
NOTE : Received : from User (unknown [154.118.65.101])

NOTE : by mail.thsbo.com (Postfix)

Website Design/Development and Google Ranking Proposal

Hi,

Greetings,

Hope you are doing well.

I am Kelly Bell working as a Website Consultant of IT Company. I can share more details and portfolio of my company in next email if you are interested.

We deliver following services:-
- Website Design and Development
- Website Online Marketing: SEO, SMO, SEM
- Mobile Application Development – iOS, Android

We have an in-house design and development team who can assist you in above services on reasonable cost with high-quality deliverables.

Please contact us, if you are interested.

Warm Regards,
Kelly Bell
Website Consultant
www.***.com

Disclaimer: Thank you for reading this. In the event that you do not wish me to contact you again, simply send an email with Unsubscribe as a subject line.

Email analysis :

NOTE : kelly@saleguru.biz
NOTE : X-Mailer : Microsoft Outlook 16.0
NOTE : Mime-Version : 1.0
NOTE : 98.138.207.10

Article N° 1606281234CZF9E (Phishing Cdiscount)

Cdiscount

Bonjour,

Félicitation vous etes GAGNANT du: 3eme Prix: iPad Air 2.
Pour plus d'informations, veuillez acceder a notre page :

Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%

A bientôt,
Votre Service Client
Cdiscount

Cdiscount, C aussi...

... la fourmilière, un espace d’échange entièrement dédié à la Relation Clients de Cdiscount.
Retrouvez sur la Fourmilière, un forum pour vous exprimer et partager votre expérience avec les autres clients Cdiscount. Mais aussi des guides pratiques, des actus, des tutoriaux et un médiateur pour vous informer et vous guider tout au long de vos commandes !

🏈 Offre exceptionnelle pour France/Australie Si vous ne visualisez pas bien cet e-mail, cliquez ici OFFRE EXCEPTIONNELLE Bénéficiez dès aujourd'hui d'une réduction de - 40 %* sur les derniers billets mis en vente pour le match France / Australie FRANCE / AUSTRALIE Samedi 19 novembre 2016 à 21h00 au Stade de France *Offre valable uniquement sur les catégories 6 et 9 dans la limite des places disponibles Pour vous désabonner, cliquez ici

Phishing screenshot :

Email analysis :

NOTE : Cadeau_iPad_Air_2-Cdiscount@mail.live.fr

Phishing analysis :

CLICK : Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwi0xLz3naPQAhVCuRQKHVx3AiwQFgglMAI&url=http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F&usg=AFQjCNHlFFJAM-e7Ef16rEjcZMCdBNewPA&sig2=rLcfO8_NS1EXdCvy21UNVA&bvm=bv.138493631,d.d2s&cad=rja
SPLIT : http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F
DECODE : http://carambolabykids.com.br/categoria-produto/bebe-menina/conjunto-verao/
OPEN URL : REDIRECT
REDIRECT : http://archicad.kark.fi/js/Cdiscount/Cadeau_iPad_Air_2/
NOTE : Phishing was removed.

Ugly Spam

A Spam old as the Internet.

An ugly Spam.

Email analysis :

NOTE : owesly@rem.rem217.com
NOTE : authenticated_id: owesly/primary_hostname/system user
NOTE : Cheap-Day: 79% off, Coach Bags, Moncler and More!

VERY IMPORTANT !!!

Greetings,

I am Mr.Ly Tay Seng and a personal Accountant Director with Foreign Trade Bank of Cambodia (FTB).
it is with good spirit of heart i opened up this great opportunity to you A deceased client of mine that shares almost the same name as yours died as a result of heart-related condition on march 2005.His heart condition was duo to the death of the members of his family in the tsunami disaster on the 26 December 2004 in Sumatra Indonesia where they all lost their lives..{More info: http://en.wikipedia.org/wiki/2004_Indian_Ocean_earthquake_and_tsunami}

There is a draft account opened in my bank in 1999 by a long-time client our bank,a national of your country.he was a CEO/a textile company owner,business man,a miner at kruger mining company here in Cambodia. he was a geologist and consultant to several other mining conglomerates operating in Cambodia,China,Taiwan,Japan,Indonesia,Pakistan,Vietnam all in Asia,before he passed away on 12th march 2005 leaving nobody as the next of kin of his account after his death.

The amount in this account is currently $19,340,000 (Nineteen Million Three Hundred and Forty Thousand United States Dollars) I want to present you as a beneficiary,I will use my position and influence in our bank to make they release this money to you for us to share.If i wait for days and i do not hear from you,I shall look for another person.

Kindly get back to me for more details,

Yours sincerely
Mr. Ly Tay Seng
Board of Director
Foreign Trade Bank of Cambodia

Phnom Penh

Email analysis :

NOTE : scanner@sportmalta.org.mt
NOTE : mr.lyseng444@gmail.com
NOTE : Received : from User (175.100.60.188)

NOTE : by win2012.sportmalta.org.mt (192.168.0.10)

Fron Western Union

Attention Dear,

We have deposited the check of your fund ($4.800`000`00USD) through Western Union department after our finally meeting regarding your funds, All you will do is to contact Western Union director Rev.Kevin Anthony via E-mail:(western_uniondepartment12@hotmail.com ) He will give you direction on how you will be receiving the funds daily, remember to send him your Full information to avoid wrong transfer such as,

Receiver's Name_____
Address: ___
Country: _____
Phone Number: ___

Though, Rev .Anthony Kevin has sent $4500 in your name today so contact Rev.Kevin Anthony or you call him +229-98848820 as soon as you receive this email and tell him to give you Western Union Ref. pin number, sender name to pick the $4500 only per day, and the only fee you are to send is $79 usd.

Best Regards.
Barisster .Ahmed Ibrahim.
Western Union Agent

Email analysis :

NOTE : western_uniondepartment12@hotmail.com
NOTE : ngehouselimited@gmail.com
NOTE : goodnews33@cantv.net
NOTE : X-Originating-Ip : [41.85.189.162]

Escroqueries par carte bancaire

Escroqueries par carte bancaire sur le réseau internet

De plus en plus, des personnes se voient prélever des sommes sur leurs comptes bancaires concernant des achats sur Internet ou des abonnements à des sites Web alors qu’elles ne possèdent ni ordinateur, ni connexion internet, ou qu’elles ne soient jamais allées sur ces sites. Si vous êtes concernés, il vous faut déposer plainte auprès de la brigade de gendarmerie ou du service de police de votre lieu de domicile en fournissant le relevé bancaire indiquant les prélèvements incriminés.

Allez voir votre banquier et dites lui que vous vous opposez formellement au paiement de l’opération en question.

S’il ne veut rien savoir et vous dit que vous êtes entièrement responsable des achats faits avec votre carte, rappelez-lui la recommandation de la Commission des Clauses Abusives numéro 94-02 du 17 décembre 1991 qui vous dégage de cette responsabilité pour des demandes de paiement faites sans votre signature ni votre code secret.

Les précautions à prendre

• Ne pas laisser traîner votre carte bancaire à la vue d’autres personnes, ni la laisser dans votre voiture ou tout autre lieu sans protection.
• Après chaque achat, penser à reprendre votre carte bancaire.
• Ne jeter pas vos tickets de caisse sans les détruire totalement, votre numéro de carte bancaire y figure.
• Ne jamais communiquer votre numéro de carte bancaire à une tierce personne.
• Ne pas laisser le numéro de code secret avec votre carte bancaire.
• Votre carte bancaire doit porter votre signature au dos.

NDLR : http://www.clauses-abusives.fr/recommandation/contrats-porteurs-des-cartes-de-paiement-assorties-ou-non-dun-credit/

Le Vishing

Compte tenu de la méfiance des internautes face au phishing, les cyberfraudeurs s'attaquent maintenant à des victimes par l'entremise du vishing appelé aussi hameçonnage vocal. Le vishing est l'utilisation de la technologie VoIP (voix sur IP) dans le but de duper quelqu'un en lui faisant divulguer de l'information personnelle et/ou financière.

Manière d'opérer des fraudeurs

Première méthode:

Un automate téléphonique est utilisé pour contacter les victimes potentielles en composant au hasard des numéros de téléphone fixe dans une région géographique déterminée. Lorsque la victime potentielle décroche, un message préenregistré supposé provenir de sa banque la prévient que des opérations inhabituelles ont été récemment effectuées sur son compte bancaire. Elle est par la suite invitée à composer un numéro de téléphone généralement surtaxé pour vérifier la situation de ce dernier. Ce numéro correspond à une boîte vocale, un message demande alors à la victime de fournir ses identifiants bancaires (les 16 chiffres et la date de validité de sa carte bancaire). Ces informations pourront ensuite être utilisées pour effectuer des achats frauduleux sur Internet.

Seconde méthode:

Une personne appelle une victime potentielle en se faisant passer pour quelqu'un du département de sécurité Visa, Master Card ou simplement de son établissement bancaire. Elle lui signale que sa carte de crédit a été utilisée pour un achat plus que douteux et lui demande si elle est à l'origine de cette opération. Sa réponse étant négative, elle lui attribue un numéro de contrat de fraude, donnant ainsi à l'appel un aspect réaliste, puis lui demande de communiquer les coordonnées de sa carte bancaire afin de vérifier qu'elle est toujours en sa possession. Une fois la conversation terminée, la personne ajoute n'hésitez pas à nous rappeler si vous avez d'autres questions et raccroche.

Comment s'en protéger

Les fraudeurs jouent sur une vulnérabilité psychologique du consommateur en créant en lui un stress et un faux sentiment d'urgence lié à la possibilité d'avoir été fraudé. Si un message vous demande de rappeler tel numéro, ne le composez pas. Prenez le temps de retrouver le véritable numéro de téléphone qui vous a été donné par l'émetteur de votre carte de crédit et utilisez-le. Par ailleurs, il faut savoir qu'aucune banque ne vous demandera par courrier électronique, télécopie ou téléphone ce genre de renseignements. Dans le doute, contactez votre établissement bancaire dans les plus brefs délais. Si, victime de ce type de fraude, vous l'avez déjouée, il convient également de prévenir votre établissement bancaire.

Details:

Hello,

My name is Mrs. Reem Al-Hashimi, the Minister of State for International Cooperation United Arab Emirates. I have a business proposal that wart $27M USD for you. I want you to receive and invest this money on behalf of my only Daughter. I will give you more detail about this fund and myself, as soon as I receive a positive response from you.

Regards,
Ms. Reem Al-Hashimy

Email analysis :

NOTE : reemhashimy3@gmail.com
NOTE : D0904001@wooriservice.co.kr
NOTE : Received : from User (176.61.142.171)
NOTE : by dc01.wooriservice.co.kr (125.129.116.43)

Financial Loan Offer World Wide

Are you interested in a Loan? we offer all kinds of financial assistance to all individuals "Business Personal Loan , investment Loan,home consolidation Loan, debt Loan and company loan worldwide. Our interest rate is 3% per year. we also render financial advice to our clients.if you have any good project or you want to start up a business and you need loan to finance it, just contact us immediately so that we can discuss, sign agreement and then finance your project or business for you. Kindly contact us today for all your financial needs. contact us via E-mail: creditcenter.hksh@gmail.com

with below details

Name:
Loan Amount:
Loan Duration:
Country:
Phone:

Thanks
Excelsior Investors Network.

Email analysis :

NOTE : amy@trimaran.com.hk
NOTE : creditcenter.hksh@gmail.com

Thank you for your PAYMENT (Ref #QCL44188)!

Dear Client,

Your account has just been credited with USD 15,331.80 by Snap Cash LTD.

Reference: Affiliate Commission

Amount: USD 14,331.80
Skrill Transaction ID: 1864928454
Your Transaction ID: 1864928457

To view your balance, sign in to your account.

Best Regards,

Divina - Support
Snap Cash Binary
http://migre.me/vrVcJ

Global Millionaires Trader LLC,3788 Oakwood Avenue, NY, 10011

Email analysis :

NOTE : bounce@mktggroups.com
NOTE : Received : from mktggroups.com (199.101.185.145)

Scam analysis :

CLICK : account
OPEN : http://gtradersoftw.com/fQD2uN?email=*@*.*
REDIRECT : http://yourlegacy.online/?offerID=*
SCREENSHOT :

==Your Overture=

Hello,

I know this letter might come as a surprise to you especially since we have never met or discuss before, basically the message might sound strange but it is factual in reality if only you care to know, The truth is that I should have notified you first through a more confidential means, (even if it's at least to respect your integrity) please accept my humble apologies if I Had caught you unawares, I frankly do not mean any harm in passing my message. We are members of the Special Committee for Budget and Planning of the British Petroleum and Mineral Resources, This committee is principally concerned with contract appraisal and the approval of contract in order of priorities as regards capital projects of the British Inland Revenue, with our positions we have successfully secured for ourselves the sum of Twenty Million Five Hundred Thousand British Pounds (20.5 Million Pounds) the amount was accumulated from the over invoice. Hence together with some of the top officials of the British Petroleum and Mineral Resources, We plan to transfer this amount of money Twenty million five hundred thousand Pounds (20.5Million Pounds ) into an overseas account by awarding a non existing contract from my ministry (BP). To this effect I decided to contact you and ask for your assistance, what we need from you sir, is to provide a very vital account in which the fund will be transferred. My Colleagues and I have agreed to compensate the owner of the account used for this transaction with 25% of the total amount remitted; we shall keep 73% and remaining 2% reserved for taxes and other miscellaneous expenses. Finally the confidence and trust reposed on you cannot be over emphasized, Therefore you are to keep this Deal to yourself confidentially because Caliber of personnel's involved are men in government and cannot effort to loose our respective reputation to our dear country if jeopardized by you. Please Contact me urgently through this my private email address:( 122205@post.com ) for our easier communication.

Yours Faithfully

Tufan Erginbilgic-Chief executive, Downstream-British Petoleum-London-United Kingdom

Email analysis :

NOTE : 122702@post.com
NOTE : contact@onivo-cosmetics.com
NOTE : Received : from User (unknown [69.166.186.10])

NOTE : Corrupted IP (69.166.186.10) sending scam, spam, phishing

NOTE : by jn633.jn-hebergement.com

Mandatory Upgrade is Required (Lloyd Banking Scam)

Security Alert

Your Lloyds Online access need to be upgraded to match the details we hold on record for you. Failure to upgrade means you will encounter problem logging on to your online profile next time. Thanks for your co-operation..

Please update and verify your information

Get Started ?

Please note: Failure to restore full access can lead to permanent suspension of access to our online banking service.

Best regards,
Lloyds Online Banking Team
Legal Privacy Security www.lloydsbankinggroup.com Rates and Charges

Email screenshot :

Email analysis :

NOTE : Content-Type : multipart/alternative;
NOTE : Mime-Version : 1.0
NOTE : id-@hltv.org
NOTE : Received : from WIN-LER4ISVBPKO.home (bahar.tehranhost.com. [79.175.163.50])

NOTE : Received : from Admin-PC ([41.207.9.193])

NOTE : client-ip=79.175.163.50;
NOTE : Mandatory Upgrade is Required

Phishing analysis :

CLICK : Get Started ?
OPEN : http://www.xerussurgical.co.za/wp-includes/images/media/Lloyds(1)/
REDIRECT : http://www.xerussurgical.co.za/wp-includes/images/media/Lloyds(1)/Login.php?sslchannel=true&sessionid=*
SCREENSHOT :

CLICK : CONTINUE
SCREENSHOT :

CLICK : CONTINUE
REDIRECT : https://www.lloydsbank.com/

Your Payment From UNITED NATIONS

UNITED NATIONS OFFICE OF INTERNATIONAL OVERSIGHT SERVICES
Internal Audit,Monitoring,Consulting And Investigations Division.

Attention:

My name is Ms. Carman L. Lapointe, from the United Nations. It is a distinct pleasure to write you again. As you are well aware many foreigners have invested thousands of United States Dollars into Nigeria transactions in Hopeless Dreams to have none of them become a reality. Right now, as directed by our secretary general Mr.Ban Ki-Moon, We have agreed with the Nigeria Government that US$1,000,000.00 (One Million United States Dollars Only) would be paid to you through the Bank Transfer Via special arrangement as first installment. This is to enable you have enough funds to pay for the Tax Clearance and Bank Charges before you will receive the balance of US$14.1M (Fourteen Million One Hundred Thousand United States Dollars Only). Lastly,i will like you to reconfirm your information to me such as your full name, address, telephone number and banking information so that I will process with your Bank Transfer within the next 24 hrs and the transaction information will be released to you.

I await your response for further proceedings.

Sincerely yours,
Ms. Carman L. Lapointe
E-mail: mscarman_lapointe121@mail.com
{Under-Secretary-General}

Email analysis :

NOTE : Your Payment From UNITED NATIONS
NOTE : escaner@qazul.com
NOTE : mscarman_lapointe121@mail.com
NOTE : Received : from SERVER3.automatedsys.com
NOTE : (50-196-232-182-static.hfc.comcastbusiness.net [50.196.232.182])

NOTE : by smtp.propage.cz (Postfix)

Let's Talk

Dear Sir,

I am Paul Smith and work with Smith and Associates Real Estate, Tampa Florida United States of America. We have a deceased client who died and left a huge estate, he bears the same surname with you. Since his death I have received several letters from the Bank where he deposited the fund before his death, to provide his next of kin or any of his relatives who can make claim to the funds before the end of the year or the Bank will be left with no option than to confiscate the fund and turn the money back to the state as it has been marked unclaimed. I have conducted my personal search to see if I can make contact with any of his relatives but without success, it is in the course of my effort that I have to contact you. I have closely checked and since you bear the same surname with my deceased client it will be better to present you as the next of kin and the right beneficiary of the funds in the account. I will provide you with all the necessary legal backing that is required until this money is paid out to you, and then we shall share it based on our agreement. Do respond quick if you are interested or should you need further clarification because we have no much time left.

Regards,

Paul Smith
Principal Partner
Smith & Associates Real Estate
Tampa Florida, U.S.A

Email analysis :

NOTE : paul.smith4806@gmail.com
NOTE : paul.smith4809@gmail.com
NOTE : Received : from [198.101.15.249]

NOTE : (de-2.serverip.co [89.163.255.197])

NOTE : by mail.3wdesign.ca
NOTE : Mime-Version : 1.0
NOTE : X-Watchguard-Mail-Client-Ip : 89.163.255.197

NOTE : X-Watchguard-Mail-Client-Ip : 192.168.75.20
NOTE : moneygram.onlinetransfar2001@yahoo.com
NOTE : www@abelia.ocn.ne.jp
NOTE : mrsrosemarieb@hotmail.com
NOTE : davidcarolm@yahoo.com.hk
NOTE : stellaokosunloanfirm@gmail.com
NOTE : podpora@agentura-najisto.cz
NOTE : agentura@agentura-najisto.cz
NOTE : obchod@resit.cz;m6f9dvf1@gmail.com
NOTE : aboriginal.adjoin@gmail.com
NOTE : trjygrdghj@gmail.com

RE: CASH AWAITING TRANSFER!!!

This is to notify you of the £1,000,000.00(POUNDS) That was deposited at Western Union Money Transfer© is available for transfer. For your fund transfer. Contact Person: Mrs. Hillary Florence/Mr. Greg Steve. Email: hilary.florence01@accountant.com.

Email analysis :

NOTE : hilary.florence01@accountant.com
NOTE : rdept101@gmail.com
NOTE : dtorero@sutran.gob.pe
NOTE : X-Originating-Ip : [198.7.58.81]

NOTE : Received : from mail.sutran.gob.pe
NOTE : (mail.sutran.gob.pe [192.168.248.3])

NOTE : Account : dtorero
NOTE : ©2016 HERITAGE LOTTERY

UN Office of Legal Affairs!!!.

This is in regard to outstanding payment,I am Barr. Sam Chukwurah Jr. {SAN.} the newly appointed Operations Director United Nations, Legal Affairs, Security and Investigation (UNLASIN) here in New York City, New York, United States; The Executive Arms of the United Nations directed me to come down to London to Investigate your fund and to make sure that we approve all outstanding debts. This decision was taken based on the abnormality and inability of the Banks in Africa, Asia and United Kingdom to Release your fund into your bank account; whereby it was discovered that some officials of the bank were diverting foreign beneficiaries payment to another account of their choice overseas. In view of this, during our investigation I found out that; an account was submitted to divert your fund to a USA account. Below is the account submitted and I want you to confirm if you are aware of the new development because we are about effecting payment to the account stated bellow today. Beneficiary Name: Jerry Bloodworth Bank Name: Hometown of Alabama Account No: 1727992 Routing No: 062206444 Finally, be informed that a payment instruction has been issued and forwarded to the Treasury Department of our Financier in South Africa in favor of the account above without any further prejudice. But there is no way we can approve the fund to your account without you confirming if you have changed your account for your fund to be transfer to the beneficiary Jerry Bloodworth bank account in USA. Contact me on my security email barrsamchukwurahjr@diplomats.com immediately for further clarification to know if you have giving instruction to transfer your fund to the above account today. On behalf of the entire management of United Nations, we are congratulating you in advance and if you fail to contact this office on or before 72hrs from now then we will now wire the fund to the USA account. Waiting for your urgent response Yours faithfully, Barr. Sam Chukwurah Jr. {SAN.} UN Office of Legal Affairs (Security and Investigation)

Email analysis :

NOTE : barrsamchukwurahjr@diplomats.com
NOTE : araccts@createries.com
NOTE : X-Originating-Ip : 119.75.11.70

Dianita Kambo

my name is dianita am really interested to be ur friend if you feel so contact me to my email address for my picture and further communication

kambodianita@hotmail.com

Email analysis :

NOTE : kambodianita@hotmail.com
NOTE : client-ip=65.55.111.167;

Vera Kone

Hello, I am Vera!

How are you? hope you are fine and in perfect condition of health. Please I went through your profile at (a site.com) and i read it and took interest in it, please if you don't mind i will like you to write me on this ID (verakone99@gmail.com) hope to hear from you soon, and I will be waiting for your mail because i have something VERY important to tell you.

Lots of love

Vera!.

Email analysis :

NOTE : verakone99@gmail.com
NOTE : Received : from localhost ([97.74.135.155])

NOTE : by p3plwbeout10-06.prod.phx3.secureserver.net

Happy New Month!!!

This is to inform you that we have been working towards the eradication of fraudsters and scam Artists in Africa with the help of the Organization of African Unity (OAU) United Nations (UN), European Union (EU) and FBI. We have been able to track down some scam artist in various parts of African countries which includes (Nigeria, Republic of Benin, Ghana and Senegal with cote d'ivoire ) and they are all in Government custody now, they will appear at International Criminal Court (ICC) soon for Justice. During the course of investigation, they were able to recovered some funds from these scam artists and IMF organization have ordered the funds recovered to be shared among the 10 Lucky people listed around the World as a compensation. This notice is been directed to you because your email address was found in one of the scam Artists file and computer hard-disk while the investigation, maybe you have been scammed. You are therefore being compensated with sum of ($6.9 Million) US Dollars valid into an (ATM Card Number 2354 3456 0952 4204). Since your email address is among the lucky beneficiaries who will receive a compensation funds, we have arranged your payment to be paid to you through ATM VISA CARD and deliver to your postal address with the Pin Numbers as to enable you withdrawal maximum of $5,000 on each withdrawal from any Bank ATM Machine of your choice, until all the funds are exhausted. The ATM Card with Security Pin Numbers shall be delivered to you via courier Service, depending your choice. In order to proceed with this transaction, you will be required to contact the agent in-charge ( Mr. Emeke E. Iweriebor ) via e-mail. Kindly look below to find appropriate contact information:

CONTACT AGENT NAME: Mr. Emeke E. Iweriebor
Phone Number: +229-6897-0405

You will be required to e-mail him with the following information:

FULL NAME:
ADDRESS:
CITY:
STATE:
ZIP CODE:
DIRECT CONTACT NUMBER:
OCCUPATION:

We advice you to stop all the communications with everyone regarding your payment as we have short listed to deliver to you and now urge you to comply and receive your ATM Card funds.

Thanks for your understanding as you follow instructions while I wait to hear from you today.

Yours in Services
Mr. David Fisher

Email analysis :

NOTE : atm.card11@hotmail.com
NOTE : www.info.gov@gmail.com
NOTE : Received : from [41.86.234.171] by web32105.mail.ssk.yahoo.co.jp

VERY IMPORTANT !!!

Greetings,

I am Mr.Ly Tay Seng and a personal Accountant Director with Foreign Trade Bank of Cambodia (FTB). it is with good spirit of heart i opened up this great opportunity to you A deceased client of mine that shares almost the same name as yours died as a result of heart-related condition on march 2005.His heart condition was duo to the death of the members of his family in the tsunami disaster on the 26 December 2004 in Sumatra Indonesia where they all lost their lives..{More info: http://en.wikipedia.org/wiki/2004_Indian_Ocean_earthquake_and_tsunami} There is a draft account opened in my bank in 1999 by a long-time client our bank,a national of your country.he was a CEO/a textile company owner,business man,a miner at kruger mining company here in Cambodia. he was a geologist and consultant to several other mining conglomerates operating in Cambodia,China,Taiwan,Japan,Indonesia,Pakistan,Vietnam all in Asia,before he passed away on 12th march 2005 leaving nobody as the next of kin of his account after his death. The amount in this account is currently $19,340,000 (Nineteen Million Three Hundred and Forty Thousand United States Dollars) I want to present you as a beneficiary,I will use my position and influence in our bank to make they release this money to you for us to share.If i wait for days and i do not hear from you,I shall look for another person.

Kindly get back to me for more details,

Yours sincerely
Mr. Ly Tay Seng
Board of Director
Foreign Trade Bank of Cambodia

Phnom Penh

Email analysis :

NOTE : mr.lytag.seng1954@gmail.com
NOTE : postmaster@draphic.com
NOTE : Received : from unknown (HELO User)
NOTE : (postmaster@draphic.com@175.100.60.181) by s69.coreserver.jp
NOTE : client-ip=202.172.28.70;

Attention good day;

Attention good day;

We have registered your master ATM card of ($8.5millionUSD) through DHL Delivering department after our finally meeting regarding your fund, All you will do is to contact DHL Delivering Service director Mr. Ruben Lord call +229 98781927 He will give you direction on how you will receiver your ($8.5millionUSD) Remember to send him your Full information to avoid wrong Delivering such as,

Your Name:_______________
Address: ________________
Country: _____________
Phone Number: _____________

Contact Agent Mr. Ruben Lord,
Email:: officefill890@gmail.com
Give him a call on Phone:: +229 98781927
Ask Mr. Ruben Lord what you need to do for them to deliver your Package
fund to you immediately.

Regards
John Mark

Email analysis :

NOTE : www.@peace.ocn.ne.jp
NOTE : officefill890@gmail.com
NOTE : Received : from mzkstore626.ocn.ad.jp
NOTE : (mz-ukg626p.ocn.ad.jp [153.149.212.195])
NOTE : by vcwebmail.ocn.ad.jp (Postfix)
NOTE : X-Originating-Ip : [41.74.9.27]