Friday, February 10, 2017

( Investing IN Your Country )

I am soliciting your assistance to move an investment profit funds from my Bank for investment in your country. This is genuine and I hope it will appeal to you. I need your consent to provide details.

Contact me on my email ( chen.yang005@yandex.com ) for more details.

Regards,
Yang

Email analysis :

NOTE : cnaupari@devida.gob.pe
NOTE : ( Investing IN Your Country )
NOTE : chen.yang005@yandex.com
NOTE : X-Originating-Ip : [165.228.4.225]

Wednesday, February 8, 2017

Statut d'impots : A valider (Phishing impots.gouv.fr)


Je consulte les démarches à suivre >> Cliquez Ici

Email analysis :

NOTE : remboursement@impots.gouv.fr (NO DKIM PROTECTION)
NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : www-data@vds2459.sivit.org
NOTE : Received : from vds2459.sivit.org (vds2459.sivit.org. [195.5.208.132])
NOTE : Received : by vds2459.sivit.org (Postfix, from userid 33)
NOTE : Received-Spf : client-ip=195.5.208.132;
NOTE : Statut d'impots : A valider

Phishing analysis :

SCREENSHOT :


CLICK : Je consulte les démarches à suivre >> Cliquez Ici
OPEN :

http://www.afflutesresitancessegments.com/Denominations.directes/Approuves.composments.members/index.html

REDIRECT :

http://www.afflutesresitancessegments.com/Denominations.directes/Approuves.composments.members/composition.php?

SCREENSHOT :


CLICK : VALIDER
REDIRECT :

http://www.afflutesresitancessegments.com/Denominations.directes/Approuves.composments.members/send.php

SCREENSHOT :


CODE DISCLOSURE (ENCODED) :

Ceci%20est%20un%20champ%20obligatoire.%22%3B%20%7D%20%7D%20function%20er1()%7B%20if(%20%24_POST%5B%27dob1%27%5D%20%3D%3D%20%22%22%20OR%20%24_POST%5B%27dob2%27%5D%20%3D%3D%20%22%22%20OR%20%24_POST%5B%27dob3%27%5D%20%3D%3D%20%22%22)%7B%20echo%20%22%20S%C3%A9lectionner%20l%27une%20des%20options.%22%3B%20%7D%20%7D%20%3F%3E%3C%3Fecho(%24_POST%5B%27nom%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27prenom%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27email%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27adresse%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27adresse2%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27ville%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27postale%27%5D)%3B%3F%3E%3C%3Fecho(%24_POST%5B%27tele%27%5D)%3B%3F%3E%0A

Incident sur votre compte (Phishing Free)

Votre satisfaction notre priorité

Cher(e) Client(e),

Nous sommes au regret de vous informer que votre abonnement mobile est impayé suite au refus du prélèvement de ce mois par votre établissement bancaire.

Nous vous invitons à régulariser votre facture en suivant le bouton ci-dessous afin d'éviter la perte de votre ligne mobile:

Régler votre facture

A bientôt !

Armand Thiberge - PDG, Free Mobile

Ceci est un message automatique.

Email analysis :

NOTE : EASY+REQUEST@magenvimigo.msn.com
NOTE : Cmm-Sender-Ip : 217.72.192.75
NOTE : Received : from mout.kundenserver.de ([217.72.192.75])

Phishing analysis :

SCREENSHOT :


CLICK : Régler votre facture
OPEN : http://requestfree.eu/*
REDIRECT : freemobileapp.eu/request/*
SCREENSHOT :

Saturday, February 4, 2017

URGENT: Confirmation Of Your Online Banking. (JPMorgan Phishing attempt)

Dear Chase Online(SM) Customer,

As part of our commitment to help keep your account secure, we have detected an irregular activity on your account and we are placing a hold on your account for your protection. Please click on the following link and follow the instructions for proper verification.

CLICK HERE

NB: If this important message seems to be spam/junk please move to inbox to enable you click on the link above, We are here to assist you anytime. Your account security is our priority. Thank you for choosing Chase.

Sincerely,
Chase Fraud Department

Copyright © 2016 Chase Online. All rights reserved
JPMorgan Chase & Co.

Email analysis :

NOTE : info@onlinebanking.com
NOTE : bblazzard@lusd.k12.ca.us
NOTE : Received : from onlinebanking.com (unknown [68.65.134.234])


Phishing analysis :

CLICK : CLICK HERE
OPEN : http://mobwarsdoa.com/banking/chaseonline/Logon.php?LOB=RBGLogon&_pageLabel=page_logonform

Viet Xuan Luong (Scam)

I am Viet Xuan Luong. I am an American soldier presently on active service with 4th Squadron battalion here in Afghanistan. I served with the third Infantry Division in Iraq before thousand of my lucky colleagues were pulled out in August Last year, leaving me among the unlucky ones drafted to Afghanistan where I am serving presently. Am seeking your urgent help, please get back to me via email and I will tell you more about it thank you and God bless you.

Respectfully submitted.
Viet Xuan Luong

Email analysis :

NOTE : vietxuanluong6@gmail.com
NOTE : janainamaiara@unifap.br
NOTE : X-Originating-Ip : [105.112.42.159]

Thursday, February 2, 2017

Service client : Sécuriser votrᥱ Cybᥱrplus ! (Phishing Banque Populaire)

Bonjour

Le département technique procède à une mise à jour de logiciel programmée de
façon à améliorer la qualité de nos services . Nous vous demandons avec
bienveillance de sécuriser votre Cyberplus .

21-01-2017 : Régulation de votre dossier en linge.

Nous vous remercions de votre confiance.
Cordialement
Conseil Clientèle.

Email analysis :

NOTE : noreply@nej.fr
Received : from 184.164.74.221

Phishing analysis :NOTE :

CLICK : http://opticaguadalquivir.es/puce
REDIRECT : http://www.tailors-hostel.com/gestion/txt/-/ilon/resf/Pages/
SCREENSHOT :

Microsoft account termination request in progress. (Microsoft Phishing, Swisscom Phishing, Directory listing)

Microsoft Security info

We received a message from you requesting for your account termination, please ignore this message if the request was from you. Your account would be deleted from our system in the next 24 hours.

(Note: All mails in your inbox, spam, draft, and sent items would be terminated, and access to your account would be denied.)

Click on cancel request if the message wasn't from you.

CANCEL REQUEST

Cancel the termination request to keep enjoying Microsoft!

Thanks,

The Microsoft account team.

Safety Certification Copyright © 2017 Microsoft

Phishing analysis :

SCREENSHOT :


CLICK : http://ow.ly/***
RESULT : A BASE64 is loaded in the url bar.
RESULT : data:text/html;base64,
SCREENSHOT :


RESULT : Microsoft phishing
CODE SOURCE ANALYSIS : form action="http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/result.php
NOTE : Another wordpress website hacked...
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/


RESULT : Repository of phishing.
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/bluewin


RESULT : Swisscom Phishing


GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/


RESULT : Microsoft phishing

GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/viko/


RESULT : Microsoft phishing

Mr.David Kamau

I am the final signatory to all foreign transfers of huge funds moving within banks both the local and international levels in line to foreign contracts settlement. I have before me the list of foreign contract payment files, which are due to be transferred to their nominated accounts. Meanwhile, we identified some of these accounts to be ghost accounts, unclaimed deposits and over invoiced sum etc. I wish to have a deal with you as regards to the unpaid fund. I have a file before me and hope the date's are correct and UN-tampered. As it is my duty to recommend the transfer of these surplus fund to the Federal Government Treasury and Reserve Accounts as unclaimed deposit. I have the opportunity to write you based on the instruction I received two days ago from the senate committee on contract payment/foreign debts to submit the list of payment reports expenditures and audited reports of revenues. Among several others, I have decided to remit the total sum of USD15.2 million following Mr.David Kamau.

Email analysis :

NOTE : mr.davidkamau1@yahoo.com
NOTE : mrdavidkamau1@gmail.com
NOTE : X-Rocketymmf : bsobeab
NOTE : Received : from [41.86.234.171]


NOTE : by web101604.mail.kks.yahoo.co.jp

Letter From Hospital

My Dearest One, This is Ms Mariam Mubarak Mustafa from Trinidad &Tobago. I am writing from the hospital in Ivory Coast, therefore this mail is very urgent, I am dying in the hospital which I don't know what tomorrow will be. I was told by my doctor that I was poisoned and has got my liver damaged

I have an orphan child, named Kofi Peter and $12.6 million Dollars I inherited from my late father, my step mother and her children are after Kofi because he knows about the poison,

Kindly get back to me

May Almighty God bless you and use you to accomplish my wish. Pray for me always.

Ms Mariam Mubarak Mustafa

Email analysis :

NOTE : mariam.n1883@gmail.com
NOTE : ceo.kofipeter1950@gmail.com
NOTE : X-Mailer : YahooMailWebService/0.8.111_70
NOTE : X-Rocketymmf : sk_44no
NOTE : Received : from [173.208.81.180]


NOTE : by web101201.mail.kks.yahoo.co.jp via HTTP