Tuesday, April 25, 2017

Compensation Settlement On Escrow Accounts. (IMF Scam)

INTERNATIONAL MONETARY FUND
1900 PENNSYLVANIA Ave NW
WASHINGTON DC.
20431.

Attention Beneficiary

This is to formally inform you that your file on your fund transfer has reached Mr. Carla Grasso Managing Director of the IMF(The International Monetary Fund). We are also aware that your transaction has been dormant for a while now, and we will like to know why. It will be in your own interest to get back to the department director Mr David who is in charge of the transfer unit of IMF, get back to him as soon as possible, failure to do so we shall confiscate your funds to charity.

Email.......imf_davidhanks147@yahoo.com

Fill Out the information to him if you are ready to get your FUNDS

Your Full Name:...............
Direct Phone:....................
Country.................
Occupation:.....................
Gender:.........
Age:..............
Bank details.............
A Scan Copy Of Your Identity Card Or Drivers License.

And take note any other email you receive form anybody claiming to have your fund should be sent to this office and you are advised to stop any transaction or payment to the institutions who have been in contact with you lately for they are scam and the FBI and EFCC are after them,so be smart the IMF is now in-charge of all dept .

We await your reply.

Have a good day.

Department Director
Mr. David Hanks

Email analysis :

NOTE : Received : from vizyontanitim.com
NOTE : (toroon12-1279381067.sdsl.bell.ca [76.65.206.75])

Scammer with the IP 76.65.206.75

NOTE : imf.davidhanks247@gmail.com
NOTE : info@vizyontanitim.com

Monday, April 24, 2017

Scan Data (VIRUS)

Number of images: 1
Attachment File Type: PDF

Description *

File analysis :

OPEN : Scan_*.pdf
SHA256 : d1efbca78f8847005a369ec24155723ccd257e58cd282429cc04f76f898743b7
RESULT : FILE IS A VIRUS

Virus analysis :

Antiy-AVL : Trojan[Downloader]/MSWord.Agent.bgy
Baidu : Multi.Threats.InArchive
CAT-QuickHeal : O97M.Downloader.AJI
ClamAV : Doc.Dropper.Dridex-6260340-0
Fortinet : WM/TrojanDownloader.7A51!tr
McAfee : W97M/Downloader.brv
McAfee-GW-Edition : BehavesLike.PDF.Trojan.qb
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Qihoo-360 : virus.office.obfuscated.1
Rising : Heur.Macro.Downloader.d (cloud:UJEmOxwGVqO)
TrendMicro : HEUR_VBA.O2
ZoneAlarm by Check Point : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : Received : from static.vnpt.vn (unknown [14.164.139.179])
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1)
NOTE : Gecko/20110929 Thunderbird/7.0.1
NOTE : Received : from gra-PC (unknown [114.31.8.46])


NOTE : Street view of 114.31.8.46


IP :

  • 114.31.8.46
  • 14.164.139.179

Congratulations!

Congratulations! You e-mail has just won you the sum of $1,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you by the National Lottery Secretary, Barrister. Mark Knox. Please contact him with your Qualification Number[OXG /101/231/BDB] as soon as possible.

Barrister. Mark Knox
National Lotto Secretary
Email: oxfaminternational9@gmail.com

Email analysis :

NOTE : oxfaminternational9@gmail.com
NOTE : buidoanquyet@hanam.gov.vn

A governmental vietnamese website was used to relay a scam.

NOTE : Received : from mail1.HaNam.gov.vn ([192.168.2.3])
NOTE : by MAIL2.HaNam.gov.vn (IBM Domino Release 9.0 HF683)
NOTE : Received : from mail.hanam.gov.vn (mail.hanam.gov.vn. [113.160.198.113])

mail.hanam.gov.vn was used to relay a scam.

NOTE : A governmental vietnamese website was used to relay a scam.

Vous avez de nouveau message ( Phishing Société Générale )

Cher(e) Client(e),

Votre conseiller vous informe que vous avez reçu un message important

conçernant votrecPass ,

eAccèsuàxvosxcomptes

Cordialement
Société Générale

sg

Email analysis :

NOTE : X-Php-Originating-Script : 0:njd.php
NOTE : e@atosucire.com
NOTE : Received : by batidocs.fr (Postfix, from userid 33)
NOTE : Received : from batidocs.fr ([46.101.97.198])

Phishing from 46.101.97.198

Phishing analysis :

CLICK : eAccèsuàxvosxcomptes
OPEN : http://ecodebredpasrapel.com/votrecode
REDIRECT : http://www.drivegeelong.com.au/journal/url/njd
RESULT : Phishing attempt...

Affected services :

NOTE : e@atosucire.com (Spoofed email.)
NOTE : batidocs.fr (46.101.97.198) (Relaying the phishing email.)
NOTE : ecodebredpasrapel.com (Hosting the redirect to the phishing.)
NOTE : drivegeelong.com.au (Hosting the phishing.)
NOTE : Société Générale (Victim.)

Banco Santander (Brasil) S.A. | Evite Bloqueio de sua conta (*) (Phishing Attempt)

Banco Santander S.A.

Prezado(a) Cliente,

Comunicamos que seus dados cadastrais encontram-se desatualizados em nosso sistema.Para que você possa desfrutar dos benefícios com comodidade e segurança, pedimos que você efetue a Atualização Cadastral de Segurança imposta pelo nosso sistema.

Este procedimento deve ser efetuado, evitando o bloqueio aos canais Santander tais como Telefone, Internet Banking e Caixas Eletrônicos.

Para evitar a suspensão automática desses serviços, habilite suas atualizações clicando no botão abaixo.
Este recurso só é ativado se você aceitar, e é atualizado a partir de servidores certificados..

Deseja confirmar suas definições de segurança?

Confirmar

Banco Santander (Brasil) S.A. CNPJ: 90.400.888/0001-42 Avenida Presidente Juscelino Kubitschek, 2041 e 2235 - Bloco A, Vila Olímpia, São Paulo/SP - CEP 04543-011

Screenshot of the phishing :

Santande

Email analysis :

NOTE : Received : by ip-160-153-226-153.ip.secureserver.net
NOTE : (Postfix, from userid 33)
NOTE : 160.153.226.184

160.153.226.184

NOTE : X-Mailer : Microsoft Office Outlook, Build 17.551210
NOTE : X-Mailer : iGMail [www.ig.com.br]

Phishing analysis :

CLICK : Confirmar
OPEN : http://ip-160-153-229-233.ip.secureserver.net/cadastro/*
RESULT : Phishing is unresponsive...

Sunday, April 23, 2017

ExxonMobil Recruitment ( Urgent Employment )

ExxonMobil Recruitment
You are hereby notified that your qualifications and experiences which you submitted at a job finding site were found suitable for the requirements of ExxonMobil Oil & Gas Exploration.

For verification and screening you are to submit your most recent Resume / CV as soon as possible for an employment interview to be conducted. On notification of interest, & for re-confirmation purposes you're required to submit your most recent Resume / CV via exxonmobilofficeuae@gmail.com . We shall conduct an online interview to necessitate the issuance of our employment contract agreement.

Regards ,

Management

ExxonMobil Oil & Gas Exploration

Email analysis :

NOTE : exxonmobilofficeuae@gmail.com
NOTE : julli_ann@aol.fr
NOTE : Received : from Mike (unknown [197.210.226.131])

CONFIRM THIS TO ME FAST!!!!

Dr.Mohamed Ahmed.
MINISTER OF FINANCE(MOF)
OPERATIONAL TOWERS;8/10
CARRIER CRESCENT,COTONOU.BENIN REPUBLIC.
HOT-LINE(00229)98-77-63-27
EMAIL;drmohamedahmed13@yahoo.com
Attn: Sir/Madam.

I am Dr.Mohamed Ahmed, minister of finance (M.A.R),I monitor offices and control the affairs of all banks and financial institutions in Benin republic concerned foreign contract payments. I am the final signatory to all foreign transfers of huge funds moving within banks both the local and international levels in line to foreign contracts settlement. I have before me the list of foreign contract payment files, which are due to be transferred to their nominated accounts. Meanwhile, we identified some of these accounts to be ghost accounts, unclaimed deposits and over invoiced sum etc. I wish to have a deal with you as regards to the unpaid fund. I have a file before me and hope the date's are correct and UN-tampered. As it is my duty to recommend the transfer of these surplus fund to the Federal Government Treasury and Reserve Accounts as unclaimed deposit. I have the opportunity to write you based on the instruction I received two days ago from the senate committee on contract payment/foreign debts to submit the list of payment reports expenditures and audited reports of revenues. Among several others, I have decided to remit the total sum of USD15.2 million following the idea that we have a deal/agreement and I am going to perfect the paper work legally.

MY CONDITIONS

1.You will have to provide foreign account where the funds will be transferred.

2.This deal must be kept secret forever, and all correspondence will be strictly by private email /telephone for security purposes.

3.There should be no other third parties as most problems associated with such payments are caused by their agents or representatives. If you AGREE with my Conditions, contact me directly through this email address;(drmohamedahmed13@yahoo.com) will advise you on the next line of action and immediately the funds transfer will commence without further delay as I would proceed to fix your name on the payment schedule instantly within the next 5 working days.

NOTE:DUE TO THE HIGH RATES OF INTERNET SCAMMERS,IF YOU ARE REPLYING TO THIS EMAIL,DO WRITE "YOUR BROTHER" AT THE SUBJECT OF YOUR REPLY ,THAT SERVES AS OUR SECRET CODE FOR THIS TRANSACTION,BECAUSE I DO NOT WANT YOU OR ME TO FALL VICTIM OF ANY CIRCUMSTANCES.

THANKS,
YOURS FAITHFULLY
Dr.Mohamed Ahmed.

Email analysis :

NOTE : drmohamedahmed13@yahoo.com
NOTE : "www."@orange.ocn.ne.jp
NOTE : X-Originating-Ip : [197.234.219.49]

Tuesday, April 11, 2017

Alertes (Phishing Société Générale)

Cher(e) Client(e)

AfinJdeJprévenirJl'utilisationJfrauduleuseJdesJcartesJbancairesJsurJinternet,
SociétéJGénéraleJestJdotéeJd'unJdispositifJdeJcontroleJdesJprélèvements.CeJservicejj
estJentierementJgratuitJNotreJsystemeJaJdetecteJqueJvousJn'avezJpasJactivéJPasse sécurité.
PourJactivéJleJPasseJsécurité, VeuillerJcliquez sur leJlienJci-dessous :

Cliquez ici

NousJvousJremercionsJdeJvotreJconfiance.

Cordialement,
DirecteurJdeJlaJrelationJclients.

Phishing screenshot :

Phishing Screenshot

Email analysis :

NOTE : jan.v.d.kamp@versatel.nl
NOTE : Cmm-Sending-Ip : 82.215.18.99

82.215.18.99

NOTE : Received : by webmail01.zonnet.isp-net.nl (Postfix, from userid 33)

Phishing analysis :

CLICK : Cliquez ici
OPEN : http://www.asociacioncar.com/adm
REDIRECT : http://tabonm79.beget.tech/googl/sg2017/*/

Phishing Société Générale

NOTE : ENTER FAKE PASSWORD AND USER
REDIRECT : http://tabonm79.beget.tech/googl/sg2017/*/dcr-web/

Phishing Société Générale

Affected services :

NOTE : Fietsenwinkel.nl (Relaying the phishing email.)
NOTE : asociacioncar.com (Hosting the redirect to the phishing.)
NOTE : tabonm79.beget.tech (Hosting the phishing.)
NOTE : beget.tech (Hosting the phishing page.)
NOTE : Société Générale (Victim)

Your USD$15.5million cashier check.

Attention please

We have received the check from the bank last week and kept the check with Dr. Jerry Udo as we discussed, Please email him immediately inorder to send you the cheque. I am in Colombia now.

I kept USD$15.5million cashier check & will send you the rest of money after my business trip here. I sent you so many emails last week but all bounced back. So contact Dr. Udo with his below email address for him to send the check to you: ( jerryudo@mail2Winner.com ) or call him at +229 99485442

Thanks and do let me know when you have received it. 'Copy & paste' (jerryudo@mail2Winner.com)

Regards
Majvor Forsberg
United Nations Rep, U

Email analysis :

NOTE : jerryudo@mail2Winner.com
NOTE : info@gmail.com
NOTE : Received : from [41.138.91.233] (helo=User)
NOTE : by x068vm10.dattaweb.com

x068vm10.dattaweb.com