Thursday, June 8, 2017

URGENT ATTENTION REQUIRED

Hello Friend.

You maybe surprise receiving such message from me, and being skeptical to reply. But I want to tell you to be free to respond. I am giving you my assurance and protection towards the deal I’m about to offer you which at the end we shall be more than happy.

My name is Caldwell William (Bill), born in Columbus, Georgia, USA. I was Commanding General of United States Army North, also known as the Fifth Army, served as the Commander of NATO Training Mission – Afghanistan, and simultaneously as the Commander of Combined Security Transition Command – Afghanistan and Iraq. While I was on duty, a lot happened which I cannot explained further because it was a tragedy.

While on duty, we also discovered a lot of things within my squad. I had in my possession Gold’s and physical Cash which were deposited in one of the security vault here, but safety of it is not guaranteed that is reason why I need your assistance to move it as soon as possible we can reach an agreement. I was planning to move it down to China for safety and for security purposes but it is not easier for I been on duty and handle that at same time.

That is reason why I am contacting you at this point of time, I need your help and if we reached an agreement I will authorize you with the proper documentations giving to me and security codes to retrieve what I had in the vault with the security company here in Iraq to move it down to you. If possible converting to the gold’s to Cash and have it secured also invest in your country on my behalf. But we have to reach an agreement and sign proper documents before this can be execute.

Note. This required 100% trust because you will be rewarded accordingly to the agreement. I need your feedback, and then we can proceed further to achieve our goals.

Thanks for your cooperation and understanding.

Yours Sincere
Caldwell William (Bill).

Email analysis :

NOTE : arodriguez@sinafocal.gov.py
NOTE : caldwilliam929@gmail.com
NOTE : X-Originating-Ip : [150.5.5.1]

Thursday, June 1, 2017

Рiԁ:382663110 (Apple Phishing)

myApple

Apple

Hello *@*,

We have unfortunately been unable to review some information in your Profile. To confirm your details Continue and SignOn.

Continue and Sign On

With our respects,

Apple Team

You're receiving this email from us because this address was entered to sign at apple.com. Having trouble? Let us know here.

© Copyright 2017 Apple.com

Email analysis :

NOTE : info@appleacres.co.uk
NOTE : Received : from smalldisk10 (13.65.207.162)
NOTE : by msx-van.nhc.local (192.168.101.10)
NOTE : Received : from MSX-VAN.nhc.local (192.168.101.10)
NOTE : by MSX-VAN.nhc.local (192.168.101.10)
NOTE : Received : from mail01.nhcweb.com (mail.nhcweb.com. [207.194.62.167])

Phishing analysis :

CLICK : Continue and Sign on
OPEN : http://charishospice.com/joy.php?*
REDIRECT : http://www.apple.com-logind52ac2j8rcgbjgpakeohtcy23rnbdx1vqw9o0w97rdamd89d67.saopaulonanet.com.br/apple/unitedstatesapple/*
SCREENSHOT :

Wednesday, May 31, 2017

Finance! (Loan Scam)

UNSECURED BUSINESS/PERSONAL LOAN BY LOAN CAPITAL FINANCE
- NO COLLATERAL
- MINIMUM DOCUMENTATION
- BUSINESS LOAN UP TO FIVE(5) MILLION US DOLLARS
CONTACT US TODAY VIA EMAIL: clfin77@foxmail.com

Email analysis :

NOTE : clfin77@foxmail.com
NOTE : angela.nava@zipaquira.gov.co
NOTE : Received : from correo.zipaquira.gov.co ([179.60.243.20])

179.60.243.20

NOTE : correo.zipaquira.gov.co


CONCLUSION :

The mail server of the colombian government has been used to relay this scam.

About Zipaquira :


Zipaquirá (Spanish pronunciation: [sipakiˈɾa]) is a municipality and city of Colombia in the department of Cundinamarca. Its neighboring municipalities are Tausa and Cogua to the north; Nemocón, Gachancipá and Sopó to the east; Cajicá and Tabio to the south; and Subachoque and Pacho to the west. Its seat of municipal government is 49 kilometers from Santa Fe de Bogotá. It is part of the Greater Bogotá Metropolitan Area, and is the capital of the province. It is also the headquarters of the diocese of the same name and that includes much of the Department of Cundinamarca, extending to the centre of Bogotá, the region of Rionegro, the Ubaté Valley, and the region of Guavio.

Tuesday, May 30, 2017

Urgent Attention!! (Scam)

Good Day,

How are u doing today ? Apologies! I am a military woman ,seeking your kind assistance to move the sum of ($4.7.M USD) to you, as far as i can be assured that my money will be safe in your care until i complete my service here in Iraq and come over next month.

This is legitimate, and there is no danger involved. I need your full details to enable us proceed, such as : your Full Name, Full Address, Direct Mobile Number via hesterleigh.annz@gmail.com

Regards ,
Sgt. Leigh .A. Hester

Email analysis :

NOTE : Urgent Attention!!
NOTE : ovia.david2@aol.com
NOTE : hesterleigh.annz@gmail.com
NOTE : X-Aol-Ip : 197.210.227.124

197.210.227.124

Dear Lucky Winner, (Lottery Scam)

APEC LOTTERY PROMO
Ref Number: NLUS/910/16454
Batch Number: VC/32/ID1141

Dear Lucky Winner,

We are happy to announce to you that your email address have won $2,000,000.00 (Two Million US Dollars). You were selected among the 10(Ten) lucky winners during the internet ballot draw of the APEC LOTTERY PROMO.

You are advised to contact the claim department immediately with the below information for the release of your prize money.:

Mr Lawrence Markins (Claim Agent)

Tel: +1-323-999-9775
Fax: +1-8176281183
Email: apeclototerpromo@consultant.com
International prize Department

CONGRATULATIONS!!!

Yours faithfully,
Mrs. Alice schieble
Online Coordinator.

Email analysis :

NOTE : rebeccaschieble8@yahoo.com
NOTE : apeclototerpromo@consultant.com
NOTE : Received : from sonic.gate.mail.ne1.yahoo.com
NOTE : client-ip=77.238.178.205;

77.238.178.205

You recently made a request to reset your Apple id (Apple Phishing)


AppleINC
Dear Customer,

You recently made a request to reset your Apple id.Please click the link below to complete the process .
Reset now

If you did not make this change or you believe an unauthorised person has accessed your account,go to appleid.apple.com
to review and update your rity settings .

Sincerely,

Apple Support

Phishing screenshot :

Apple Phishing

Email analysis :

NOTE : paypal@service.fr
NOTE : Received : from lfsharedfs.FARMINDUSTRIA.LOCAL
NOTE : (extranet.farmindustria.com.pe [200.10.71.170])

Phishing analysis :

CLICK : http://amedamr06.webstarterz.com/apple.id.com
REDIRECT : http://93.182.172.19/Apple/Login.php?sslchannel=true&sessionid=*
SCREENSHOT :

Apple Phishing

Your Apple ID has been locked ! (Apple Phishing)

Validate your account information.

Dear iTunes Customer,
This is an automatic message sent by our security system to let you know that you have 48 hours to confirm your account information.
To validate your account information associated with your Apple ID, please

Visit the My Apple ID website

and sign in with your Apple ID and password. This will help protect your account in the future. This process does not take more than 3 minutes.

We apologise for any inconvenience caused.
Your sincerely,
Apple Security Department

TM and copyright 2017 Apple Inc. 1 Infinite Loop, MS 83-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID

Phishing screenshot :

Apple Phishing

Email analysis :

NOTE : noreply@email.apple.co.jp
NOTE : Received : from SERVER1 ([124.248.205.5])

Phishing analysis :

Click : Visit the My Apple ID website
OPEN : http://107.173.193.7/~eqjaeahu/index2.html
SCREENSHOT :

Apple Phishing

REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/suspended.php
SCREENSHOT :

Apple Phishing

CLICK : Confirm My Account
REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/personal.php
SCREENSHOT :

Apple Phishing

Tuesday, May 23, 2017

Confirme your account ! (PayPal Phishing)

Important Notification : We Need To Validate Your ΡΑΥΡΑL Information

If you are seeing the messages this means that your account has been visited from an unusual place given below :

IP : 67.86.204.244
Country : United States
City : New York, Ossining
As a security measure, your account has been Iimited.
Case id : PP-801-707-047
Don't worry, you will be able to get your account back just after finishing this steps.

Continue

Email analysis :NOTE :

NOTE : Received : from d793.dinaserver.com (d793.dinaserver.com. [82.98.157.143])

82.98.157.143

NOTE : firstsunmallorca@d793.dinaserver.com
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : firstsunmallorca@d793.dinaserver.com designates 82.98.157.143 as permitted sender)

82.98.157.143

Phishing screenshot :

Paypal
Phishing analysis :

CLICK : Continue
OPEN : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/signin/
PayPal
NOTE : VALIDATE FORM
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/settings/?verify_account=session=NL&*&dispatch=*
SCREENSHOT :

PayPal Phishing


PayPal

Informations concernant votre compte:

Dans le cadre de nos mesures de sécurité, Nous vérifions régulièrement l'activité de l'écran PayPal. Nous avons demandé des informations à vous pour la raison suivante:

Notre système a détecté des charges inhabituelles à une carte de crédit liée à votre compte PayPal.

Numéro de Référence: PP-259-187-991

C'est le dernier rappel pour vous connecter à PayPal, le plus tôt possible. Une fois que vous serez connecter. PayPal vous fournira des mesures pour rétablir l'accès à votre compte.

une fois connecté, suivez les étapes pour activer votre compte . Nous vous remercions de votre compréhension pendant que nous travaillons à assurer la sécurité compte.

Cliquer ici pour vérifier votre compte

Nous vous remercions de votre grande attention à cette question. S’il vous plaît comprenez que c'est une mesure de sécurité destinée à vous protéger ainsi que votre compte. Nous nous excusons pour tout inconvénient..

Département de revue des comptes PayPal
Copyright © 2017 PayPal. Tous droits réservés.

PayPal (Europe) S.à r.l. & Cie, S.C.A. Société en Commandite par
Actions Siège social : 5ème étage 22-24 Boulevard Royal L-2449,
Luxembourg RCS Luxembourg B 118 349

Email PayPal n° PP059

Protégez votre compte
Assurez-vous de ne jamais donner votre mot de passe pour les sites Web frauduleux.

Toute sécurité d'accès au site PayPal ou à votre compte, ouvrez une fenêtre de navigateur Web (Internet Explorer ou Netscape) et tapez dans la page de connexion de PayPal (http://paypal.fr/) afin de vous assurer que vous êtes sur le véritable PayPal Site.

Pour plus d'informations sur la protection contre la fraude, s’il vous plaît consulter nos conseils de sécurité
Protégez votre mot de passe
Vous ne devriez jamais donner votre mot de passe PayPal à personne.
--
This email was Virus checked by Astaro Security Gateway. http://www.sophos.com

Email analysis :

NOTE : Paypal@contact.ca
NOTE : Received : from [200.107.238.35] (port=2757 helo=User) by mx1.shary.com.sa
NOTE : client-ip=94.77.230.169;


Phishing screenshot :


Phishing analysis :

CLICK : Cliquer ici pour vérifier votre compte
OPEN : http://mir-pchelovoda.ru/components/com_acepolls/views/poll/tmpl/Notifications-service-demande-compte-ca.php
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/
SCREENSHOT :


CLICK : CONNEXION
RESULT : BAD PASSWORD...
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/error.php


The website sunshinetravel was used to store this PayPal phishing :