Hello Friend.
You maybe surprise receiving such message from me, and being skeptical to reply. But I want to tell you to be free to respond. I am giving you my assurance and protection towards the deal I’m about to offer you which at the end we shall be more than happy.
My name is Caldwell William (Bill), born in Columbus, Georgia, USA. I was Commanding General of United States Army North, also known as the Fifth Army, served as the Commander of NATO Training Mission – Afghanistan, and simultaneously as the Commander of Combined Security Transition Command – Afghanistan and Iraq. While I was on duty, a lot happened which I cannot explained further because it was a tragedy.
While on duty, we also discovered a lot of things within my squad. I had in my possession Gold’s and physical Cash which were deposited in one of the security vault here, but safety of it is not guaranteed that is reason why I need your assistance to move it as soon as possible we can reach an agreement. I was planning to move it down to China for safety and for security purposes but it is not easier for I been on duty and handle that at same time.
That is reason why I am contacting you at this point of time, I need your help and if we reached an agreement I will authorize you with the proper documentations giving to me and security codes to retrieve what I had in the vault with the security company here in Iraq to move it down to you. If possible converting to the gold’s to Cash and have it secured also invest in your country on my behalf. But we have to reach an agreement and sign proper documents before this can be execute.
Note. This required 100% trust because you will be rewarded accordingly to the agreement. I need your feedback, and then we can proceed further to achieve our goals.
Thanks for your cooperation and understanding.
Yours Sincere
Caldwell William (Bill).
Email analysis :
NOTE : arodriguez@sinafocal.gov.py
NOTE : caldwilliam929@gmail.com
NOTE : X-Originating-Ip : [150.5.5.1]
Thursday, June 8, 2017
Thursday, June 1, 2017
Рiԁ:382663110 (Apple Phishing)
myApple
Apple
Hello *@*,
We have unfortunately been unable to review some information in your Profile. To confirm your details Continue and SignOn.
Continue and Sign On
With our respects,
Apple Team
You're receiving this email from us because this address was entered to sign at apple.com. Having trouble? Let us know here.
© Copyright 2017 Apple.com
Email analysis :
NOTE : info@appleacres.co.uk
NOTE : Received : from smalldisk10 (13.65.207.162)
NOTE : by msx-van.nhc.local (192.168.101.10)
NOTE : Received : from MSX-VAN.nhc.local (192.168.101.10)
NOTE : by MSX-VAN.nhc.local (192.168.101.10)
NOTE : Received : from mail01.nhcweb.com (mail.nhcweb.com. [207.194.62.167])
Phishing analysis :
CLICK : Continue and Sign on
OPEN : http://charishospice.com/joy.php?*
REDIRECT : http://www.apple.com-logind52ac2j8rcgbjgpakeohtcy23rnbdx1vqw9o0w97rdamd89d67.saopaulonanet.com.br/apple/unitedstatesapple/*
SCREENSHOT :
Apple
Hello *@*,
We have unfortunately been unable to review some information in your Profile. To confirm your details Continue and SignOn.
Continue and Sign On
With our respects,
Apple Team
You're receiving this email from us because this address was entered to sign at apple.com. Having trouble? Let us know here.
© Copyright 2017 Apple.com
Email analysis :
NOTE : info@appleacres.co.uk
NOTE : Received : from smalldisk10 (13.65.207.162)
NOTE : by msx-van.nhc.local (192.168.101.10)
NOTE : Received : from MSX-VAN.nhc.local (192.168.101.10)
NOTE : by MSX-VAN.nhc.local (192.168.101.10)
NOTE : Received : from mail01.nhcweb.com (mail.nhcweb.com. [207.194.62.167])
Phishing analysis :
CLICK : Continue and Sign on
OPEN : http://charishospice.com/joy.php?*
REDIRECT : http://www.apple.com-logind52ac2j8rcgbjgpakeohtcy23rnbdx1vqw9o0w97rdamd89d67.saopaulonanet.com.br/apple/unitedstatesapple/*
SCREENSHOT :
Wednesday, May 31, 2017
Finance! (Loan Scam)
UNSECURED BUSINESS/PERSONAL LOAN BY LOAN CAPITAL FINANCE
- NO COLLATERAL
- MINIMUM DOCUMENTATION
- BUSINESS LOAN UP TO FIVE(5) MILLION US DOLLARS
CONTACT US TODAY VIA EMAIL: clfin77@foxmail.com
Email analysis :
NOTE : clfin77@foxmail.com
NOTE : angela.nava@zipaquira.gov.co
NOTE : Received : from correo.zipaquira.gov.co ([179.60.243.20])
NOTE : correo.zipaquira.gov.co
CONCLUSION :
The mail server of the colombian government has been used to relay this scam.
About Zipaquira :
Zipaquirá (Spanish pronunciation: [sipakiˈɾa]) is a municipality and city of Colombia in the department of Cundinamarca. Its neighboring municipalities are Tausa and Cogua to the north; Nemocón, Gachancipá and Sopó to the east; Cajicá and Tabio to the south; and Subachoque and Pacho to the west. Its seat of municipal government is 49 kilometers from Santa Fe de Bogotá. It is part of the Greater Bogotá Metropolitan Area, and is the capital of the province. It is also the headquarters of the diocese of the same name and that includes much of the Department of Cundinamarca, extending to the centre of Bogotá, the region of Rionegro, the Ubaté Valley, and the region of Guavio.
- NO COLLATERAL
- MINIMUM DOCUMENTATION
- BUSINESS LOAN UP TO FIVE(5) MILLION US DOLLARS
CONTACT US TODAY VIA EMAIL: clfin77@foxmail.com
Email analysis :
NOTE : clfin77@foxmail.com
NOTE : angela.nava@zipaquira.gov.co
NOTE : Received : from correo.zipaquira.gov.co ([179.60.243.20])
NOTE : correo.zipaquira.gov.co
CONCLUSION :
The mail server of the colombian government has been used to relay this scam.
About Zipaquira :
Zipaquirá (Spanish pronunciation: [sipakiˈɾa]) is a municipality and city of Colombia in the department of Cundinamarca. Its neighboring municipalities are Tausa and Cogua to the north; Nemocón, Gachancipá and Sopó to the east; Cajicá and Tabio to the south; and Subachoque and Pacho to the west. Its seat of municipal government is 49 kilometers from Santa Fe de Bogotá. It is part of the Greater Bogotá Metropolitan Area, and is the capital of the province. It is also the headquarters of the diocese of the same name and that includes much of the Department of Cundinamarca, extending to the centre of Bogotá, the region of Rionegro, the Ubaté Valley, and the region of Guavio.
Tuesday, May 30, 2017
Urgent Attention!! (Scam)
Good Day,
How are u doing today ? Apologies! I am a military woman ,seeking your kind assistance to move the sum of ($4.7.M USD) to you, as far as i can be assured that my money will be safe in your care until i complete my service here in Iraq and come over next month.
This is legitimate, and there is no danger involved. I need your full details to enable us proceed, such as : your Full Name, Full Address, Direct Mobile Number via hesterleigh.annz@gmail.com
Regards ,
Sgt. Leigh .A. Hester
Email analysis :
NOTE : Urgent Attention!!
NOTE : ovia.david2@aol.com
NOTE : hesterleigh.annz@gmail.com
NOTE : X-Aol-Ip : 197.210.227.124
How are u doing today ? Apologies! I am a military woman ,seeking your kind assistance to move the sum of ($4.7.M USD) to you, as far as i can be assured that my money will be safe in your care until i complete my service here in Iraq and come over next month.
This is legitimate, and there is no danger involved. I need your full details to enable us proceed, such as : your Full Name, Full Address, Direct Mobile Number via hesterleigh.annz@gmail.com
Regards ,
Sgt. Leigh .A. Hester
Email analysis :
NOTE : Urgent Attention!!
NOTE : ovia.david2@aol.com
NOTE : hesterleigh.annz@gmail.com
NOTE : X-Aol-Ip : 197.210.227.124
Dear Lucky Winner, (Lottery Scam)
APEC LOTTERY PROMO
Ref Number: NLUS/910/16454
Batch Number: VC/32/ID1141
Dear Lucky Winner,
We are happy to announce to you that your email address have won $2,000,000.00 (Two Million US Dollars). You were selected among the 10(Ten) lucky winners during the internet ballot draw of the APEC LOTTERY PROMO.
You are advised to contact the claim department immediately with the below information for the release of your prize money.:
Mr Lawrence Markins (Claim Agent)
Tel: +1-323-999-9775
Fax: +1-8176281183
Email: apeclototerpromo@consultant.com
International prize Department
CONGRATULATIONS!!!
Yours faithfully,
Mrs. Alice schieble
Online Coordinator.
Email analysis :
NOTE : rebeccaschieble8@yahoo.com
NOTE : apeclototerpromo@consultant.com
NOTE : Received : from sonic.gate.mail.ne1.yahoo.com
NOTE : client-ip=77.238.178.205;
Ref Number: NLUS/910/16454
Batch Number: VC/32/ID1141
Dear Lucky Winner,
We are happy to announce to you that your email address have won $2,000,000.00 (Two Million US Dollars). You were selected among the 10(Ten) lucky winners during the internet ballot draw of the APEC LOTTERY PROMO.
You are advised to contact the claim department immediately with the below information for the release of your prize money.:
Mr Lawrence Markins (Claim Agent)
Tel: +1-323-999-9775
Fax: +1-8176281183
Email: apeclototerpromo@consultant.com
International prize Department
CONGRATULATIONS!!!
Yours faithfully,
Mrs. Alice schieble
Online Coordinator.
Email analysis :
NOTE : rebeccaschieble8@yahoo.com
NOTE : apeclototerpromo@consultant.com
NOTE : Received : from sonic.gate.mail.ne1.yahoo.com
NOTE : client-ip=77.238.178.205;
You recently made a request to reset your Apple id (Apple Phishing)
AppleINC
Dear Customer,
You recently made a request to reset your Apple id.Please click the link below to complete the process .
Reset now
If you did not make this change or you believe an unauthorised person has accessed your account,go to appleid.apple.com
to review and update your rity settings .
Sincerely,
Apple Support
Phishing screenshot :
Email analysis :
NOTE : paypal@service.fr
NOTE : Received : from lfsharedfs.FARMINDUSTRIA.LOCAL
NOTE : (extranet.farmindustria.com.pe [200.10.71.170])
Phishing analysis :
CLICK : http://amedamr06.webstarterz.com/apple.id.com
REDIRECT : http://93.182.172.19/Apple/Login.php?sslchannel=true&sessionid=*
SCREENSHOT :
Your Apple ID has been locked ! (Apple Phishing)
Validate your account information.
Dear iTunes Customer,
This is an automatic message sent by our security system to let you know that you have 48 hours to confirm your account information.
To validate your account information associated with your Apple ID, please
Visit the My Apple ID website
and sign in with your Apple ID and password. This will help protect your account in the future. This process does not take more than 3 minutes.
We apologise for any inconvenience caused.
Your sincerely,
Apple Security Department
TM and copyright 2017 Apple Inc. 1 Infinite Loop, MS 83-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID
Phishing screenshot :
Email analysis :
NOTE : noreply@email.apple.co.jp
NOTE : Received : from SERVER1 ([124.248.205.5])
Phishing analysis :
Click : Visit the My Apple ID website
OPEN : http://107.173.193.7/~eqjaeahu/index2.html
SCREENSHOT :
REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/suspended.php
SCREENSHOT :
CLICK : Confirm My Account
REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/personal.php
SCREENSHOT :
Dear iTunes Customer,
This is an automatic message sent by our security system to let you know that you have 48 hours to confirm your account information.
To validate your account information associated with your Apple ID, please
Visit the My Apple ID website
and sign in with your Apple ID and password. This will help protect your account in the future. This process does not take more than 3 minutes.
We apologise for any inconvenience caused.
Your sincerely,
Apple Security Department
TM and copyright 2017 Apple Inc. 1 Infinite Loop, MS 83-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID
Phishing screenshot :
Email analysis :
NOTE : noreply@email.apple.co.jp
NOTE : Received : from SERVER1 ([124.248.205.5])
Phishing analysis :
Click : Visit the My Apple ID website
OPEN : http://107.173.193.7/~eqjaeahu/index2.html
SCREENSHOT :
REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/suspended.php
SCREENSHOT :
CLICK : Confirm My Account
REDIRECT : http://107.173.193.7/~eqjaeahu/New1/*/personal.php
SCREENSHOT :
Tuesday, May 23, 2017
Confirme your account ! (PayPal Phishing)
Important Notification : We Need To Validate Your ΡΑΥΡΑL Information
If you are seeing the messages this means that your account has been visited from an unusual place given below :
IP : 67.86.204.244
Country : United States
City : New York, Ossining
As a security measure, your account has been Iimited.
Case id : PP-801-707-047
Don't worry, you will be able to get your account back just after finishing this steps.
Continue
Email analysis :NOTE :
NOTE : Received : from d793.dinaserver.com (d793.dinaserver.com. [82.98.157.143])
NOTE : firstsunmallorca@d793.dinaserver.com
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : firstsunmallorca@d793.dinaserver.com designates 82.98.157.143 as permitted sender)
Phishing screenshot :
Phishing analysis :
CLICK : Continue
OPEN : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/signin/
NOTE : VALIDATE FORM
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/settings/?verify_account=session=NL&*&dispatch=*
SCREENSHOT :
If you are seeing the messages this means that your account has been visited from an unusual place given below :
IP : 67.86.204.244
Country : United States
City : New York, Ossining
As a security measure, your account has been Iimited.
Case id : PP-801-707-047
Don't worry, you will be able to get your account back just after finishing this steps.
Continue
Email analysis :NOTE :
NOTE : Received : from d793.dinaserver.com (d793.dinaserver.com. [82.98.157.143])
NOTE : firstsunmallorca@d793.dinaserver.com
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : firstsunmallorca@d793.dinaserver.com designates 82.98.157.143 as permitted sender)
Phishing screenshot :
Phishing analysis :
CLICK : Continue
OPEN : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/signin/
NOTE : VALIDATE FORM
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/settings/?verify_account=session=NL&*&dispatch=*
SCREENSHOT :
PayPal Phishing
PayPal
Informations concernant votre compte:
Dans le cadre de nos mesures de sécurité, Nous vérifions régulièrement l'activité de l'écran PayPal. Nous avons demandé des informations à vous pour la raison suivante:
Notre système a détecté des charges inhabituelles à une carte de crédit liée à votre compte PayPal.
Numéro de Référence: PP-259-187-991
C'est le dernier rappel pour vous connecter à PayPal, le plus tôt possible. Une fois que vous serez connecter. PayPal vous fournira des mesures pour rétablir l'accès à votre compte.
une fois connecté, suivez les étapes pour activer votre compte . Nous vous remercions de votre compréhension pendant que nous travaillons à assurer la sécurité compte.
Cliquer ici pour vérifier votre compte
Nous vous remercions de votre grande attention à cette question. Sil vous plaît comprenez que c'est une mesure de sécurité destinée à vous protéger ainsi que votre compte. Nous nous excusons pour tout inconvénient..
Département de revue des comptes PayPal
Copyright © 2017 PayPal. Tous droits réservés.
PayPal (Europe) S.à r.l. & Cie, S.C.A. Société en Commandite par
Actions Siège social : 5ème étage 22-24 Boulevard Royal L-2449,
Luxembourg RCS Luxembourg B 118 349
Email PayPal n° PP059
Protégez votre compte
Assurez-vous de ne jamais donner votre mot de passe pour les sites Web frauduleux.
Toute sécurité d'accès au site PayPal ou à votre compte, ouvrez une fenêtre de navigateur Web (Internet Explorer ou Netscape) et tapez dans la page de connexion de PayPal (http://paypal.fr/) afin de vous assurer que vous êtes sur le véritable PayPal Site.
Pour plus d'informations sur la protection contre la fraude, sil vous plaît consulter nos conseils de sécurité
Protégez votre mot de passe
Vous ne devriez jamais donner votre mot de passe PayPal à personne.
--
This email was Virus checked by Astaro Security Gateway. http://www.sophos.com
Email analysis :
NOTE : Paypal@contact.ca
NOTE : Received : from [200.107.238.35] (port=2757 helo=User) by mx1.shary.com.sa
NOTE : client-ip=94.77.230.169;
Phishing screenshot :
Phishing analysis :
CLICK : Cliquer ici pour vérifier votre compte
OPEN : http://mir-pchelovoda.ru/components/com_acepolls/views/poll/tmpl/Notifications-service-demande-compte-ca.php
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/
SCREENSHOT :
CLICK : CONNEXION
RESULT : BAD PASSWORD...
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/error.php
The website sunshinetravel was used to store this PayPal phishing :
Subscribe to:
Posts (Atom)