Dear Western Union Customer,
You have been awarded with the sum of $360,000.00 USD. in the western
union money transfer program s one of our customers who use Western
Union in their daily business transaction,Please provide Mr.Dennis Woods
with the following details below so that your fund will be remitted to
you through Western Union Transfer.
(1)Names:
(2)Address:
(3)Phone Number:
(4)Sex:
(5)Age:
(6)Country:
(7)Occupation:
Mr.Dennis Woods
(Western Union Online coordinator)
E-mail: wu.moneytransfer_online1117@live.com
(Help Line: +254-7801-02173)
As soon as these details are received and verified, your
fund will be transferred to you. Thank you, for using
western union.
Email analysis :
NOTE : ECOLE MATERNELLE PUBLIQUE ROBERT DEBRE - SAINT-LOUIS
NOTE : ce.9740750X@ac-reunion.fr
NOTE : wu.moneytransfer_online11@msn.com
NOTE : Received : from [172.31.186.125] (Forwarded-For: 154.123.121.136)
NOTE : by store1.in.ac-reunion.fr (mshttpd);
NOTE : Received : from ac-reunion.fr (store1.ac-reunion.fr [172.31.186.61])
NOTE : by smtpout2.ac-reunion.fr (Postfix)
NOTE : client-ip=195.98.231.113;
NOTE : @educationfrance : Western Union Scam relayed from ce.9740750X / ac-reunion
Monday, August 7, 2017
Monday, July 31, 2017
FWD:RE (Phishing Société Générale)
En ce qui concerne les informations relatives à votre compte bancaire:
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Facebook
Instagram
Twitter
Pinterest
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Votre-Paiement-En ligne (Phishing attempt)
Bonjour,
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Camelot
You have Won $680,000
Email analysis :
NOTE : camelot.group@gmx.co.uk
NOTE : Received : from [192.168.0.100] (unknown [43.240.7.1])
NOTE : by spamwall.quilmes.gov.ar (Postfix)
NOTE : Received : from spamwall.quilmes.gov.ar
NOTE : (spamwall.quilmes.gov.ar. [190.120.191.6])
NOTE : The quilmes.gov.ar server was hacked to relay this scam.
NOTE : @QuilmesMuni was contacted
Email analysis :
NOTE : camelot.group@gmx.co.uk
NOTE : Received : from [192.168.0.100] (unknown [43.240.7.1])
NOTE : by spamwall.quilmes.gov.ar (Postfix)
NOTE : Received : from spamwall.quilmes.gov.ar
NOTE : (spamwall.quilmes.gov.ar. [190.120.191.6])
NOTE : The quilmes.gov.ar server was hacked to relay this scam.
NOTE : @QuilmesMuni was contacted
Thursday, July 27, 2017
Urgent sunTrust Confirmation
We have updated your contact information
For details about what changed, sign on to Messages and Alerts. To view the updates, or make additional updates, sign on to update your contact information.
1. If you did not make this request online, by phone, or at a Suntrust store, please sign on immediately . We are available 24 hours a day, 7 days a week.
Please update and verify your information by clicking the link below:
To view the updates
If your account information is not updated within 72 hours then your ability to access your account will become restricted.
Fraud Prevention Unit
Legal Advisor
Suntrust Bank
Email analysis :
NOTE : spam@petofisopron.hu
NOTE : Received : from [205.209.150.138] (205.209.150.138)
NOTE : by psrv01.petofisopron.hu (192.168.0.3)
Phishing analysis :
CLICK : To view the updates
OPEN : http://deliaujica.com/css/images/sunTrust/sun/validation/
RESULT : Phishing was removed.
For details about what changed, sign on to Messages and Alerts. To view the updates, or make additional updates, sign on to update your contact information.
1. If you did not make this request online, by phone, or at a Suntrust store, please sign on immediately . We are available 24 hours a day, 7 days a week.
Please update and verify your information by clicking the link below:
To view the updates
If your account information is not updated within 72 hours then your ability to access your account will become restricted.
Fraud Prevention Unit
Legal Advisor
Suntrust Bank
Email analysis :
NOTE : spam@petofisopron.hu
NOTE : Received : from [205.209.150.138] (205.209.150.138)
NOTE : by psrv01.petofisopron.hu (192.168.0.3)
Phishing analysis :
CLICK : To view the updates
OPEN : http://deliaujica.com/css/images/sunTrust/sun/validation/
RESULT : Phishing was removed.
Wednesday, July 26, 2017
Agence ClientèIe SBE : RappeI (Phishing Bred)
Cher(e) Client(e),
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Subscribe to:
Posts (Atom)