Saturday, August 19, 2017

BARCLAY,S BANK PLC,UK ( Scam )

KJHGFDDFGHJKLKJHGF
BARCLAY,S BANK PLC,UK
1 Churchill Place,
London, E14 5HP
Tel: (352) 437-8240
From The Desk Of:
Mr. Jimmy Johnson
Email(justiciaclient@gmail.com)

Attention,

I am Mr. Jimmy Johnson from Barclays Bank PLC,UK. we had just formed a new forum which is the newly inaugurated World Debt Recovery committee (WDRC). My committee has a mandate to recover unpaid debts associated with NNPC contracts, Lottery fund, inheritance fund, loans and grants etc ranging from $1M-$95.5M owed to various beneficiaries and companies across the globe (Asia, Europe, USA, Africa, and Australia) and submit the list of the unpaid beneficiaries/companies to the 2 appointed official paying Banks for immediate payment of the fund. In the course of our investigation, your email address/particulars were shortlisted among the first fifteen individuals yet to be paid hence this email. However, we received a petition today from one Mrs. Christina Morgan that you are dead. According to her, you died in a plane crash as such your fund should be paid to her as the apparent heir. She has also submitted her Bank account with Bank of America for the transfer of the fund to her. To avoid undue delay or paying the fund to wrong individual/beneficiary, we have decided to contact you for confirmation. If we fail to hear from you after 72 hours, it will be assumed that the petition of Mrs. Morgan is true and the fund will be paid to her without further delay. Therefore, We would like you to choose below your choice of fund transfer:

(A) Bank Transfer/Online Banking
(B) Certified Bank Draft/Cheque
(C) ATM Card
(D) Consignment

Your full personal information is also required as below which will be needed for the transfer of your fund.

(A) Full name and residential address
(B) Next of kin
(C) Occupation
(D) Nationality
(E) Bank Account Information
(F) Telephone numbers
(G) Scan the first page of your international passport or drivers license, recent passport photograph, send all via email attachment.

Email(justiciaclient@gmail.com)

Your urgent response is always required because you have a limited time to execute this fund. be free to call us any time for more information.

Sincerely Yours
Mr. Jimmy Johnson

Email analysis :

NOTE : client-ip=92.61.41.40;


NOTE : X-Originator-Ip : 41.86.234.171


NOTE : justiciaclient@gmail.com
NOTE : User-Agent : Roundcube Webmail/0.4.2
NOTE : Return-Path : < shadowmagic222@one.lt >
NOTE : Organization : Mr. Jimmy Johnson
NOTE : Mime-Version : 1.0
NOTE : X-Php-Originating-Script : 502:func.inc
NOTE : BARCLAY,S BANK PLC,UK

Your fund has been discovered (Scam from a zombie server)

Hello,
My name is Frank. I am a top-exec in a global bank here in Asia. I have an offer for you that will greatly benefit us both if we work together. Please, do get in touch with me so I can explain more about the deal.
Cordially,
Frank

Email analysis :

NOTE : p.pproject@outlook.com
NOTE : test@rachatcredits.ovh
NOTE : X-Ovh-Remote : 213.186.33.59 (b9.ovh.net)
NOTE : Mime-Version : 1.0
NOTE : Content-Description : Mail message body
NOTE : client-ip=91.121.204.118;


NOTE : helo=ns336204.ip-91-121-204.eu;
NOTE : Received : from [51.254.235.99] (ip99.ip-51-254-235.eu [51.254.235.99])


NOTE : by ns336204.ip-91-121-204.eu (Postfix)
NOTE : Rép :
NOTE : Scam from a zombie server hosted on OVH.

Votre demande d'ahésion ! (Phishing Société Générale)


vos information
SG

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < noreply@tix.fr >
NOTE : X-Sender-Info : < 349043243@infong732.kundenserver.de >
NOTE : Received : from mout.kundenserver.de ([212.227.126.133])
NOTE : Received : from infong732.kundenserver.de (infong732.kundenserver.de [212.227.29.55])
NOTE : by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis)
NOTE : Received : from 62.210.15.181 (IP may be forged by CGI script)
NOTE : by infong732.kundenserver.de
NOTE : Votre demande d'ahésion !

Phishing analysis :

CLICK : SG
OPEN : x-webdoc://***
OPEN : SOURCE CODE
EXTRACTED : http://apalomino.com/calson/ - http://peinturesdusud-avignon.com/sec
EXTRACTED : cyberzoide@multimanoi.com_body
OPEN : http://apalomino.com/calson/
REDIRECT : http://cubiertasbarcelona.es/eteg/nera/
SCREENSHOT :


Impacted services :

Relay : kundenserver.de
Open Redirect : apalomino.com
Phishing hosted on : cubiertasbarcelona.es
Victim : Société Générale

Tuesday, August 15, 2017

Is it a scam ? ( Vol 1 )


I received numerous questions on scam.cz. The most interesting is : "Is it a scam ?"

The answer is always the same.

Muqthar Ahmed


Subject : my number 9866900701 has been se;ected for 3.35crore BMW PROMO
Message : SIR WHAT SHOULD I DO TO CLAIM THIS OPPRUTNITY IF THIS IS NOT FAKE
Answer from Scam.cz : This is a fake.

Robert Siemen


Subject : uba atm center 4
Message : There is a Mark Gray who is working on setting up a atm card for me and wants my account numbers here so he can send my my atm card and join it with mine sounds not right so I am checking on this Please get back to me on this matter.THANK YOU Robert SIEMEN
Answer from Scam.cz : This is a scam.

Katja Aaltonen


Subject : got this kind of e-mail today. It was from "Mrs.......
Message : I got this kind of e-mail today. It was from "Mrs. Mary Bustamante". She asked to contact Barrister George Patropoulus (Esq), whose e-mail address is barristergeorgepetropoulos@gmail.com. This message came to me from e-mail address "www."@cube.ocn.ne.jp
Answer from Scam.cz : This is a scam.

Carol Domingos


Subject : WHEN CAN I GET THIS DELIVERED
Message : I WILL SEND THE MONEY. PLEASE CONTACT ME AT 2148087453
Answer from Scam.cz : This is a scam.

Muhamamd Irsyadi


Subject : i have fun in uba bank usd $8,500,000.00 it,s true?
Message : give me information asap.
Answer from Scam.cz : This is a scam.

Rita D Crumpton

Subject : do i rita crumpton have a cleared imf certificate signed by Christine Lagarde and being held for customs taxes?
Message : total tax is 95,000 and I owe 60000.I have paid 3000 for certificate clearance.Am I dealing with the cia?
Answer from Scam.cz : This is a scam.

FWD:TR:RE (Phishing attempt Société Générale)

SOCIETE GENERALE

Cher client,

Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.

Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.

https://www.societegenerale.fr/customercare/banque/confprocedure.asp

Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.

© Société Générale 2017

Phishing screenshot :


Email analysis :

NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]


Phishing analysis :

CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.

Wednesday, August 9, 2017

RE: REPLY. Thoreen (US ARMY)

I seek your assistance to safe keep two military trunk boxes of values
that is of great benefit to we both. Do not panic as i do not pose any
threat to you neither do i mean harm on you whatsoever. Be patient to
hear details as soon as i see your reply to this my direct Email: caseythoreen2017@yandex.com

Email analysis :

NOTE : Thoreen (US ARMY)
NOTE : casey@fancy.ocn.ne.jp
NOTE : ME@mf-smf-ucb010.ocn.ad.jp
NOTE : casey2017thoreen@yandex.com
NOTE : Received : from User (p4220005-ipngn24501marunouchi.tokyo.ocn.ne.jp [118.8.137.5])


NOTE : by vcfancy.ocn.ne.jp (Postfix)