Monday, August 31, 2015

Spam: Unusual Aсtіνitу : ***

Dear *** ,

Recently, there's been activity in your BankOfAmerica account that seems unusual compared to your normal account activities.

Please log in to your BankOfAmerica account to confirm your identity and update your information.

What's going on?

We're concerned that someone is using your BankOfAmerica account without your knowledge. Recent activity from your account seems to have occurred from a suspicious location or under circumstances that may be different than usual.

What to do:

Log in to your BankOfAmerica account as soon as possible.

We may ask you to confirm information you provided when you created your account to make sure you're the account holder.

Phishing analysis :

CLICK : Log in
OPEN : http://www.securityalertbofamofausa.com/page/boa/
SCREENSHOT :


Email analysis :

NOTE : admin@kyokuyo-ind.co.th
NOTE : Received : from mail.kyokuyo-ind.co.th ([202.57.154.98])
NOTE : Received : from BEABC ([122.128.109.50]) by mail.kyokuyo-ind.co.th

Que la paix de dieu soit avec vous !

Bonjour Monsieur/Madame

Je n'ai pas un autre moyen de communiquer avec vous que de vous faire parvenir ce mail. Je suis dans le désespoir et mon cœur saigne au moment ou je vous fais ce message qui j'espère retiendra votre attention. Je vous contacte aujourd'hui car bien vrai que l'on ne se connaisse pas cela n'empêche ce geste de ma part. Je me nomme Monsieur DYMOCK KEITH né le 22 JUIN 1947 à Brisbane en Australie, mais pour une raison particulière, j'ai du être un aventurier à la recherche de je ne sais quoi. La raison qui me pousse à vous, est la suivante: Je voudrais passer par votre canal pour faire une œuvre de charité dans votre département.
C'est une donation en quelque sorte et elle s'élève à la somme de 650.000 Euro. Ma situation matrimoniale est telle que je n'ai ni femme et encore moins d'enfants à qui je pourrais léguer cet héritage, et je souffre présentement d'une tumeur à la gorge je suis donc condamné à une mort certaine. C’est pour cela que, je voudrais de manière gracieuse et dans le souci d'aider les enfants démunis vous donner ce dit héritage pour réaliser cette œuvre de charité.

Si vous êtes d'accord, je voudrais avoir les informations suivantes:

•Votre nom complet
•Vos contacts
•Votre pays
•Votre ville

Je vous prie d'accorder une oreille attentive à ma proposition car je compte sur votre bonne volonté et aussi le bon usage de ces fonds pour cette œuvre.

N.B: La prochaine fois, écris moi dans ma boite personnelle: dymockkeith@gmail.com

Fraternellement

Mr DYMOCK KEITH

Email analysis :

NOTE : X-Origin : 41.216.50.54
NOTE : dymockkeith@gmail.com
NOTE : estacionpetrofesrl@speedy.com.ar
NOTE : Received : from localhost (28v.terra.com [208.84.242.166])
NOTE : (authenticated user estacionpetrofesrl!speedylm)
NOTE : by mail-smtp07-mia.tpn.terra.com
NOTE : (Postfix)

Lucas Ashford

PLEASE SEND YOUR REPLY TO { lucasashford001@hotmail.com }

Hi,

My name is Lucas Ashford, I am working With a Veterinary Company based here in Liverpool, UK. I got your contact during my comprehensive search for a reliable and trustworthy individual/company in your country. I decided to contact you for a business with our company. The company I work with is into manufacturingof Veterinary Medicines, animal food dietary and supplement.

The company procures most of their raw materials from India in past 3 years; there is a chemical which the company used to send me to India to buy. Right now I have being promoted to the post of marketing manager. The company cannot send me to India again; they will send a more junior staff,our Director has asked me for the contact details of the supplier in India. I need a person I will present to the company as the supplier in India, our company will pay some amount inadvance to supply the materials upon the verification of the sample of the chemical.

The profit would be share between you and I on 50-50 basis after the supply. I am looking for a reliable Indian business man that understands the India local language who will assist me in contacting the local dealer of these chemical in India.I don't want to contact them directly because they will take advantage on me; this business is 100% risk free and will be another income generating business outside your specialization. If you are interested to do the business with me, kindly contact me for more details with this ID: (lucasashford001@hotmail.com)

Regards,

Lucas Ashford

Email analysis :

NOTE : Ashford@weboffi433.onmicrosoft.com
NOTE : lucasashford001@hotmail.com
NOTE : Received : from SIXPR01MB048.apcprd01.prod.exchangelabs.com ([169.254.16.200])
NOTE : client-ip=104.47.126.245;

Greatings

GGCDP has programmed sixteen million five hundred thousand US dollars to legally pay to you I will explain more if you are interested. Reply direct to the stated email address: mrjustinomakweh@hotmail.com

Email analysis :

NOTE : mrjustinomakweh@outlook.com
NOTE : Received : from mail.anati.gob.pa (mail.anati.gob.pa [10.16.151.9])
NOTE : by mail.anati.gob.pa (Postfix)
NOTE : X-Originating-Ip : [197.220.169.14]
NOTE : X-Received : by 10.140.235.129 with SMTP

Private & Personal.

Private & Confidential Memo.

Top of the day to you as i write to introduce a lucrative & private business proposal to you even though we have not met or had any dealings before. I am Mr. Ryan Lambert, a staff of HM Revenue & Customs of the United Kingdom. During my recent inspections of some of our warehouses within The West Midlands Regions of The United Kingdom, i discovered a Metal Box Consignment that has been deposited since 4 (four) years ago by a SUDANESE BUSINESSMAN. I did carry out a check to find out while the said consignment has remained unclaimed for this long and i discovered that there was no valid corresponding address were we could reach him or a Next of Kin that can claim this Consignment. After much investigation and secret checking of the said Consignment, i discovered it content to be valid cash funds (bank notes)

Due to HM Revenue & Customs Ethics of duties governing all employees, i want to front you now as the Next of Kin to the Depositor of this Consignment through a duly sign and legalized Affidavit of Claim and Letter of Administration Documents that i will secure from a Notary Public here in The United Kingdom so that we can claim the said consignment and share the funds together. I am assuring you here that I will provide every useful information’s and documentations that will enable you claim this Consignment without any problem on our both sides and i also promise to provide you with further and better explanation and the full amount on the consignment box upon my receipt of a positive response from you. All that will be needed from you is just your Full Names, Residential Address (valid address), a valid copy of Identity (either International passport, national identity card or driver's license) that will be use in applying for the letter of Administration and affidavit of C
laim Documents/claiming processes

I await a prompt and positive response from you.

Best Regards,
Mr. Ryan Lambert.
Email: ryalambert@gmail.com

Email analysis :

NOTE : ryalambert@yahoo.com
NOTE : ryalambert@gmail.com
NOTE : Received : from pro1557.server4you.net (188.138.92.94)
NOTE : Received : from User (unknown [77.234.40.183]) by pro1557.server4you.net

Message from Demag OEM partner

Hi dear,

Tianjin Anson Crane Co., Ltd is a subsidiary of a General International Group, which has over 20 years’ export experience, one of the largest machines manufacturers in central China.

Anson offers an array of varying services and gantry crane, jib crane, monorail crane, balance crane, single girder crane and double girder crane. Maintenance servicing, planned repairs, inspections, upgrades, spare parts sales and installation are also part of after-sale services.

Advantage:

1. High standards, low price. (Our factory long-term international brands, demag & kone OEM to provide foundry services) we can provide the most cost-effective products.

2. From design to installation guide full service.

3. Workstation crane (key products) modular design can be applied to a variety of complex workshop situation (corners, obstacles, etc.), and can support automatic control to achieve automatic transmission production line. (Mainly for assembly shop, paint lines.)

If you are interested in our products, please reply to ask for more information.

Thank you
Alvin

Tel: +86 18503722332

Email analysis :

NOTE : huixinsoft66@foxmail.com
NOTE : service11@mx2.tradeesz.xyz
NOTE : info@balaskashotel.com

Ref:From:William McCarthy

My Good Friend,

Sorry for this unconventional approach.This opportunity to demand for your good relationship which will be based on mutual understanding and trust? I am wait your affirmative reply, if you are interested regards this Claim of my Late Client the email me for more details.I await your prompt reply.

Yours Sincerely,

Barrister William McCarthy

Email analysis :

NOTE : williamsmaccarthy10@gmail.com
NOTE : michel@belemimportados.com.br
NOTE : Received : from User (unknown [162.246.22.227])
NOTE : (Authenticated sender: michel@belemimportados.com.br)
NOTE : by smtp.belemimportados.com.br

©2015 World Internet Programs.

Attention: Prominent internet user,

How are you today? We hope this mail meets you in a perfect condition. This is a total cash prize of United States $500,000.00 given to the first hundred (10) people compensated in this world internet programs. All participants were selected randomly from World Wide Web site through computer draw system and extracted from over 820,000 companies worldwide. We are using this opportunity to thank you for using the internet daily. Due to your effort, using internet daily, we want to compensate you and show our gratitude to you with the sum of $500,000.00 only, We have arranged your payment through our swift card centers, which is the latest instruction from International Monetary Fund Reconciliation Office {IMF}. The card center will send you an ATM Visa card which you will use to withdraw your money in any ATM machine, Banks and Union Pay Credit outlets in the world; you are hereby selected as an honor for this payment approval, which you are to acknowledge the receipt of this mail to the Logistic Department by email listed below.

Your Id : 345HE45
Claim Number : 809366E

Contact Agent. Tom Alex with below e-mail;

Compensation Office and Logistics Vaults
Contact Agent: Tom Alex
E-mail: tomalex1@outlook.com
Tell: +234-7041-9543-05

Thanks and God bless you and your family. Hope to hear from you soon.

Yours Faithfully,
Mrs.Bessel Harris
International Online Lottery Co-ordinator.
©2015 World Internet Programs.

Email analysis :

NOTE : tomalex1@outlook.com
NOTE : sellit@fhtm.us
NOTE : Received : from User ([103.248.15.66])
NOTE : by mail.cwfood.co.kr
NOTE : (IceWarp Merak Mail Server 9.4 (2009-02-16) by SoftMail)
NOTE : 14.36.32.12 ()

Colis ref:U45254834 !!

Si le message ne s'affiche pas correctement, cliquez ici :Version en ligne .

Phishing analysis :

CLICK : Version en ligne .
OPEN : http://www.furuspesialisten.com/cls/index.html
REDIRECT : https://www.ecostore.co.il/contact/message.chronopost.livraison/
NOTE : The phishing was removed by ecostore

Email analysis :

NOTE : Votre.Colis@att.net
NOTE : Received : by trade.fibracom.fr (Postfix, from userid 33)
NOTE : Received : from trade.fibracom.fr ([93.95.59.201])
NOTE : www-data@trade.fibracom.fr
NOTE : X-Php-Originating-Script : 33:random.php
NOTE : X-Realfrom : tradecom

TELEGRAPHIC TRANSFER NOTICE

Attn: The Beneficiary

TELEGRAPHIC TRANSFER NOTICE.

We are hereby officially notify you concerning your fund telegraphic Transfer through our bank, Suntrust Bank, New York, to your bank account, which has been officially approved by the management of World Bank Swiss (WBS) to credit the sum of US$18.5 Million into your bank account.

Note that I have started processing your payment and every thing concerning the immediate remittance of your funds will be carried out within the shortest possible time from the time we received your? Below needed information.

Also be informed that the Governor of Bank in Cote D Ivoire (CI) will sign on your payment advice and a copy of the advice will be sent to the World Bank in Swiss for some record purposes. Meanwhile your information and your full contact details were received from our research manager, Barr.Paul Peterson on your behalf to FRB for immediate release of your fund.

This fund was part of usa lottery unclaim discovery fund with World Bank of Switzerland, which the Swiss Bank has decided to distribute it generously to help few lucky individuals and the American Government is in agreement with the Swiss Bank to distribute the fund to 700 hundred thousand people in America, Europe & Asia in other to help improve their businesses.

Therefore, reconfirm the aforesaid information accurately, because this office cannot afford to be held liable for any wrong transfer of funds or liable of any fund credited into an unknown account.

These are the information we needed to be reconfirmed by you.

1.Your Full Bank Account Details
2.Your Direct Cell or office phone to reach you
3.Your address of locations
4.Your full name

Finally, you are required to reconfirm directly to me the above information to enable me use it to process your bill of payment. Your quick response shall be mostly appreciated; all your response should be directed through our alternative email address for the immediate attention of the credit control department.

Yours Faithfully,
Dr.Fred Willison.
Vice Chairman, Director, Credit /Telex Department

Email analysis :

NOTE : xbankofamerican@gmail.com
NOTE : xxxbankofameric688@gmail.com
NOTE : marilobouabre20@yahoo.co.jp
NOTE : Received : from [41.189.47.193]


NOTE : by web101518.mail.kks.yahoo.co.jp
NOTE : X-Mailer : YahooMailWebService/0.8.111_67

Notice to Appear

Notice to Appear,

This is to inform you to appear in the Court on the September 02 for your case hearing. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.

Note: The case may be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Regards,
Gary Noble,
Court Secretary.

000475484.zip

File analysis :

OPEN : 000475484.zip
RESULT : File is a virus.

Virus analysis :

SHA256 : 0c8d2b8cba6611097793124c3dac9e9313207ba8857b41330ca021c89f52c82f
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AV
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan-Downloader.JS.Agent.hhe
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN

Email analysis :

NOTE : Notice to Appear
NOTE : gary.noble@wayneshostingworld.co.uk
NOTE : Received : from doggroom by server.wayneshostingworld.co.uk with local (Exim 4.85)
NOTE : Received : from server.wayneshostingworld.co.uk (wayneshostingworld.co.uk. [78.129.234.106])
NOTE : X-Php-Script : doggroomingparlour.co.uk/post.php for 77.111.207.70

Invoice Jeff Herman


invoice53444271 Jeff Herman.zip

File analysis :

OPEN : invoice53444271 Jeff Herman.zip
RESULT : File is a virus.

Virus analysis :

SHA256: 9c6ce032c5b4f521b0ace607a50a499812ecb9845741862a0f7f9183a87c7c49

ALYac : Trojan.Agent.BMBU
AVG : FakeAlert
AVware : Trojan.Win32.Generic!BT
Ad-Aware : Trojan.Agent.BMBU
Agnitum : Trojan.DL.Dofoil!MdY5QMP4IPM
Arcabit : Trojan.Agent.BMBU
Avast : Win32:Trojan-gen
Baidu-International : Trojan.Win32.Dofoil.bstr
BitDefender : Trojan.Agent.BMBU
CAT-QuickHeal : TrojanDownloader.Upatre.r4
Cyren : W32/Trojan3.RIE
ESET-NOD32 : a variant of Win32/Kryptik.DUYG
Emsisoft : Trojan.Agent.BMBU (B)
F-Prot : W32/Trojan3.RIE
F-Secure : Trojan.Agent.BMBU
Fortinet : W32/Kryptik.DUMX!tr
GData : Trojan.Agent.BMBU
Ikarus : Trojan-Downloader.Win32.Upatre
Jiangmin : TrojanDownloader.Dofoil.bhq
K7AntiVirus : Trojan ( 004cddfe1 )
K7GW : Trojan ( 004cddfe1 )
Kaspersky : Trojan-Downloader.Win32.Dofoil.bstr
Malwarebytes : Spyware.Dyre
McAfee : Upatre-FACE!67B2464F5D77
McAfee-GW-Edition : Upatre-FACE!67B2464F5D77
MicroWorld-eScan : Trojan.Agent.BMBU
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Dyre.dvrjgu
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-LD
TrendMicro : TROJ_UP.10D6D122
TrendMicro-HouseCall : TROJ_UP.10D6D122
VBA32 : Heur.Trojan.Hlux
VIPRE : Trojan.Win32.Generic!BT
ViRobot : Trojan.Win32.Upatre.43520.A[h]
Zillya : 'Downloader.UpatreGen.Win32.68
nProtect : Trojan.Agent.BMBU

Email analysis :

NOTE : bespalov@stati.orene.ru
NOTE : Received : by stati.orene.ru (Postfix, from userid 5001)
NOTE : 94.79.7.6 ()

Thursday, August 27, 2015

Indebtedness for driving on toll road #000948265 (Virus)

Notice to Appear,

You have not paid for driving on a toll road.
You are kindly asked to pay your debt as soon as possible.

The copy of the invoice is attached to this email.

Sincerely,
Thomas Gorman,
E-ZPass Agent.

E-ZPass_Invoice_000948265.zip

File analysis :

OPEN FILE : E-ZPass_Invoice_000948265.zip
RESULT : FILE IS A VIRUS

Virus analysis :

SHA256 : 5ec5b13bbf1d2a2179168acfaec53da59afa6b8ca480930e1b56d996b51dd140
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AS
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan.JS.Agent.cpl
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
MicroWorld-eScan : JS:Trojan.JS.Downloader.AN
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN

Email analysis :

NOTE : thomas.gorman@jerusalem.hostyou.com.br
NOTE : client-ip=104.238.195.142;
NOTE : Sender Address Domain - jerusalem.hostyou.com.br
NOTE : X-Source-Args : /usr/bin/php /home/centova/public_html/coisaseria.com.br/post.php
NOTE : < centova@jerusalem.hostyou.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : centova.com:/public_html/coisaseria.com.br
NOTE : X-Priority : 3
NOTE : X-Get-Message-Sender-Via : jerusalem.hostyou.com.br:
NOTE : authenticated_id: centova/primary_hostname/system user
NOTE : X-Source : /usr/bin/php
NOTE : Received : by 10.202.17.82 with SMTP
NOTE : Received : from centova by jerusalem.hostyou.com.br
NOTE : Indebtedness for driving on toll road #000948265

Hi Comrade!

Hi Comrade!

Good tidings to you, With urgent need for assistance, I have summoned up courage to contact you. I have no intention of contacting you at this moment rather an emergency prompted me to seek for urgent gateway and i will be glad if you can be of assistance in understanding my personal experience and work with you presently with my on-going military mission here in Afghanistan which is going to be fruitful and profitable to both of us financially. I am Capt.Elizabeth an officer in the US Army and the International security Assistance Force Officer (ISAF) with the Forward Operating Base Shank, Kandahar city of Afghanistan, for Peace keeping force. I am presently in Service now and i really need your help in assisting me with the safe keeping of two truks. I hope you can be trusted? I will explain further when i get a response from you.

This are the information s I need from you to keep the trust.

Your full name
Home and office address
Sex/age/occupation
Telephone
Your scanned I.D Card for identification Purpose only.

Once I receive this information I shall enclose to you on how to get the package asap.

May God be with you.

Capt.Elizabeth.

Email analysis :

NOTE : capt.elizabetmcnamara@usa.net
NOTE : capt.elizabetmcnamara@mail.tj
NOTE : Received : from User (unknown [95.170.141.11])


NOTE : by mail1.strb.ru (Postfix) with ESMTP
NOTE : Tomsk is far from Kandahar...

Pls provide the following details

Dear Sir / Madam,

I am interested in purchasing your products , which sample image is attached to below Login link. Please follow the link below Login link to view the sample image I am interested to order from your company, and we sincerely hope to establish a long-term business relation with your esteemed company. Click Here to login: http://www.ptss.edu.my/v6/administrator/templates/system/documents.html If so kindly, provide the following details, send me your latest catalog. Also, inform me about the Minimum Order Quantity, Delivery time or FOB, and payment terms warranty:

I await your advise.
Best Wishes,
Mrs. Linda Yong

Analysis :

CLICK : LINK
VALIDATE : FORM
RESULT :


Email analysis :

NOTE : bencook551127@yahoo.co.id
NOTE : Return-Path : spam@practicenet.co.uk
NOTE : X-Ms-Exchange-Crosstenant-Fromentityheader : HybridOnPrem
NOTE : X-Msmail-Priority : Normal
NOTE : Pls provide the following details

Urgent Inquiry Arrival From Alibaba . (Alibaba Phishing)

logo The following message was generated before 18 Aug 2015 09:32(PST) This message was sent to you only Registered Location and Message Origin: UAE Message IP: 180.2685.4093.*

Ahmad Yacoob has sent you a new message.

Ahmad Yacoob

General inquiry about your product for sale.

18 Aug 2015 09:32

Congratulations! You have received a new inquiry From Ahmad Yacoob .To see the content and reply to this inquiry, please click on the Check Inquiry button below. Regards. Reply Now Reject Inquiry Report Spam If you don't want to reply to this inquiry, you can Reject Inquiry and let the buyer know. Learn more

Alibaba.com shall not be liable for any lost profits or incidental, consequential or other damages arising out of or in connection with this message, our web site content, our services or the activities of any of the users of our web site. Thank you for your understanding and cooperation.

Phishing analysis :

CLICK : Reply Now
OPEN : http://ledkuutio.fi/alib/index.html
RESULT : Phishing was removed...

Email analysis :

NOTE : md15m@my.fsu.edu
NOTE : X-Ms-Exchange-Crosstenant-Fromentityheader : Hosted
NOTE : Return-Path : md15m@my.fsu.edu
NOTE : X-Originating-Ip : [74.208.68.233]


NOTE : Mime-Version : 1.0
NOTE : domain of md15m@my.fsu.edu designates 157.56.111.246 as permitted sender
NOTE : smtp.mailfrom=md15m@my.fsu.edu
NOTE : X-Originatororg : my.fsu.edu
NOTE : Received-Spf : client-ip=157.56.111.246;
NOTE : Received : from u18097758.onlinehome-server.com (74.208.68.233)


NOTE : Urgent Inquiry Arrival From Alibaba .

Security Notice Updates (LinkedIn Phishing)

LinkedIn

Security Notice Updates

On the 23rd of August 2015, An Attempt into your account has been detected from an unknown location, For your security, access to your LinkedIn Account has been temporarily suspended. To regain access,you must complete REGISTRATION BY DOWNLOAD & FILL ATTACHED FORM PLEASE NOTE: This is a compulsory measure. Failure to update your information will lead to service termination Linkedin security team.

VIEW ATTACHED TO UPDATE

You received an invitation to connect. LinkedIn will use your email address to make suggestions to our members in features like People You May Know. Unsubscribe
Learn why we included this. If you need assistance or have questions, please contact LinkedIn Customer Service.

© 2015, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA

Phishing analysis :

OPEN : LinkedIn Verification.html
EXTRACT FORM : action="http://test88212.test-account.com/BEXXXXLINK.php"

Whois test-account.com :

Domain Name: test-account.com
Registry Domain ID: 86840496_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrygate.com
Registrar URL: www.registrygate.com
Updated Date: 2014-12-29T01:33:34Z
Creation Date: 2002-05-22T01:33:22Z
Registrar Registration Expiration Date: 2016-05-22T20:04:29Z
Registrar: RegistryGate GmbH
Registrar IANA ID: 1328
Registrar Abuse Contact Email: abuse@registrygate.com
Registrar Abuse Contact Phone: +49.89.55061272
Domain Status: ok

Registrant Name: Werner Kaltofen
Registrant Organization: Neue Medien Muennich GmbH
Registrant Street: Hauptstr. 68
Registrant City: Friedersdorf
Registrant State/Province:
Registrant Postal Code: 02742
Registrant Country: DE
Registrant Phone: +49.3587235310
Registrant Fax: +49.3587235330
Registrant Email: hostmaster@all-inkl.com

Admin Name: Werner Kaltofen
Admin Organization: Neue Medien Muennich GmbH
Admin Street: Hauptstr. 68
Admin City: Friedersdorf
Admin State/Province:
Admin Postal Code: 02742
Admin Country: DE
Admin Phone: +49.3587235310
Admin Fax: +49.3587235330
Admin Email: hostmaster@all-inkl.com

Tech Name: Werner Kaltofen
Tech Organization: Neue Medien Muennich GmbH
Tech Street: Hauptstr. 68
Tech City: Friedersdorf
Tech State/Province:
Tech Postal Code: 02742
Tech Country: DE
Tech Phone: +49.3587235310
Tech Fax: +49.3587235330
Tech Email: hostmaster@all-inkl.com
Name Server: ns5.kasserver.com
Name Server: ns6.kasserver.com
DNSSEC: unsigned

Registry Billing ID:
Billing Name: Werner Kaltofen
Billing Organization: Neue Medien Muennich GmbH
Billing Street: Hauptstr. 68
Billing City: Friedersdorf
Billing State/Province:
Billing Postal Code: 02742
Billing Country: DE
Billing Phone: +49.3587235310
Billing Fax: +49.3587235330
Billing Email: hostmaster@all-inkl.com

Email analysis :

NOTE : Return-Path : < werner.laube@t-online.de >
NOTE : X-Remote : 194.25.134.17 (mailout02.t-online.de)
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="===============1507808188=="
NOTE : Received : from mailout02.t-online.de (194.25.134.17)
NOTE : Received : from fwd40.aul.t-online.de (fwd40.aul.t-online.de [172.20.26.139])
NOTE : by mailout02.t-online.de
NOTE : Received : from h2358992.stratoserver.net (@[85.214.197.244])
NOTE : by fwd40.t-online.de with (TLSv1:DHE-RSA-AES256-SHA encrypted)
NOTE : Security Notice Updates

I seek your permission.

My Dear Friend,

Greetings to you. I got your email address from a mail Directory and decided to mail you for a permission to go ahead. I am Mrs.Joan Gates United Kingdom, married to Dr. James R. Gates who worked with Texaco Oil Company in Thailand before he died in a ghastly motor accident on his way to a Board meeting. My Husband and me were married but without any children. Since his death I decided not to re-marry and presently I am 69 Years old. When my late husband was Alive he deposited the sum of $16.5M. (Sixteen Million Five Hundred Thousand U.S. Dollars) with a Bank.

Presently this money is still with the Bank and the management just Wrote me as the beneficiary to come forward to receive the money or rather Issue a letter of authority to somebody to receive it on my behalf. I am presently in a hospital where I have been undergoing treatment Cancer of the lungs. I have since lost my ability to talk and my doctors have told me that I have only a few months to live so I think the best thing to do is to use the money for charity purposes. I want a person who is trustworthy that I will make the beneficiary of my late Husband's Fund deposited with the bank so that the person can get the money and utilize 70% of this money to fund churches, orphanages and widows around the world.

At the moment I cannot take any telephone calls right now due to the fact that my relatives (They had squandered the funds I gave them for this purpose before are around me I have been helping orphans orphanage/motherless homes. I have also donated some money for humanitarian needs in Sudan , South Africa , Brazil , Spain , Austria, Germany and some Asian countries.

I have been touched to the good work of humanity through you, rather than allow my relatives to use my husband's hard earned funds inappropriately. I know i have never met you but my mind tells me to do this, and I hope you act sincerely.

As soon as I receive your reply I shall give you the contact details of the Bank. I will also issue you a letter of authority that will prove you as the new beneficiary of this fund.Please assure me that you will act accordingly as I stated here in and Keep this contact confidential till such a time this funds get to your Custody. This is to ensure that nothing jeopardizes my last wish on Earth.

May the good lord bless you -Amen,I await your urgent reply.

Regards,
Mrs.Joan Gates.

Email analysis :

NOTE : joangates.mrs28@yahoo.de
NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < beautifulseptember2014@gmail.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : Received : from 2014la.org (HELO mail.2014la.org) (213.5.120.35)


NOTE : Received : from User (unknown [41.138.175.57]) by mail.2014la.org (Postfix)


NOTE : I seek your permission.

Facturation mensuelle inadaptée (Phishing Free)


Phishing analysis :

CLICK : Se connecter
OPEN : http://www.strifus.com/test@free.fr
OPEN : http://www.htyzuaieuy.com/test@free.fr

Domain analysis :

Domain Name: STRIFUS.COM
Registry Domain ID: 1521855746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.liquidnetlimited.co.uk
Registrar URL: http://liquidnetlimited.co.uk
Updated Date: 2014-12-30T17:47:35Z
Creation Date: 2008-09-29T09:36:45Z
Registrar Registration Expiration Date: 2015-09-29T09:36:45Z
Registrar: LIQUIDNET Ltd.
Registrar IANA ID: 1472
Registrar Abuse Contact Email: abuse@liquidnetlimited.co.uk
Registrar Abuse Contact Phone: +44.2036951294
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Andrey Alexeenko
Registrant Street: Dzerzhinskaya st, 18-210
Registrant City: Solnechnogorsk
Registrant State/Province: Moscow region
Registrant Postal Code: 141500
Registrant Country: RU
Registrant Phone: +7.9037919106
Registrant Email: neffarian@mail.ru
Admin Name: Andrey Alexeenko
Admin Street: Dzerzhinskaya st, 18-210
Admin City: Solnechnogorsk
Admin State/Province: Moscow region
Admin Postal Code: 141500
Admin Country: RU
Admin Phone: +7.9037919106
Admin Email: neffarian@mail.ru
Tech Name: Andrey Alexeenko
Tech Street: Dzerzhinskaya st, 18-210
Tech City: Solnechnogorsk
Tech State/Province: Moscow region
Tech Postal Code: 141500
Tech Country: RU
Tech Phone: +7.9037919106
Tech Email: neffarian@mail.ru
Name Server: ns1.exclusivehosting.net
Name Server: ns2.exclusivehosting.net
Name Server: ns3.exclusivehosting.net
Name Server: ns4.exclusivehosting.net
DNSSEC: not signed

Domain Name: htyzuaieuy.com
Registry Domain ID: 1951135600_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2015-08-04T21:37:14Z
Creation Date: 2015-08-04T21:37:14Z
Registrar Registration Expiration Date: 2016-08-04T21:37:14Z
Registrar: Register.com, Inc.
Registrar IANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Registrant Name: PERFECT PRIVACY, LLC
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Email: 6865a66d0a28fd0a4fc61255b706a5ea@domaindiscreet.com

Email analysis :

NOTE : oak@huffpostmaghreb.com
NOTE : alf@huffpostmaghreb.com
NOTE : Content-Type : text/html; charset=UTF-8
NOTE : X-Priority : 2
NOTE : Return-Path :
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Received : from huffpostmaghreb.com ([149.202.162.145])
NOTE : Received : by huffpostmaghreb.com (Postfix, from userid 33)
NOTE : Facturation mensuelle inadaptée

Wednesday, August 26, 2015

Regarding your ATM master card

Deputy governor
Central Bank of Africa
Marina- Benin.

Dear Sir/Madam,

This is a reminder message regarding your ATM master card for your compensation fund sum of US$4(ONE MILLION Two hundred and fifty thousand US dollars only) approved by the Ministry of Finance. The Foreign Payment Department of CBA has been mandated by the Federal Ministry of Finance and the Benin National Petroleum Corporation to handle the payment of your compensation fund of the above amount by ATM card. Your email contact is amongst the listed beneficiaries in the data for the sum of US$1.250,000.00. And I have been assigned by the management of CBA to carry out delivery of the ATM card package to you. This compensation is in compliance with IMF and World bank directives to pacify victims of internet scam.On this note,I am pleased to inform you that ATM card Number 4539 7978 0214 3027 for the sum of US$1.250,000.00 has been credited in.your favor and ready for immediate delivery to you.

You are hereby required to confirm your telephone number and present address were you want the ATM card delivered to you. Upon receipt of the above requirements from you I shall have your ATM card package dispatched to you by courier service who will deliver to your designated home address. With the ATM card, you can make withdrawals from any part of the world at ATM center near to you. The pin and all necessary user guides will be attached on delivery (intact in the ATM card package doc.) which will be delivered to you by the courier service, for you easy use.

So the Information you are required to reconfirm to the ATM OFFICE is as Follow.

(1)Your Full Name
(2)Mobile Phone Number
(3)Current Home Address
(4)Fax Number
(5)Country
(6)City
()7your address
(8)A Copy of Your ID For Identification.

Further instruction/directive will be sent to you on receipt of your acknowledgment to this message.

Best Regards

Dr. Kingsley Moghalu

Office of the deput Governor
CBA, Benin
Your Atm Master Card

Email analysis :

NOTE : kingsley@cronos.ocn.ne.jp
NOTE : Received : from mzcstore181.ocn.ad.jp
NOTE : (mv-osn-hkg002 [122.28.30.180])
NOTE : by mv-osn-hkg002.ocn.ad.jp
NOTE : X-Originating-Ip : [41.86.234.165]

PostFinance AG Online-Banking- Account Aktualisierung‏‏

Sehr geehrter Kunde,

kürzlich zeigten unsere Aufzeichnungen, dass Ihr PostFinance AG -Konto durch einen Dritten unbefugten Zutritt hatte. Die Sicherheit Ihres Kontos ist unser wichtigstes Anliegen. Deshalb haben wir beschlossen,den Zugang zu Ihrem Konto vorübergehend zu begrenzen. Für den vollen Zugang zu Ihrem Konto, müssen Ihre Daten wiederhergestellt werden, daher bestätigen Sie Ihr Konto über diesen Link: Sobald Ihre Angaben überprüft und bestätigt ist, erhalten Sie eine Anruf aus von uns. Und somit wird auf Ihr Konto wieder komplettes Zugreifen wiederhergestellt.

Wir danken Ihnen für Ihre Kooperation.

Advice

Accessibility
Legal disclaimer
Prices/Conditions/GTC
Publishing details
Security
Swiss Post

Copyright (c) PostFinance Ltd

Email analysis :

NOTE : antonioluis@uema.br
NOTE : X-Originating-Ip : [197.211.52.5]


NOTE : Mime-Version : 1.0