Atm Visa Card ($20Million).

Please contact Mr. George Bush Email: speedtrust21@outlook.com Phone
Number: +229-9836-4438 with your full address.

Email analysis :

NOTE : Atm Visa Card ($20Million).
NOTE : speedtrust21@outlook.com
NOTE : ginmacc@tin.it
NOTE : Received : from (197.234.219.18)

NOTE : by wmlighttin.pc.tim.it;
NOTE : Content-Type : text/plain;charset="UTF-8"

PLEASE PERMIT ME

Mr. Jimmy Chien
Vice President/Branch Manager
Industrial and Commercial Bank of China (USA) NA
South San Francisco Branch
235 Grand Avenue, Suite No. 101
South San Francisco, CA 94080, USA

Greetings,

I am Mr. Jimmy Chien, Vice President /Branch Manager ICBC South San Francisco Branch here in California. I am contacting you base on my facts finding about your reputationand someone I can trust for this purpose. The content of my email is a bit detailed that is why I first seek your permission, to let you know before emailing my proposal so won't trash it when I do. Please grant me your permission to email you my proposal of which I know will be acceptable to you if you are willing to be honest with me.

Waiting for your response.

Mr. Jimmy Chien,
Vice President/Branch Manager
Industrial and Commercial Bank of China (USA) NA
South San Francisco Branch.

Email analysis :

NOTE : cjimmy160@gmail.com
NOTE : 2055@charter.net
NOTE : Received : from User (localhost.localdomain [127.0.0.1])
NOTE : by gain-nc.amdswireless.com
NOTE : 24.216.88.183 ()

Automated Tax Refund Notification (HMRC Phishing)

If you can't see this message, view it in your browser.

HM Revenue & Customs

After the last calculations of your fiscal activity , we determined that you are aligible to receive a tax refund of 380.01 £.

To access your tax refund, please follow this link

NOTE: A refund can be delayed a variety of reasons , for exemple submitting invalid records or applying after deadline. Revenue and Tax Administrator

HM Revenue & Customs Tax Credit Office
PO Box 1970
L75 1WX.

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

Email screenshot :

Email analysis :

NOTE : bruce.stewart.agent@gov.uk
NOTE : X-Barracuda-Url : http://10.10.100.232:8000/cgi-mod/mark.cgi
NOTE : X-Barracuda-Connect : 173-12-155-133-northgulf.hfc.comcastbusiness.net
NOTE : [173.12.155.133]
NOTE : mailhost.towne.com
NOTE : X-Barracuda-Auth-User : besadmin
NOTE : X-Barracuda-Apparent-Source-Ip : 173.12.155.133

NOTE : client-ip=12.200.104.232;

Phishing anaylsis :

CLICK : this link
OPEN : http://educacaoadistancia.blog.br/wp-includes/hmrc/
REDIRECT : http://educacaoadistancia.blog.br/wp-includes/hmrc/startapplication/?*
SCREENSHOT :

CLICK : Let Start
REDIRECT : http://educacaoadistancia.blog.br/wp-includes/hmrc/startapplication/indentify.php?ip=*
SCREENSHOT :

FILL : FORM
CLICK : Next
SCREENSHOT :

NOTE : LOADING A FAKE REFUND...
CLICK : Start Refund
SCREENSHOT :

SELECT : A bank...
CLICK : Next
SCREENSHOT :

FILL : FORM
CLICK : Continue
SCREENSHOT :

CLICK : Confirm Tax Refund
SCREENSHOT :

REDIRECT : https://www.gov.uk/government/organisations/hm-revenue-customs

I thought you might be interested in this link

Hello!

Hello,

We offer Loan to serious individual or an Organization with low interest rate of 3% PA and maximum with no credit check, Loan period of 10yrs with Option of Rollover up to 2yrs. Loan Amount ranges from $1,000 Minimum up to a maximum of $20 Million with World Class standard facilities to make sure the funds gets to you at ease. all our loans & procedures are approved and qualified by our fully experienced compliance team. Equity Zen financial service has become one of the largest independent loan companies. We have an excellent reputation for the provision of first class financial loan products with exceptional customer service. any interested applicant should contact us to this Email: equityzenfinancialservice@gmail.com

Application Form To Fill Below..

Name:.............
Surname:...................
Gender:.......................
Country:...................
Date of Birth:.........................
Occupation:......................
Purpose for the loan:...................
Phone Number:...................
Loan amount needed:...........................
Duration:.................
Monthly income / annual income:....................

Thank You.

David Rosen

Click here to read the article.

If you have trouble viewing the link, copy and paste the following link into your browser:

http://www.***.com/_layouts/protiviti/emailtofriend.aspx

For more information on Protiviti, visit www.***.com.

Email leak :

calebshmidt13@gmail.com, neilrochford@mail.com, joncolbert62@yahoo.com, fracisb99@gmail.com, red3ds@hotmail.co.uk, abankwater@gmail.com, Ivorstiffun40@gmail.com, peter.larinzsky@mail.com, sanfran_4one9ersfan@yahoo.com, gregory138@outlook.com, elliotcaddy@yahoo.com, barb@excelquest.com, james.sullivan.sykes@gmail.com, craig.dole75@gmail.com, Williamjames@gmx.co.uk, john.smith431221@gmail.com, kevin.pesci.business@gmail.com, scottstorch1@gmail.com, christunstall113@yahoo.com, rngmusick@gmail.com, azzkikkr9000@gmail.com, adz2000sg@gmail.com, jonathanwalker121@gmail.com, martinmcpherson1980@gmail.com, johanna@dollsdancers.fi, jbankwater@gmail.com, andreym56@rothga.com, barrykrunt@gmail.com, cathymullernyc@gmail.com, obrawkins.nathan@gmail.com, christian.lemon@gmx.com, smatz97@gmail.com, Bradymartha55@gmail.com, laja602@outlook.com, booptittybopbop2@gmail.com, ted.sergeant@outlook.com, danielandersonprivate@gmail.com, justcallmeminty@gmail.com, chansenchristine@openmailbox.org, jessie_1186@outlook.com, everyrosehasitsthorn56@gmail.com, kohlmansean@gmail.com, oliverjohnson1979@gmail.com, gabrieler.wall@mail.com, fiets@lunitje.nl, calvinghaggerty@gmail.com, jpistmobank@gmail.com, noradam1@gmx.com, oli.dugmore@gmail.com, clalande1754@gmail.com, trip.jensen@gmail.com, hotsoolahx@yahoo.com, lewis.wake@hotmail.com, Capricehaywood@yahoo.con, thehumanfundfoundation@gmail.com, phyllisf2@comcast.net, benhess777@gmail.com, tellytubbins@gmail.com, michaelkoxlong@hotmail.com, info@waterfrontbarton.co.uk, hydrolichotdog@gmail.com, WilkesHenry@mail.com, josh.lyman432@gmail.com, info@regalcredit.org.uk, stan.bowers@techmarketproviders.com, danyelthefallen@yahoo.com, wilfred.martinson@yahoo.com, chuckaspeer2@gmail.com, melissastuder91@outlook.com, Dumaseura@gmail.com, alexhendrik00@hotmail.com, bgrompton@gmail.com, carlosmalaga2014@gmail.com, Ledbetter.antonio@yahoo.com, aaronthreepwood@gmail.com, david.mirren@gmail.com, sebastianhsh@live.com, rwdawson75@gmail.com, dionspencer230@gmail.com, iainjones2015@gmail.com, Ravensblackrevenge@gmail.com, ferdinand.gash@gmail.com, galtaureus3@gmail.com, bob.grimley1968@gmx.com, marek.folkos@seznam.cz, jonthorton1@gmail.com, rainman9292@gmail.com, vladeemervladimirovich@outlook.com, oliver.queen@dutchmail.com, dos.perros@gmail.com, timmywest88@gmail.com, drjack.johnson@yahoo.com, ericforman67@gmail.com, Amiller12@mail.com, bf.kurtons@gmail.com, jlinker29@outlook.com, lize.daily@gmail.com, mzeegen@outlook.com, gussyginny@gmail.com

Email analysis :

NOTE : equityzenfinancialservice@gmail.com
NOTE : client-ip=157.56.111.247;

DEAR BENEFICIARY

I,m Jeh Charles. Johnson. The secretary of the U.S Department of Homeland security Washington DC. Office Address: 3801 Nebraska Ave NW, Washington, DC 20016, United States. We received a report from ECOWAS that you have an abandoned fund worth $4.5 Million in West Africa. I have instructed ECOWAS and the concerned authorities to bring the consignment box to our Head office in Washington DC. the fund will arrive my office today. I want you to kindly Reconfirm Your Full Name, Current Home Address, Nearest Airport and your Direct Cell Phone # So that arrangement can be made for the delivery of the consignment to your home address. I can be reached at (213)295-1439

I wait to hear from you.

Honorable Jeh C. Johnson
The secretary of
the U.S Department of
Homeland security
Washington DC
Office Address:
3801 Nebraska Ave NW,
Washington, DC 20016,
United States.

Email analysis :

NOTE : www.@grace.ocn.ne.jp
NOTE : jehcharles007@gmail.com
NOTE : X-Originating-Ip : [43.231.232.17]

NOTE : Received : from mf-smf-ucb003.ocn.ad.jp
NOTE : Received : from mzcstore422.ocn.ad.jp
NOTE : client-ip=153.149.230.9;

NOTE : Content-Transfer-Encoding : 7bit

United Nations ATM Card Settlement This Season.

Attention: Beneficiary,

We have been having series of meetings for the passed 1 month now which ended 2 days ago with the Nigeria Government, and the former Secretary-General (Hon. Kofi Annan) to the UNITED NATIONS. Federal Reserve Bank of New York, HSBC Bank of United Kingdom (UK) with the World Bank Officials. This email is for all the people that have not been paid, for their contract/inheritance in any part of the world, the United Nations, Federal Reserve Bank of New York HSBC Bank of United Kingdom (UK) Reserve Bank of Nigeria, with the World Bank officials have agreed to compensate them with the sum of Four Million, Nine Hundred Thousand US Dollars each victim. This includes every foreign contractor that may have not received his or her contract sum and people that have had an unfinished transaction, people who have inheritance to claim or international businesses that failed due to instability of government in some part of World. We found your email address in our list and that is why we are contacting you, these have been agreed upon and have been duly signed.Therefore, we are happy to inform you that your ATM Card Number: 4120 5350 0015 has been approved and upgraded, via ZENITH BANK INT'L in your favor.Meanwhile, your Secret Pin Number will be available as soon as you confirm to us the receipt of your ATM CARD. The ATM Card Value is $6,300,000.00 USD Only. You are advised that a maximum withdrawal value of US$20,000.00 is permitted daily.And its is duly inter-switched and you can make withdrawal in any location of the ATM Center of your choice/nearest to you any where in the world. We have also concluded delivery arrangement with our accredited courier service Company DHL or Fedex to deliver your package to your door step. Be informed that your response would be by telephone or through email Only.Any further delay will be the pleasure of the UNRC to use your fund to help the people who have been displaced in Darfur, Sudan Africa which you can see it in this site http://www.savedarfur.org/ and the Tsunami's victims in Asia. So you are hereby advice to forward to this office Director ATM SWIFT CARD Department Therefore, you should send him your full Name and telephone number/your correct mailing address where you want him to send the ATM to you. Contact Person Apostle Robert Gate immediately for yourATM SWIFT CARD:

Person to Contact Apostle Rolland Eze E-mail: { fundscompenssation@qq.com } We are working according to the constitution binding this committee as well as helping the less privilege through this means. You will be required to contact the above mentioned institution via telephone or email. Hoping to hear from you as soon as you receive your ATM card.

1.YOUR FULL NAME ................
2.PHONE AND FAX NUMBER...............
3.ADDRESS WERE YOU WANT US TO SEND THE ATM CARD...............
4.A Copy Of Your Identity Attached To e-mail

Best Regards,

Mr. Ban-Ki Moon

Email analysis :

NOTE : United Nations ATM Card Settlement This Season.
NOTE : appostles-rolland@mail.com
NOTE : fundscompenssation@qq.com
NOTE : 5.200.37.74 ()
NOTE : Received : from unknown (HELO ps-1c.ru) (5.200.37.74)

no reply (Phishing Crédit Agricole)

Cher(e) abonné(e),

Cet email a été envoyé par l'équipe Crédit Agricole pour vous informer que nous n'avons pas pu traiter votre paiement de facture.

Ceci pourrait être du a l'une ou l'autre des raisons suivantes:

1.Un changement récent de vos informations personnelles. (par exemple : adresse de facturation, téléphone..)

2. Soumission d'informations incorrecte pendant le processus de paiement de facture.

Pour s'assurer que votre service ne soit pas interrompu, nous avons invitons à confirmer et à mettre à jour toutes vos informations de facturation en cliquant ici:

ACCÈS

Votre Service Clients reste à votre écoute 24h/24h, 7J/7.

Cordialement,

Email analysis :

NOTE : no-reply@rdp.fr
NOTE : webmaster@web.pharmalink.cz
NOTE : X-Php-Originating-Script : 33:admin.php
NOTE : Received : by ispc03.suptech.cz (Postfix, from userid 33)

Phishing analysis :

CLICK : ACCÈS
OPEN : http://www.lacurvadeibaci.it/a/Agricole
RESULT : Phishing is unresponsive

Lt Selina Nitra

Hi dear,

you are very nice

I wish i could get to know you for it is my pleasure to have you as my friend for a friend is all about Respect,,,Admiration,contentious and affectionante also friendship is consist of sharing of ideas and showing true affection without cheats,,,lies and betray so can you welcome me, lets get to the ocean of love ?????????????

I am Lt Selina Nitra by name

Email analysis :

NOTE : Hi
NOTE : ltseliinarespect@hotmail.com
NOTE : client-ip=212.82.97.77;

NOTE : Mime-Version : 1.0
NOTE : Received : from jws11193.mail.ir2.yahoo.com
NOTE : by sendmailws168.mail.ir2.yahoo.com

Découvrez le pack PASS. (Phishing Société Générale)

Cliquez-ici pour activer ce service

Si vous ne voulez plus recevoir ce message automatique, connectez-vous à votre espace employeur et modifiez l'option de rappel de déclaration dans la rubrique

Email screenshot :

Email analysis :

NOTE : "SOCIETER GENERALE"@urbanpoint.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < infox@urbanpoint.com >
NOTE : Received : from urbanpoint.com ([84.39.46.102])
NOTE : Received : by urbanpoint.com
NOTE : X-Php-Originating-Script : 0:xroot.php
NOTE : Message-Id : < *.*@urbanpoint.com >
NOTE : Découvrez le pack PASS.

Phishing analysis :

CLICK : Cliquez-ici pour activer ce service
OPEN : http://www.sanjarfurniture.in/.Signet
RESULT : Phishing was unresponsive. Phishing attempt.

Attention Beneficiary (Moneygram Scam)

MONEY GRAM MONEY TRANSFER OFFICE
ADDRESS: 2225 Osborne Rd, St Marys, GA 31558,, United States.
Hours: OFFICE TEL: (409)3312943) for Call and Text SMS..

Attention Beneficiary !!!!!

The International Monetary Fund Annual Compensation from USA . The International Monetary Fund (IMF) is compensating some 2015 scam victims and your email address was found in the scam victims list. This MoneyGram®office has been mandated by the IMF to transfer your compensation to you via MoneyGram® Money Transfer in USA. However, we have concluded to effect your own payment through MoneyGram® Money Transfer, $2,999USD pay Day until the total sum of $1.5Million is completely transferred to you the receiver. We can't be able to wait or to send the payment with your email address alone instead, we hereby need your information to where we will be sending the funds. You Can Text us and fill below Information Or contact us via email.

(Receivers name)............
(Country)...................... .
( Address)...................... ..........
(Direct Mobile Phone Number).....................
(Your Age........................... .......
(ID copy)............. ..................

Note that your payment files will be returned to the IMF within 2hours if we did not hear from you because this was the instruction given to us by the IMF office here in Georgia, USA. We will start the transfer as soon as we receive your information. You are hereby warned not to communicate or duplicate this message for any reason what so ever because the US FBI is already on trace of the criminals from Africa.

THANKS,

Mr.david johnson.
Money Gram Money Transfer Office.
Address: 2225 Osborne Rd, St Marys, GA 31558,, United States.
Hours: Open today · 8:00 am – 8:00 pm
OFFICE TEL: (409)3312943) for Call and Text SMS.

Email analysis :

NOTE : www.@eos.ocn.ne.jp
NOTE : ubamoneygram48@yahoo.com
NOTE : X-Originating-Ip : [45.55.36.65]

NOTE : X-Remote : 153.149.236.39 (mbkd0338.ocn.ad.jp)

Disposition a propos des preIevements (Phishing Free)

Bonjour,

Probléme de prélvement automatique
Facture n°85450554874

Le virement mensuelle a éte rejetée par votre établissement bancaire.
Afin de régulariser, vous devez impérativment cliquer sur le lien ci-dessous:

Se connecter

En l'absence de confirmation de votre part dans un délai de 48 heurs,nous procéderons à
suspendre définitivment votre abonnement.

Merci de votre confiance

Laurent Biojoux Directeur de la Relation Clients

_______________________________________________________________
Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Email screenshot :

Email analysis :

NOTE : sup@free-mob.local
NOTE : Received : from les-gerbilles.com ([46.101.235.47])
NOTE : X-Php-Originating-Script : 0:send.php

Phishing analysis :

CLICK : Se connecter
OPEN : http://pedrofarsian.com/68cdb3cdf1bc804c6488262f57120888/redere
NOTE : REDIRECT

Réf. Mail : n° 11-543167929 (Phishing Free)

Free Mobile

Cher(ère) Freenaute,

Conformément à la facture n° 601805021, établie le 31-05-2016,
nous n'avons pas pu effectuer un prélèvement automatique d'un montant de 2.00 euros
pour le motif suivant :

"Absence de provision ou provision insuffisante."

Afin de régulariser votre situation au plus vite auprès de nos services,
nous vous remercions de bien vouloir nous faire parvenir votre règlement :

- Par carte ,directement en ligne à l'adresse suivante :

Mon espace client

Sans action de votre part, votre ligne sera limitée en émission d'appels.

Nous vous remercions de votre confiance.

Service Free Mobile

Email screenshot :

Email analysis :

NOTE : Received : from mout.kundenserver.de ([212.227.17.10])
NOTE : Mime-Version : 1.0
NOTE : identification-mobile@ovh.com

Phishing analysis :

CLICK : Mon espace client
OPEN : http://www.iab.una.py/images/imagenes/r5/r7.html
REDIRECT : https://gator4258.hostgator.com/~webmasters/compte.mobile.free.fr/cmd/*/moncompte/index.php?clientid=*&default=*
SCREENSHOT :

CLICK : Se connecter
REDIRECT : https://gator4258.hostgator.com/~webmasters/compte.mobile.free.fr/cmd/*/moncompte/index.php?get=error#
SCREENSHOT :

Your unclaimed Bank Draft is ready for delivery. Please read

DHL COURIER SERVICE,
Unit 98, VAUXHALL BRIDGE ROAD, ML4 3NP,
London. UNITED KINGDOM.

Dear Customer!!!

This is to notify you, that your Unclaimed Bank Draft for the sum of ($3.500.000.00 Million Dollars) has finally been signed and approved for express delivery.

Please get back to us for more details on this delivery.

Sir, Chris Walker.
Information Officer.
DHL Courier Management Team,
All rights reserved. 2016.

Email analysis :

NOTE : dhlheadoffice@lycos.com
NOTE : SERVICE.@grace.ocn.ne.jp
NOTE : X-Originating-Ip : [23.247.147.2]
NOTE : Received : from mzcstore422.ocn.ad.jp
NOTE : (mz-fcb422p.ocn.ad.jp [153.149.245.37])

Information from Samsung Group

Congratulations....your profile was among the lucky winners who won the sum of $800,000.00 and Samsung Galaxy s7 from our company Samsung ...

Email analysis :

NOTE : samsung@deliveryman.com
NOTE : osesespelltemple@gmail.com
NOTE : out..drofemospelltemple@gmail.com
NOTE : franknelson079@gmail.com
NOTE : randywilsonCEO@gmail.com
NOTE : azuumaspelltemple@gmail.com
NOTE : Azuumaspelltemple@mail.com
NOTE : osesespelltemple@gmaill.com
NOTE : doeaf01@yahoo.com
NOTE : neways103@hushmail.com
NOTE : Received : by svr1.schoolspace.co
NOTE : X-Mailer : belgium-observatory.aldoproject.eu
NOTE : Received : from svr1.schoolspace.co ([78.137.168.120])

PCH Notification.

Your Email address Won: $1,000,000.00USD on the Publishers Clearance House Awards {PCHA}. Contact Mrs. Elizabeth Hanks on Email: elizabethhanks45@gmail.com for claim.

Email analysis :

NOTE : LPennock@madisoncollege.edu
NOTE : elizabethhanks45@gmail.com
NOTE : 160.152.9.125

NOTE : Thread-Topic : PCH Notification.

CONTACT WESTERN UNION

Good day, We have concluded to Send your payment through western union $7,000.00 daily until the ($3.2MILLION ) is completely transfered. Meanwhile,MR Gabriel Duke has Send you $5,000.00 in your name today. So contact our western union payment Agent to SEND you the mtcn to pick up this $5000 now: CONTACT PERSON: Mr.Peter Charles Cell Phone+229 98934767 Email Address: ( western.union886@yahoo.dk ) Please remenber to Call and ask him to give you the mtcn, sender name, question and answer to pick you to $7,000.00. Also you should send to him your informations. : Your receiver name: ::::::::::: Your full name: ::::::::::::: Your address: Your country!: .:::::::::::::::: Your direct phone number:: :::::: Text question and answer:::::::: Thanks Mr don alex AM Barr Gloriah Ennemariah, FROM DIAMOND BANK western union Department.

Email analysis :

NOTE : western.union886@yahoo.dk
NOTE : sefeba@speedy.com.ar
NOTE : X-Origin : 41.86.234.162
NOTE : authenticated user sefeba!speedylm
NOTE : client-ip=98.142.233.70;

Hello

Hello Dear,
Good-Day!

I am in desperate need for your trust and cooperation in assisting the transfer of $32,000,000.00 (thirty two million US dollars); If interested in this offer, do send me a mail.

I look to relocate to your country to start a new live.

Best Regards,
MAna

Email analysis :

NOTE : mmmvd713@gmail.com
NOTE : nancy.marty@slh.wisc.edu
NOTE : Received : from user [(41.71.212.102)]

NOTE : by spam.zinwell.com.tw
NOTE : (envelope-from )

Barrister Nelson Edon,

Dear Friend, I am contacting you to assist in receiving a huge deposit of Twelve Million Five Hundred Thousand US Dollars left in the bank by my late client before Car accident which leads to his death. I want you to receive this fund before its get confiscated by the bank. I will give you the full details of this transaction once I hear from you. Contact me with this email address for more details (nelsonedon002@gmail.com) Barrister Nelson Edon,

Email analysis :

NOTE : nelsonedon002@gmail.com
NOTE : akpakugeorge@yahoo.com
NOTE : Received : from [98.138.87.4]

NOTE : akpakugeorge@yahoo.com
NOTE : nelsonedon002@gmail.com

Your unclaimed Bank Draft is ready for delivery. Please read

DHL COURIER SERVICE,
Unit 98, VAUXHALL BRIDGE ROAD, ML4 3NP,
London. UNITED KINGDOM.

Dear Customer!!!

This is to notify you, that your Unclaimed Bank Draft for the sum of ($3.500.000.00 Million Dollars) has finally been signed and approved for express delivery.

Please get back to us for more details on this delivery.

Sir, Chris Walker.
Information Officer.
DHL Courier Management Team,
All rights reserved. 2016.

Email analysis :

NOTE : SERVICE.@grace.ocn.ne.jp
NOTE : dhlheadoffice@lycos.com
NOTE : Received : from mzcstore422.ocn.ad.jp
NOTE : (mz-fcb422p.ocn.ad.jp [153.149.245.37])

NOTE : by vcwebmail.ocn.ad.jp
NOTE : X-Originating-Ip : [23.247.147.2]

Hello Good Day

Stop contacting them. Because Your fund Is Not with them

I am Mrs Betty Rawlings; A United States Citizen, 58 years old. I reside here in Perth Amboy NJ, My residential address is as follows 482 SAYRE AVE NO,2 PERTH AMBOY 08861 Apt 305, New Jersey, United States. I am thinking of relocating since I am now wealthy.Well I will have to let the cat out of the bag and let this great news known to you, I am one of those that took part in the Compensation awards in Benin Republic many years ago and they refused to pay me, I had spent over $80,000.00 of my life savings while in the USA trying to get my payment but all to no avail.

After all this series of criminal acts that happened to me, I decided to travel down to Benin Republic with all my compensation documents as I was directed to meet with one Barrister Mensah  Baah who happens to be a member of the Compensation Award Committee in Benin. I contacted him and he explained everything to me in detailed information’s, He said whoever is contacting us through emails, Phone or whichever means are fake.

Barr. Mensah  Baah took me to the paying bank for the claim of my compensation payment. With great joy in my heart right now I am the happiest woman on planet earth, I received my compensation funds of Five Million Five Hundred Thousand United State Dollars (US$5,500,000.00).

Moreover, Barr. Mensah  Baah showed me the full list and information’s of receivers that has been scheduled to receive their payments but are yet to receive it, While going through this list carefully I saw your email address and other information’s as one of the beneficiaries, for this reason I have decided to email you to stop dealing with those people, they are not in any way with your funds and won't stop taking money from you, these people are only stealing from you.Right now I will advise that you contact Barrister Mensah  Baah, You can contact him directly on this information below.

COMPENSATION AWARD HOUSE Benin,
NAME: Mensah  Baah
Please Copy His Email: mensahbaah@yeah.net

You really have to stop dealing with those people that are contacting you and telling you all sort of lies as your funds is not in anyways with them. They are only taking advantage of you and they will not stop until you have nothing just like they did to me in the past, The only money I paid after I met Barrister Mensah  Baah is just $108 for the paper works, take note of that.

(NOTE: TELLING YOU TO PAY FOR ANY DELIVERY OR COURIER CHARGE IS ALL NOTHING BUT LIES, I REPEAT THE ONLY MONEY YOU WILL HAVE TO PAY AND WHICH I ALSO PAID IS $108 FOR THE ADMINISTRATIVE/ ENDORSEMENT CHARGE AS IMPOSED BY THE GOVERNMENT AND YOUR PACKAGE CONTAINING YOUR CERTIFIED BANK DRAFT CHEQUE WILL BE REACHING YOU THROUGH THE REGULAR MAIL SERVICE.)

Once again I urge you to stop contacting those people for your own good, I will advise you to contact Barr. Mensah  Baah so that he will help and give you guideline until your funds is delivered to you. Instead of dealing with those people that will be turning you around and asking for different kind of upfront money to complete your transaction, I will advise that you contact only Barr. Mensah  Baah.
Thank You and Remain Blessed.

Mrs Betty Rawlings

Email analysis :

NOTE : mensahbaah@yeah.net
NOTE : andre@tramandai.rs.gov.br
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : X-Php-Originating-Script : 1711:rcube.php
NOTE : Received : by pmt.tramandai.rs.gov.br (Postfix, from userid 33)
NOTE : Received : from pmt.tramandai.rs.gov.br (pmt.tramandai.rs.gov.br. [186.232.55.210])

NOTE : Prefeitura Municipal de Tramandaí was used to relay this scam, with account andre

Contact Mr.Shegun Akintomi(Skye bank ATM director)

Attention please!!!

We were authorized by the President, Federal Republic of Benin and the Governing Board of Central Bank to investigate the unnecessary delay of your payment,to also recommend and approve your claims for payment if the report of the unclaimed contract/inheritance funds is genuine. However, we discovered that your funds has been unnecessarily delayed by corrupt officials of some banks.

We have agreed with the authority that we will handle this payment ourselves to avoid the hopeless situation created by those officials. Currently your Inheritance/Contract fund of $7.5Million has been credited in ATM card.Contact Mr.Shegun Akintomi(Skye bank ATM director)with your details including phone lines for immediate delivery.

Contact Name: Mr.Shegun Akintomi
Email: atm78410@gmail.com
office line:+22999944906

Signed,
management of Skye Bank Plc.

Email analysis :

NOTE : yahagi@tunekawa.co.jp
NOTE : atm78410@gmail.com
NOTE : X-Mailer : Web de Mail, 1.0.0
NOTE : client-ip=216.230.254.50;

TR : !mp0rtant a L!RE.

bien aiméε‏

Excusεz-møi de vous contactεz de cette manièrε car nøus nε nous connaissøns pas.

En bref je me nommε LAURENT BOUDIER d'origine Françaisε et je vis à Londres. Je souffrε d'unε gravε maladiε et j'aimεrais vous faire une prøpøsition qui pourrait vous intéressεr.Il s'agit d'un døn d'une somme de850 000 de euro.

Vous trouverεz sur le documεnt en fichiεr joint plus de rensεignement concernant mon døn je vous prie de la lire lεttre en fichier jøint. Ceci n’étant pas un spam ni virus.

Pour avoir plus de rensεignement concernant cette dønatiøn je vous prie de me Contactεz moi a cette adrεssε. Ceci n’étant pas un spam ni virus :

Conctεz moi a cette adrεssε:

Mail!: laurent.boudier@outlook.com***laurent.boudier@outlook.com

T

Recevez encore une fois de mes salutations les plus distingués .

Cordialement

Monsieur Boudier

256931569426655689465(1).pdf

Email analysis :

NOTE : janujz5@orange.fr
NOTE : claouenan@cazes-goddyn.com
NOTE : clean@orange.com
NOTE : laurent.boudier@outlook.com
NOTE : X-Me-Ip : 86.206.187.80

Samantha Gann sent you "Scan001.zip"

Samantha Gann a file with you on Dropbox

The updated agreement with AlixPartners

Scan001.zip

Download

© 2016 Dropbox

Email screenshot :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from unknown (HELO NNZCABJO) (1.47.202.181)

NOTE : Samantha Gann sent you "Scan001.zip"

File analysis :

CLICK : DOWNLOAD
OPEN : https://www.cubbyusercontent.com/pl/Scan001.zip/_6ec59f8ef081469e9dba0d304a99cb9d
FILENAME : Scan001.zip
RESULT : File is a virus.

Virus analysis :

SHA256: e68dfb45eb15d675073486679ac94cac1788ea5c54a3e39cb9cddddaf73a179e
FILENAME : Scan001.zip
AVG : Downloader.Generic_c.ALTL
Ad-Aware : Trojan.GenericKD.3298975
AegisLab : Exploit.Script.Generic!c
Arcabit : Trojan.Generic.D32569F
Avast : Other:Malware-gen [Trj]
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3298975
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.ADU
Emsisoft : Trojan.GenericKD.3298975 (B)
F-Secure : Trojan.GenericKD.3298975
Fortinet : JS/Nemucod.ET!tr.dldr
GData : Trojan.GenericKD.3298975
Ikarus : JS.Trojan-Downloader.Rogue
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Exploit.Script.Generic
McAfee : Generic.yd
McAfee-GW-Edition : Generic.yd
eScan : Trojan.GenericKD.3298975
Microsoft : TrojanDownloader:JS/Nemucod.AT
Rising : Exploit.Generic!8.3E1-aXLPd6nZxPO (Cloud)
TrendMicro : JS_NEMUCOD.QDA
TrendMicro-HouseCall : JS_NEMUCOD.QDA

Un nouveau messange est disponible sur votre messagerie HelloBank (Phishing Hello bank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Clique Ici

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Email screenshot :

Email analysis :

NOTE : __Hello.Bank__@tix.nl
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < zend@tix.nl >
NOTE : Received : by tix.nl
NOTE : X-Php-Originating-Script : 0:zabo.php
NOTE : Un nouveau messange est disponible sur votre messagerie HelloBank

Phishing analysis :

CLICK : Clique Ici
OPEN : http://belmondo-gent.be/7
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/
SCREENSHOT :

CLICK : Accéder aux comptes
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/check.php?log=*
SCREENSHOT :

CLICK : Vérifier
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/checked.html

REDIRECT : https://www.hellobank.fr/fr/espace-client

[important (1)] Vous avez reçu un message : (Phishing CyberPlus)

Bonjour,

Le département technique procéde à une mise à jour importante de logiciel programmée de facon à améliorer la qualité de nos services .

Nos vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer votre PassCyberPlus :

Confirmer votre PassCyberPlus

Nous vous remercions pour la confiance que vous acordez à nous et restons à votre disposition .

Cordialement,

Ceci est un troisiéme et dernier rappel nous vous invitant a accéder a votre formulaire dés que possible,

dans le cas contraire nous ne somme pas responsables des debit inhabituels sur votre compte

BANQUEPOPULAIRE

Â
Â

Email screenshot :

Email analysis :

NOTE : _C_y_b_e_r_P_l_u_s@amazon.fr
NOTE : Content-Type : text/html;charset='iso-8859-1'
NOTE : X-Proxad-Sc : state=HAM score=0
NOTE : Return-Path : < www-data@regiesmtp505-1.odiso.net >
NOTE : X-Mailer : PHP/5.3.10-1ubuntu3.23
NOTE : Received : by regiesmtp505-1.odiso.net
NOTE : X-Php-Originating-Script : 0:zamailer.php
NOTE : [important (1)] Vous avez reçu un message :

Phishing analysis :

CLICK : Confirmer votre PassCyberPlus
OPEN : http://cyber-rts.com/
REDIRECT : http://livinggreenlandscaping.com/language/en-GB/var
RESULT : Phishing was removed...

my subject

I am Sgt Adams John , I have a Secured Monetary deal for you and it's
legitimate, 25,000,000,00 USD please for more information contact my private email: sgtadamsjohn444@gmail.com Sgt Adams John

Email analysis :

NOTE : my subject
NOTE : sgtadamsjohn444@gmail.com
NOTE : asparagus@unist.ac.kr
NOTE : X-Originating-Ip : [116.202.38.145]

J’ai Quelque Chose à Vous Dire...[IMPORTANT]

Bonjour,

Soyons RÉALISTES ! Si vous êtes encore en train de lutter pour perdre du poids, alors j’ai LA solution pour vous !

Mon ami Brian, qui est entraîneur personnel certifié et nutritionniste de niveau mondial, a créé un nouveau système pour une perte de poids rapide, qui GARANTIT LES RÉSULTATS !

Il l’appelle La Diète 3 Semaines. Il l'appelle comme ça car ce système peut vous aider à perdre jusqu’à 10 kilos de graisse corporelle pure, en 3 semaines seulement !

Je n’y ai pas cru non plus, dans un premier temps - mais après avoir constaté les preuves et l’avoir testé moi-même, j’ai été conquis !

COMMENT ÇA FONCTIONNE...

Le régime indique d'abord les heures de la journée où votre métabolisme brûle le plus, et ce sont celles où vous devriez manger pour brûler de la graisse. Le système est si précis et efficace que certaines personnes peuvent perdre jusqu’à 500 g par jour en le suivant. Combiné avec différents types d’aliments qu’il recommande, ce régime est donc quasi INFAILLIBLE !

Sans surprise, sa méthode complète est même approuvée par des médecins certifiés, afin que vous soyez assuré d’utiliser une méthode sûre et testée (allez sur le site pour le vérifier par vous-même).

Habituellement, il vend sa méthode à 97 €, mais aujourd’hui il fait une offre spéciale, juste pour mes contacts : Vous pouvez obtenir la méthode complète de La Diète 3 Semaines pour seulement 47 € ! C’est une offre vraiment unique et abordable mais elle n’est disponible que pendant une durée limitée.

De plus, Brian propose sa garantie « Perdez du poids ou c’est gratuit » - c’est-à-dire que si vous ne perdez pas le nombre de kilos que vous escomptiez pendant les 3 semaines - il vous remboursera personnellement chaque centime que vous avez dépensé pour ce régime. Vous ne pouvez pas obtenir beaucoup plus, n’est-ce pas ?

Alors, si vous êtes encore en train de vous débattre pour perdre du poids, je vous conseille fortement d’aller jeter un coup d'oeil à la présentation de de La Diète 3 Semaines en visitant ce lien :

http://www. livresduweb.top /index.php

Découvrez-le maintenant avant que l’offre spéciale expire !

Pour perdre du poids et se sentir en forme,

Sophie

Email analysis :

NOTE : fefou2005@yahoo.fr
NOTE : contact@ livresduweb.top

Attn: The Owner of this E-mail ID,

Attn: The Owner of this E-mail ID,

Your Name And Your Contact Details Was Given To This Office In Respect Of Your Total inherited/Compensation Sum Owed To You Which You Have Failed To Claim Because Of Either Non-Compliance Of Official Processes Or Because Of Your Unbelief Of The Reality Of Your Genuine Payment. We Wish To Bring To You The Solution To This Problem. Right Now We Have Arranged Your Payment Through Our Swift Card Payment Centers, That Is The Latest Instruction From Economic Community Of West African States (ECOWAS) This UBA ATM payment Center Will Send To You An ATM VISA Card Which You Will Use To Withdraw Your Money In Any ATM Machine In Any Part Of The World, So If You Like To Receive Your Fund In This Way, Please Let Us Know By Contacting Us Back on the following information:

CONTACT: Mr.Morgan Chambers.
PHONE NUMBER: +22961135739
Email: allusers.group79@gmail.com

And Also Send The Following Information As Listed Below.

1. Full Name
2. Phone And Fax Number
3. Delivery address
4. ATTACH COPY OF YOUR IDENTIFICATION/ If any available

We Have Been Mandated By The ECOWAS Parliament To Issue Out $7.5million USD in your favor This fiscal year. Also For Your Information, You Have To Stop Any Further Communication With Any Other Person (S) Or Office(S) To Avoid Any Hitches In Receiving Your Payment. Note That Because Of Impostors,We Hereby Issued You Our Code Of Conduct, Which Is (ATM-202) So You Have To Indicate This Code When Contacting The Card Center By Using It As Your Subject.

=======================================================

AS SOON AS I CONFIRM THE REQUIRED INFORMATION I WILL DIRECT YOU ON HOW TO PROCEED ON IMMEDIATE DISPATCHING OF YOUR ATM CARD PAYMENT.

=========================================================

Email analysis :

NOTE : allusersgroup@yandex.com
NOTE : rafi@maqsimum.pl
NOTE : Received : from User (unknown [130.185.159.11])

NOTE : by mps.maqsimum.pl (Postfix)

Sergeant Ann Hester Leigh

my name is Sergeant Ann Hester Leigh, United States military officer, looking for a reliable trust worthy person for a cordial relationship.

I'll be glad if you write me here for more details.

regard!
Sergeant Ann Hester Leigh

Email analysis :

NOTE : bean.an@outlook.com
NOTE : jameskibler52@gmail.com

Job representative needed,

TimeOne Group Ltd are in search of a competent individual or firm that will be responsible in handling payment on our behalf as a Sales Representative Officer, contact us for further information.

Thanks, and best regard,

Fabien Barbaud
TimeOne Technology Management.

Email analysis :

NOTE : fbarbaud023@gmail.com
NOTE : hrrdnld@gmail.com
NOTE : Received : from webmail.ps5.com.br (unknown [189.50.80.100])

NOTE : (Authenticated sender: elza@bew.net.br)
NOTE : by painel.bew.net.br (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTe : Organization : TimeOne Group

I AM SORRY TO ENCROACH INTO YOUR PRIVACY IN THIS MANNER REPLY .....

Dear sir/Ma

I am sorry to encroach into your privacy in this manner, I got your contact from the professional data base found in the internet Yahoo tourist search; I was searching for a foreign reliable partner., I find it pleasurable to offer you my partnership in business. I only pray at this time that your address is still valid. I want to solicit your attention to receive money on my behalf.

My name is . Richard Williams US ARMY MAJOR, I am serving in the US military in Afghanistan with the army infantry division, I have some amount of funds that I want to move out of the country for safe keep and investment.

if interested kindly reply via email for further details. ( richardwilliamsu00@gmail.com )

PLEASE, TREAT THIS PROPOSAL AS TOP SECRET.

God bless you and thanks for cooperation in advance.

Best Regards,

MAJOR. Richard Williams

Email analysis :

NOTE : info@lee.org
NOTE : richardwilliamsu00@gmail.com
NOTE : Received : from mail.com (unknown [50.255.40.77])

Urgent ! (Phishing Banque Populaire)

Bonjour,

Le département technique procède à une mise à jour 2016 de logiciel, programmée de façon à améliorer
la qualité de nos services.
Nous vous demandons avec bienveillance de procéder à la mise à jour en cliquant sur le lien ci-dessous et
de sécuriser votre PassCyberPlus:

ACCÉDER À MES COMPTE

Nous vous remercions pour la confiance que vous nous accordez et restons à votre disposition.

Cordialement
Directeur de la relation clients

Si vous ne voulez plus recevoir ce message automatique, connectez-vous à votre espace employeur et modifiez l'option de rappel de déclaration dans la rubrique

Email screenshot :

Email analysis :

NOTE : asadadass@bil.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < asadadass@bil.com >
NOTE : Received : from bil.com ([84.39.33.123])
NOTE : Received : by bil.com
NOTE : X-Php-Originating-Script : 0:xroot.php
NOTE : Urgent !

Phishing analysis :

CLICK : ACCÉDER À MES COMPTE
OPEN : http://shop.longavita-ug.ru/LICENSE/pop/
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php
SCREENSHOT :

CLICK : OK
REDIRECT http://personalcolor.co/facebook/pop/*/index.html
SCREENSHOT :

CLICK : VALIDER
REDIRECT : http://personalcolor.co/facebook/pop/*/login.php
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php

ATTENTION BENEFICIARY,

WE THE WESTERN UNION REMMITTING OFFICE WERE HEREBY WRITE TO INFORM YOU THAT WE HAVE ALREADY SENT YOUR FULL COMPENSATION PAYMENT OF $6.800,000.00 TO YOU THROUGH WESTERN UNION, YOU WILL BE RECEIVING 10.000.00USD PER DAY, AND WE HAVE SEND THE FIRST PAYMENT TO YOU. SO CONTACT OUR DIRECTOR Dr.Peter Anthony AND ASK HIM TO GIVE YOU THE WESTERN UNION PAYMENT INFORMATION SO THAT YOU CAN BE ABLE TO PICK UP YOUR FUNDS THROUGH WESTERN UNION WITHOUT ANY PROBLEM.

CONTACT HIM WITH THE BELLOW INFORMATION.
(unionw633@gmail.com)
PHONE NUMBER (+22999165308)
AND CONTACT HIM WITH YOUR FULL INFORMATION.

Your name............
country.... ..........
phone ...........
address...............
city..........
age..................
sex..................

CALL OR EMAIL HIM NOW SO THAT HE CAN PROVIDE THE WESTERN UNION INFORMATION TO YOU AS SOON AS YOU CAN.

Thanks and Remain Blessed John Paul.
From WESTERN UNION.
YOUR FIRST PAYMENT THROUGH WESTERN UNION.

Email analysis :

NOTE : unionw633@gmail.com
NOTE : officefile112016@tochka.net
NOTE : dvmail.tochka.net (imap.tochka.net. [91.207.122.195])
NOTE : client-ip=91.207.122.195;

عاجل جدا

900،000 دولار أمريكي تمنح لك من قبل شركة شيفروليه. إرسال الاسم والعنوان والهاتف المحمول والجنسية عن طريق: chevroletcompany 34@gmail.com

Email analysis :

NOTE : chevroletcompany34@gmail.com
NOTE : botrach.qbh@moj.gov.vn
NOTE : Return-Path : < botrach.qbh@moj.gov.vn >
NOTE : X-Originating-Ip : [10.28.30.60]
NOTE : Mime-Version : 1.0
NOTE : X-Mailer : Zimbra 7 (zclient/7)
NOTE : Message-Id : < *-*@mail.moj.gov.vn >
NOTE : client-ip=203.113.130.106;

NOTE : Received : from Internal Mail-Server by Mail-SeCureOUT
NOTE : (envelope-from botrach.qbh@moj.gov.vn)
NOTE : Received : from mail.moj.gov.vn (mail1.moj.gov.vn [10.28.30.68])
NOTE : by mail.moj.gov.vn (Postfix)

What is moj.gov.vn ?

- MOJ is the Vietnamese Ministry of Justice.
- The server of the Vietnamese Ministry of Justice was used to relay this scam.
- Account : botrach.qbh