FBI Headquarters in Washington, D.C.
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C. 20535-0001
REF: US/28028/8A28/11
ATTN: RECIPIENT
Attention Ms. Magdalena Atanasova Nedyalkova:
Your email was well received and noted with the attahced I.D and other informations also. Please bear with us that we have to be also careful with whom we are delaing with so as to be 100% that e are dealing with the right person, so with that, I will ask that you give me some time and I will get back to you as soon as this is all cleared and will then inform you on how to go about getting your funds to you. Thanks for your swift response.
Mr Richard Wilson
FBI Official
Criminal Investigative Division
Washington Branch Officer
202-599-3988
FBI Headquarters in Washington, D.C.
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C. 20535-0001
Attention Mrs. Linda Margaret Deininger, Your email has been received in good heart and I hope these email gets to you in good health condition. Like i stated in my first email I am Mr James B.Comey, my identity badge has been attached for your view and confirmation of office. Your email has been received thus your personal details to proceed with these compensation funds amounting to One Million United state Dollars.the information you sent has been investigated and confirmed among the listed citizen to be compensated. I am more concerned with these impersonators and scammers all over the internet destroying the good image of the FBI and other respected offices here in the state..please you have to stop every form of communication with whomsoever and report any form of scam email you receive to help us with our investigation to the arrest and stop of these scam activity that has grown so wide in the internet. The Initial plan of having the western union send the first $5000 to you has been aborted reason because of the high demands of the western union and suspicion of funds diverting activity by some of their official whom is said to have a connection with these scammers..Investigation is on to archive success and make a good eradication of the bad ones in our system and country.The United Nation will hold these office responsible if anything happens to your funds, the FBI will be held responsible..At that you have to come over to our office to get your funds in person in an ATM Card form or in a Check Form all with valid same amount..The Reason why you are demanded to come over to the office to get your funds is because other means which is the Delivery method will demands a delivery fee by the delivery company and due to your past experience and email you have been receiving...you will be skeptical and might refer to my office as impersonators you have deal with,that is more of the reason why i attached my identity badge for confirmation of office. In consideration of resources needed to come to our office here in Washington I went into an agreement with a delivery company(Royal Express Courier Service) with the sole intention to have a reasonable agreement for beneficiary that does not have what it takes to come over for their funds or may be too busy to take such trip.After a huge deliberation i was able to get a good deal from the director of the Royal Express Courier Service to accept a delivery sum of $295 instead of the $387 fee for such delivery..and i was assured of safe delivery in 48hours with the online access to beneficiary to track delivery till it gets to his or her door step,and for the record i have been able to conclude two transactions via these method and the beneficiaries writes me everyday for appreciation. So Please get back to me upon your choice of delivery..If you want to take up the Delivery method by the Royal Express Courier Service or you want to come over to our office with your Attorney to finalize these legitimate transaction.
Thanks for your understanding as i await your urgent response.
Mr Richard Wilson
FBI Wasghington Branch Officer
Friday, October 17, 2014
Please verify your account (Apple phishing)
Confirm your account
Some information on your account appears to be missing or incorrect. Please update your information p romptly so that you can continue to enjoy all the benefits of your account.
Get Started ›
If you don't update your information within 14 days, we'll limit what you can do with your account.
Email analysis :
NOTE : Received : from lvps217-199-162-34.vps.webfusion.co.uk
NOTE : (lvps217-199-162-34.ipv6.vps.webfusion.co.uk. [2a02:4e8:4:1050::d9c7:a222])
NOTE : Received : by lvps217-199-162-34.vps.webfusion.co.uk (Postfix, from userid 33)
NOTE : Return-Path : < www-data@lvps217-199-162-34.vps.webfusion.co.uk >
NOTE : X-Php-Originating-Script : 33:mailerPass.php
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html
NOTE : Please verify your account
Phishing analysis :
CLICK : Get Started
OPEN : http://yachtsoffered.com/uploads/images/165/thumbnail/dir.html
REDIRECt : http://support-customer-help-account-verification-id21477.gbtembroidery.com/
SCREENSHOT :
SUBMIT FORM : by clicking Sign In
SCREENSHOT :
CLICK : Finish
REDIRECT : https://itunesconnect.apple.com/WebObjects/iTunesConnect.woa
FINAL PURPOSE : The final purpose of this phising is to compromise itunesconnect accounts.
Whois yachtsoffered.com :
Domain Name: yachtsoffered.com Registry
Domain ID: 1436378277_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.melbourneit.com
Registrar URL: http://www.melbourneit.com.au
Updated Date: 2013-05-07T22:47:57Z
Creation Date: 2008-03-28T14:04:34Z
Registration Expiration Date: 2015-03-28T14:04:25Z
Registrar: Melbourne IT Ltd
Registrar IANA ID: 13
Registrar Abuse Contact Email: abuse@melbourneit.com.au
Registrar Abuse Contact Phone: +61.386242300 Domain Status: ok
Registry Registrant ID: Registrant Name: Judy Nasmith
Registrant Organization: Judy Nasmith
Registrant Street: PO Box 70133
Registrant City: Seattle Registrant State/Province: WA
Registrant Postal Code: 98127 Registrant Country: US
Registrant Phone: +1.9633560
Registrant Phone Ext: Registrant Fax: +1.9633560
Registrant Fax Ext: Registrant Email: captjudy@hotmail.com
Registry Admin ID: Admin Name: Judy Nasmith
Admin Organization: Judy Nasmith
Admin Street: PO Box 70133
Admin City: Seattle
Admin State/Province: WA Admin Postal Code: 98127
Admin Country: US Admin Phone: +1.9633560
Admin Phone Ext: Admin Fax: +1.9633560
Admin Fax Ext: Admin Email: captjudy@hotmail.com
Tech Name: Verio Hostmaster
Tech Organization: Verio
Tech Street: 5050 Blue Lake Dr.
Tech City: Boca Raton
Tech State/Province: FL Tech Postal Code: 33431
Tech Country: US Tech Phone: +1.8886636648
Tech Phone Ext:
Tech Fax: +1.8886636655
Tech Fax Ext:
Tech Email: hostmaster@VERIO-HOSTING.COM
Name Server: NS1.WESTSERVERS.NET
Name Server: NS2.WESTSERVERS.NET
DNSSEC: unsigned URL
whois gbtembroidery.com :
Domain Name: gbtembroidery.com
Creation Date: 2014-07-30
Registration Expiration Date: 2015-07-30
Registrar: Onlinenic Inc Registrar IANA ID: 82
Registrar Abuse Contact Email: onlinenic-enduser@onlinenic.com
Registrar Abuse Contact Phone: +1.5107698492
Reseller: YorHost
Domain Status: clientTransferProhibited
Registrant Name: Tina Flowers
Registrant Organization: GBT Embroidery
Registrant Street: 137 Dominion Road
Registrant City: Leicester
Registrant State/Province: Leicester
Registrant Postal Code: LE3 8JB
Registrant Country: GB
Registrant Phone: +44.7889475809
Registrant Fax: +44.7889475809
Registrant Email: Gbtembroidery@yahoo.co.uk
Admin Name: Tina Flowers
Admin Organization: GBT Embroidery
Admin Street: 137 Dominion Road
Admin City: Leicester
Admin State/Province: Leicester
Admin Postal Code: LE3 8JB Admin Country: GB
Admin Phone: +44.7889475809
Admin Phone Ext: Admin Fax: +44.7889475809
Admin Email: Gbtembroidery@yahoo.co.uk
Registry Tech ID: Tech Name: Tina Flowers
Tech Organization: GBT Embroidery
Tech Street: 137 Dominion Road
Tech City: Leicester
Tech State/Province: Leicester
Tech Postal Code: LE3 8JB
Tech Country: GB Tech Phone: +44.7889475809
Tech Phone Ext: Tech Fax: +44.7889475809
Tech Fax Ext: Tech Email: Gbtembroidery@yahoo.co.uk
Name Server: ns100a.yorhost.net
Name Server: ns100b.yorhost.net
Some information on your account appears to be missing or incorrect. Please update your information p romptly so that you can continue to enjoy all the benefits of your account.
Get Started ›
If you don't update your information within 14 days, we'll limit what you can do with your account.
Email analysis :
NOTE : Received : from lvps217-199-162-34.vps.webfusion.co.uk
NOTE : (lvps217-199-162-34.ipv6.vps.webfusion.co.uk. [2a02:4e8:4:1050::d9c7:a222])
NOTE : Received : by lvps217-199-162-34.vps.webfusion.co.uk (Postfix, from userid 33)
NOTE : Return-Path : < www-data@lvps217-199-162-34.vps.webfusion.co.uk >
NOTE : X-Php-Originating-Script : 33:mailerPass.php
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html
NOTE : Please verify your account
Phishing analysis :
CLICK : Get Started
OPEN : http://yachtsoffered.com/uploads/images/165/thumbnail/dir.html
REDIRECt : http://support-customer-help-account-verification-id21477.gbtembroidery.com/
SCREENSHOT :
SUBMIT FORM : by clicking Sign In
SCREENSHOT :
CLICK : Finish
REDIRECT : https://itunesconnect.apple.com/WebObjects/iTunesConnect.woa
FINAL PURPOSE : The final purpose of this phising is to compromise itunesconnect accounts.
Whois yachtsoffered.com :
Domain Name: yachtsoffered.com Registry
Domain ID: 1436378277_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.melbourneit.com
Registrar URL: http://www.melbourneit.com.au
Updated Date: 2013-05-07T22:47:57Z
Creation Date: 2008-03-28T14:04:34Z
Registration Expiration Date: 2015-03-28T14:04:25Z
Registrar: Melbourne IT Ltd
Registrar IANA ID: 13
Registrar Abuse Contact Email: abuse@melbourneit.com.au
Registrar Abuse Contact Phone: +61.386242300 Domain Status: ok
Registry Registrant ID: Registrant Name: Judy Nasmith
Registrant Organization: Judy Nasmith
Registrant Street: PO Box 70133
Registrant City: Seattle Registrant State/Province: WA
Registrant Postal Code: 98127 Registrant Country: US
Registrant Phone: +1.9633560
Registrant Phone Ext: Registrant Fax: +1.9633560
Registrant Fax Ext: Registrant Email: captjudy@hotmail.com
Registry Admin ID: Admin Name: Judy Nasmith
Admin Organization: Judy Nasmith
Admin Street: PO Box 70133
Admin City: Seattle
Admin State/Province: WA Admin Postal Code: 98127
Admin Country: US Admin Phone: +1.9633560
Admin Phone Ext: Admin Fax: +1.9633560
Admin Fax Ext: Admin Email: captjudy@hotmail.com
Tech Name: Verio Hostmaster
Tech Organization: Verio
Tech Street: 5050 Blue Lake Dr.
Tech City: Boca Raton
Tech State/Province: FL Tech Postal Code: 33431
Tech Country: US Tech Phone: +1.8886636648
Tech Phone Ext:
Tech Fax: +1.8886636655
Tech Fax Ext:
Tech Email: hostmaster@VERIO-HOSTING.COM
Name Server: NS1.WESTSERVERS.NET
Name Server: NS2.WESTSERVERS.NET
DNSSEC: unsigned URL
whois gbtembroidery.com :
Domain Name: gbtembroidery.com
Creation Date: 2014-07-30
Registration Expiration Date: 2015-07-30
Registrar: Onlinenic Inc Registrar IANA ID: 82
Registrar Abuse Contact Email: onlinenic-enduser@onlinenic.com
Registrar Abuse Contact Phone: +1.5107698492
Reseller: YorHost
Domain Status: clientTransferProhibited
Registrant Name: Tina Flowers
Registrant Organization: GBT Embroidery
Registrant Street: 137 Dominion Road
Registrant City: Leicester
Registrant State/Province: Leicester
Registrant Postal Code: LE3 8JB
Registrant Country: GB
Registrant Phone: +44.7889475809
Registrant Fax: +44.7889475809
Registrant Email: Gbtembroidery@yahoo.co.uk
Admin Name: Tina Flowers
Admin Organization: GBT Embroidery
Admin Street: 137 Dominion Road
Admin City: Leicester
Admin State/Province: Leicester
Admin Postal Code: LE3 8JB Admin Country: GB
Admin Phone: +44.7889475809
Admin Phone Ext: Admin Fax: +44.7889475809
Admin Email: Gbtembroidery@yahoo.co.uk
Registry Tech ID: Tech Name: Tina Flowers
Tech Organization: GBT Embroidery
Tech Street: 137 Dominion Road
Tech City: Leicester
Tech State/Province: Leicester
Tech Postal Code: LE3 8JB
Tech Country: GB Tech Phone: +44.7889475809
Tech Phone Ext: Tech Fax: +44.7889475809
Tech Fax Ext: Tech Email: Gbtembroidery@yahoo.co.uk
Name Server: ns100a.yorhost.net
Name Server: ns100b.yorhost.net
Your document
To view your document, please open attachment.
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
Subscribe to:
Posts (Atom)