Friday, November 14, 2014

11/13/2014 Kindly reply

Dear Sir,

I am surprised not getting a response from the earlier mail I sent to you. I humbly ask if you are related to my client who died two years ago of Adenocarcinoma; an esophageal cancer. I wish to also inquire if it is possible to have different families with your same last name by coincidence, who do not share any common roots? Kindly get back to me if your email is still valid to enable me make headway in my search.

Best regards,

Greg Davies

Attention:The Owner of this email Address,

WESTERN UNION DEPARTMENT HEAD OFFICE
24 RUE DUE AKPAKPA COTONOU BENIN REP.

Dear Customer,

This is to report to you that our western union bureau have received a correspondence from the federal high court as cancellation notice for your funds transfer to be deleted from foreign payment file .
The western union management desires to inform you that your funds transfer with us has been programmed among the five (5) transactions that would face cancellation soon. We have waited long time enough for you to fulfill the required obligations and claim the funds like other beneficiaries that have claimed their funds before November ending this year but nothing comes up from you as indication from the funds owner. the management of this western union held an urgent meeting in my office today, regards to the transferring of your funds by western union and they have asked my office to submit all the paper works and files containing your funds confidentiality but i refused and asked the board members to give me from now till 2days time so that i consult you personally for you to declare your interest on the funds transfer. Further more, you are advised to reply to this email after reading, and feel free to tell us why you abandoned such huge amount here. let us know if you are no longer interested to complete your transaction. Finally, if you still have the interest of being paid your funds by western union money transfer; you should kindly forward your receiver’s name and address including your phone number immediately

i am looking forward to your positive cooperation fairly soon.

Best regards.
Mr.Joseph Anthony
DIRECTOR of Western union Benin Republic
contact Email(oficewesternunnun26@outlook.com)

Office

Attn: Beneficiary

This is to inform you that the atm card that you have now have expired.We have issued another atm card for you and a new pin code for you to start withdrawing your $1.5Million from the atm card. You have to contact the Diplomat Agent to deliver the atm card and the new pin code to you so you will start withdrawing your money and remember it is $5000.00 every day until the $1.5million is paid completely to you.

Contact Diplomat Agent
Diplomat Victor John H.H Dieter
Email :diplomatvictorj@yahoo.com

It is very important that you update us immediately you receive your new atm card and new pin code and we wish you good luck as you are withdrawing your money from your new atm card from this office.

Dr.Paul Marvin
Director ATM Department
World Bank/United States

Marin kt

ATTN: HOUR ABLE CONTRACTOR,

DID YOU AUTHORIZED ANYBODY WHO PRESENTED DOCUMENT OF CLAIM, REPORTED TO HAVE SIGNED BY YOU FOR THE RELEASE OF YOUR PART-PAYMENT OF $9.5MILLION USD ONLY.

Kindly re-confirm to me the followings:

1) Your full name.
2) Phone, fax and mobile #.
3) Company name, position and address.
4) Profession, age and marital status.

REPLY TO martinkevin5673@gmail.com

MR. MARTIN KEVIN
ACCOUNT SUPERVISOR

RE: Hello My Dear Parents.

RE: From Mercy Dominic.

Thank you very much for your profile on the internet, which has made me to accomplish my request. As i am browsing the internet, i saw your profile which attracted my spirit that you can handle this transaction the way it will please Me, but i was very ill so i could not send you an email until now. I am Mercy Dominic the only child of late Mr and Mrs William Dominic.My father was a very wealthy cocoa merchant in Abidjan , the economic capital of Ivory coast, my father was poisoned to death by his business associates on one of their outings on a business trip . My mother died when i was a baby and since then my father took me so special. Before the death of my father on January 2013 in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of Four Million,Five Hundred Thousand United State Dollars. USD $4.5m left in fixed / \suspense account in one of the prime bank here in Abidjan ,that he used my names as his only child for the next of Kin in depositing of the fund. That i should seek for a foreign partner in a country of my choice where we shall transfer this money and use it for investment purpose such as real estate management or hotel management .

Dear, am honourably seeking your assistance in the following ways:

(1) To provide a good bank account into which this money would be transferred into . (2) To serve as a guardian of this fund since I am only 17 years old. (3) To make arrangement for me to come over to your country to further my education and to secure a resident permit in your country. Moreover, dear, i am willing to offer you 30% of the total sum as compensation for your effort/ input after the successful transfer of this fund into your nominated account overseas. Furthermore, you indicate your options towards assisting me as we believe that this transaction would be concluded within seven (7) days you signify interest to assist me. Please contact me on my private email (mercydominic13@yahoo.co.jp ) for more informations.

Anticipating to hear from you soon.
remain bless,
Yours Faithfully,
Mercy Dominic.

ABOUT YOUR PENDING PAYMENT..

Dear Friend,

I must apologize that this letter is quite lengthy; please treat without prejudice. The ministry of finance could not endorse the payment of your inheritance fund because the channel in which you presented your claim to the Fund clearing Department was suspected as a "Ghost Claim". The word "Ghost claim" was coined in West Africa and in its simplest meaning, it refers to as any claim presented by an applicant without making a live appearance. The inheritance ghost claim channel was adopted by corrupt administrators in the early 70s; It is commonly used by politicians of today to loot and warehouse embezzled funds in offshore accounts with the help of foreign collaborators.

Any fund suspected to be "Ghost Claim" undergoes proper scrutiny since it was reported that politicians is this 4th republic and their foreign cohorts have stolen and concealed millions of US Dollars in foreign accounts through inheritance channels. According to crime scientists, internet miscreants did expose the existence of ghost claims by using the same channel to perpetrate what is widely known as Advance Fee Fraud; thereby making it difficult to distinguish between genuine inheritance claims and the laundering of looted funds by government functionaries. I must bring to your notice that over a half dozen applicants had so far attempted to claim this fund over the years, which is also the reason I was mandated to verify the rightful beneficiary from all the applicants observed.

Find you trustworthy and as someone i can confine in; it's a sign of reference that I have chosen to work with you amongst other applicants. Though, i am aware that you are equally not the ORIGINAL next of-Kin of the fund in question, but as the lead investigator, I will use my umpire immunity to bestow the fund on you without a hitch, and my employers will not hesitate to present you to the Fund Clearing Department as the sole-beneficiary of the fund. If you would agree to split the fund 50%-50% with me, I will nominate you as the bonafide beneficiary and guide you accordingly to enable you receive the fund in less than two working weeks. If you're interested, please indicate your interest by providing your phone number for further details.

Thanks in anticipation; I hope to read from you at your earliest convenience.

Yours Faithfully,
ADEBOLAJI COLE.
Chief Investigator, Foreign Payment Division..
Federal Code Of Conduct Bureau.
adebolajicole@yahoo.com

Email analysis :

NOTE : X-Remote : 162.254.163.243 ()
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Get-Message-Sender-Via : neradovi.arvixevps.com: authenticated_id: test@ANGEBOTECHECK.COM
NOTE : Content-Type : text/plain
NOTE : Received : from unknown (HELO neradovi.arvixevps.com) (162.254.163.243)
NOTE : Received : from [41.138.187.222] (port=55180 helo=IKEMEFUNA-PC) by neradovi.arvixevps.com

Virus from Essex...

Virus relayed from essex.org.uk :


Voice Message #0168935504
====================================
NOTE : X-Remote : 208.118.175.61 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (208.118.175.61)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0168935504
====================================
Voice redirected message

http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:18:30 +0000
====================================


Voice Message #0461019860
====================================
NOTE : X-Remote : 50.246.114.145 (mail.nbaccorp.com)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from mail.nbaccorp.com (HELO essex.org.uk) (50.246.114.145)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path :
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0461019860
====================================
Voice redirected message

http://vsrwhitefish.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:16:02 +0000
====================================


Voice Message #0479943726
====================================
NOTE : X-Remote : 82.79.67.81 (impress.ro)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from impress.ro (HELO essex.org.uk) (82.79.67.81)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0479943726
====================================
Voice redirected message

http://vietnamflight.vn/bankline/message.php
Sent: Thu, 13 Nov 2014 12:38:01 +0000
====================================


Voice Message #0830285419
====================================
NOTE : X-Remote : 209.76.245.60 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (209.76.245.60)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0830285419
====================================
Voice redirected message

http://karich.com.my/bankline/message.php
Sent: Thu, 13 Nov 2014 11:59:55 +0000
====================================


Voice Message #1032155137
====================================
NOTE : X-Remote : 173.10.48.121 (173-10-48-121-michigan.hfc.comcastbusiness.net)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from 173-10-48-121-michigan.hfc.comcastbusiness.net (HELO essex.org.uk) (173.10.48.121)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #1032155137
====================================
Voice redirected message

http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:41:17 +0000
====================================


Domains related to scams :


====================================
http://karich.com.my/bankline/message.php
====================================
Registrant Name: Joanne Chin Karich
Registrant Street: Sdn Bhd No.1, Jalan 27 A, Kawasan 16, Sungai Rasa
Registrant City: 41300 Kuala Lumpur Wilayah Persekutuan
Registrant Country : Malaysia
Registrant Phone : (Tel) 03-33928488 (Fax) 03-33929069
Registrant Email : joanne@karich.com.my
====================================

====================================
http://zorcorp.com/bankline/message.php
====================================
Registrant Name : john zorbas
Registrant Street : 80 collard st. suite 200
Registrant City : toronto
Registrant State/Province : ON
Registrant Postal Code : m5r1g2
Registrant Country : CA
Registrant Phone : +1.4165646882
Registrant Email : zorcorp@rojers.blackberry.net
====================================

====================================
http://vietnamflight.vn/bankline/message.php
====================================
Registrant Name : Công ty NetNam
Registrant Owner Name : Công Ty TNHH Du Lịch Châu Á Thái Bình Dương
DNS : ns1.sapatours.com , ns2.sapatours.com
====================================

====================================
http://vsrwhitefish.com/bankline/message.php
====================================
Registrant Name : Betty Luderman
Registrant Organization : Village Square Realty
Registrant Street : 411 Spokane Ave
Registrant City : Whitefish
Registrant State/Province : MT
Registrant Postal Code : 59937
Registrant Country : US
Registrant Phone : +1.4068623541
Registrant Email : bettylud@bresnan.net
====================================


Scam.cz action :


====================================
- Clicking one of the link.
- Download : Secure-messageBankline_pdf.zip
- Open : Secure-messageBankline_pdf.zip
- Redirect to http://www.rbs.co.uk/corporate/electronic-services/g2/datalink.ashx
- Analysis : Secure-messageBankline_pdf.zip
====================================


Secure-messageBankline_pdf.zip is a trojan :


====================================
AVG : Luhe.Fiha.A
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.1973036
Avira : TR/Crypt.ZPACK.94167
Baidu-International : Trojan.Win32.Battdil.bI
BitDefender : Trojan.GenericKD.1973036
Cyren : W32/Trojan.YDSE-4442
DrWeb : Trojan.Upatre.115
ESET-NOD32 : Win32/Battdil.I
Emsisoft : Trojan.GenericKD.1973036 (B)
F-Prot : W32/Trojan3.MDD
F-Secure : Trojan-Downloader:W32/Upatre.I
Fortinet : W32/Upatre.BTC!tr
GData : Trojan.GenericKD.1973036
Ikarus : Trojan-Spy.Zbot
Kaspersky : Trojan.Win32.Staser.aqlf
Malwarebytes : Trojan.Upatre
McAfee : Artemis!C852DFF3E4DE
MicroWorld-eScan : Trojan.GenericKD.1973036
Microsoft : TrojanDownloader:Win32/Upatre
Norman : Upatre.FH
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Troj/Zbot-JFC
Symantec : Downloader.Upatre
TrendMicro : TROJ_INJECT.WJSP
====================================