Tuesday, October 20, 2015

ALERT!! COMPROMISED USER (Phishing)

Dear ***@gmail.com

Your EMAIL ACCOUNT HAS BEEN COMPROMISED. You must update it immediately or your account will be closed.

CLICK TO UPDATE [***@gmail.com]

We will not be responsible for any email hacking complains or email retrival malfunction if after this warning no response from you.

Mail Team

Phishing analysis :

CLICK : CLICK TO UPDATE [***@gmail.com]
OPEN : http://www.nowonindia.com/***/general?email=***@gmail.com

Domain analysis :

Domain Name: NOWONINDIA.COM
Registry Domain ID: 1871868589_DOMAIN_COM-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: www.bigrock.com
Updated Date: 2015-03-18T07:33:18Z
Creation Date: 2014-08-20T06:26:59Z
Registrar Registration Expiration Date: 2019-08-20T06:26:59Z
Registrar: BigRock Solutions Ltd
Registrar IANA ID: 1495
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: Selvakumar
Registrant Organization: N/A
Registrant Street: 3/43, 3 rd Street, 1 st Sector, K.K.Nagar
Registrant City: Chennai
Registrant State/Province: Other
Registrant Postal Code: 600078
Registrant Country: IN
Registrant Phone: +91.9790987181
Registrant Email: selvakumarinbox@gmail.com
Registry Admin ID:
Admin Name: Selvakumar
Admin Organization: N/A
Admin Street: 3/43, 3 rd Street, 1 st Sector, K.K.Nagar
Admin City: Chennai
Admin State/Province: Other
Admin Postal Code: 600078
Admin Country: IN
Admin Phone: +91.9790987181
Admin Email: selvakumarinbox@gmail.com
Registry Tech ID:
Tech Name: Selvakumar
Tech Organization: N/A
Tech Street: 3/43, 3 rd Street, 1 st Sector, K.K.Nagar
Tech City: Chennai
Tech State/Province: Other
Tech Postal Code: 600078
Tech Country: IN
Tech Phone: +91.9790987181
Tech Email: selvakumarinbox@gmail.com
Name Server: ns1.artwork.mysitehosted.com
Name Server: ns2.artwork.mysitehosted.com
DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse@bigrock.com
Registrar Abuse Contact Phone: +1-888-924-4762

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : cpanel710-mail.newmediaexpress.com designates 203.174.83.148 as permitted sender)
NOTE : authenticated_id: curtis@wantarengineering.com
NOTE : cpanel710-mail.newmediaexpress.com
NOTE : Received : from [91.108.176.111] (port=1169)
NOTE : by cpanel710-mail.newmediaexpress.com with esmtpa (Exim 4.86)
NOTE : client-ip=203.174.83.148;
NOTE : ALERT!! COMPROMISED USER

Attention,

Attention,

We have deposited the check of your fund($7.600`000`00USD)through MONEY GRAM department after our final meeting regarding your fund, All you will
do is to contact money gram director Mr. Peret Eze call +229 68554062 and Email:::::deliverycompany45@yeah.net He will give you direction on how you will be receiving the funds daily.Remember to send him your Full information to avoid wrong transfer such as,

Receiver's Name_______________
Address: ________________
Country: _____________
Phone Number: _____________

Though,Mr. Peret Eze has sent $6000 in your name today so contact Mr. Johnson Robert or you call him as soon as you receive this email and tell him to give you the reference, sender name and question/answer to pick the $6000 Please let us know as soon as you received all your fund,

Best Regards.

MONEY GRAM AGENT

Email analysis :

NOTE : jamesf.entwistl@aol.fr
NOTE : deliverycompany45@yeah.net
NOTE : User-Agent : SquirrelMail/1.4.20
NOTE : 208.118.71.10 (hosted.westworld.ca)
NOTE : Received : from 41.216.50.143
NOTE : (SquirrelMail authenticated user rudy)
NOTE : by 208.118.71.10 with HTTP;