Sunday, June 5, 2016

Notification (Phishing Crédit Agricole)

Cher(e) Client(e) :
Nous tenons de vous informer que vous avez un nouveau message.
Pour consulter votre boite de messagerie cliquez sur le lien ci-dessous :

Cliquez ici

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.

Pour être sûr de recevoir nos e‑mails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Email screenshot :


Phishing analysis :

CLICK : Cliquez ici
OPEN : http://hemval.se/media
REDIRECT : http://103.200.5.135/c/0x0/
SCREENSHOT :


FILL : Postal code
CLICK : Arrow
REDIRECT : http://103.200.5.135/c/0x0/auth.php
SCREENSHOT :


CLICK : Confirmer
REDIRECT : https://www.credit-agricole.fr/

Email analysis :

NOTE : "CREDIT AGRlCOLE"@kiabi.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < kjhsSjd@kiabi.com >
NOTE : Received : from kiabi.com ([84.39.40.155])
NOTE : Received : by kiabi.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:Yasodm.php
NOTE : Message-Id : < *.*@kiabi.com >
NOTE : Notification
NOTE : Kiabi.com servers were used to relay this scam.

Update Your Information Account !! (eBay Phishing attempt)

eBay

Account ID: 0073621101

We have reason to believe that your eBay account has been used fraudulently without your permission. In addition, any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

To secure your eBay account, you need to:

1 - Login to your account.
2 - Verify the contact information.
3 - Update your payment informations and other stored information on your eBay account is correct.

For detailed instructions, please visit: www.ebɑy.com/help/account/securing-account-ID-0073621101.html

We appreciate your understanding and thank you for being part of our community.

Regards, eBay

Please don't reply to this message. It was sent from an address that doesn't accept incoming email.

Copyright © 2016.

Phishing analysis :

CLICK : www.ebɑy.com/help/account/securing-account-ID-0073621101.html
OPEN : https://www.secure-account-update-online.aloobein.ga/
REDIRECT : Phishing was removed...

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cpanel.hostnet.ge: authenticated_id: hostnet/only user confirmed/virtual account not confirmed
NOTE : Return-Path :
NOTE : X-Authenticated-Sender : cpanel.hostnet.ge: hostnet
NOTE : Received : from cpanel.hostnet.ge (cpanel.hostnet.ge. [212.72.155.189])
NOTE : Received : from hostnet by cpanel.hostnet.ge with local (Exim 4.87) (envelope-from < hostnet@cpanel.hostnet.ge >)
NOTE : Message-Id : < *@cpanel.hostnet.ge >
NOTE : smtp.mailfrom=hostnet@cpanel.hostnet.ge
NOTE : Update Your Information Account !!

Phishing attempt on bitcointalk email addresses

Greetings,

We know that some of you have accounts on bitcointalk.org and we wanted to let you know that a phishing attempt was made on bitcointalk email addresses earlier today.
If you received an email with the subject Mtgox.Claim assessment process, delete it and do not click on the link it contains! This email did not come from Kraken, but was spoofed to look as though it came from our support email (support@kraken.com).

We do not know how the bitcointalk email addresses were obtained, however the bitcointalk database has been compromised in the past. You can be assured that this incident was not the result of any breach in Kraken’s database and your personal information with Kraken is safe.

Even if you did receive the email, you are safe so long as you do not click on the link (just delete the email and you will be fine). If you did click on the link and are concerned about it, please contact us at: support@kraken.com.

Stay safe,

The Kraken Team

no-reply (Hameçonnage Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://comercialvans.com.mx/30
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/
SCREENSHOT :


CLICK : Accéder aux comptes

Screenshot :


CLICK : Vérifier
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/checked.html


REDIRECT : https://www.hellobank.fr/fr/espace-client

Email analysis :

NOTE : __Hellobank__@swd.nl
NOTE : binc@swd.nl
NOTE : X-Php-Originating-Script : 0:send.php
NOTE : Received : from swd.nl ([185.48.33.90])

Lisez votre messagew (Phishing Crédit Agricole) (Attempt)

Cher(e)dClient(e)dd

Lors de votre dérnier achats,vous avez été averti par un message vous informant de l'obligation d'adhérer à la
nouvelledréglementation conçernant la flabilité pour les achats pardC.Bdsur internet et de la mise en place d'un
arrêt pour vos futursdachats.
Or,nousfn'avons pas, cefjour,d'adhésionfdefvotrefpart et nousfsommes aufregret de vousdinformer que vous
pouvez plus utiliser votredcarte surfinternet

Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici

Cordialementggg

Copyright © 2016 Crédit Agricole

Copyright © 2016 A2 Hosting, All rights reserved.
You are receiving this email because you are an A2 Hosting Customer. If you don't wish to be on the Newsletter you can easily unsubscribe here or by controlling your contact options at My A2 Hosting.

Our mailing address is:
A2 Hosting
PO Box 2998
Ann Arbor, MI 48106

Add us to your address book
Quick Links

We're Hiring
My A2 Hosting
Open a Support Ticket
Affiliate Program - Earn $85!
Refer a Friend - Earn $50!
Review A2 Hosting!
Unsubscribe from this List Update Subscription and Notification Settings

Phishing analysis :

CLICK : Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici
OPEN : http://www.dong3.com.au/acces/
RESULT : Phishing is unresponsive

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.132.93])
NOTE : Received : by nice.fr (Postfix, from userid 33)
NOTE : NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Message-Id : < *.*@nice.fr >
NOTE : Lisez votre messagew

Lisez votre message! (Phishing Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://supportsinformation.com/hellobnk/
THE URL CHANGED TO :

data:text/html;base64,PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPiBzdHI9J0AzQ0A2OEA3NEA2REA2Q0AzRUAwQUAzQ0A2OEA2NUA2MUA2NEAzRUAwQUAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2OUA2NUA2RUA3NkA2NUA2RUA3NUA2NUAyMEA3M0A3NUA3MkAyMEA0M0A3OUA2MkA2NUA3MkA3MEA2Q0A3NUA3M0AzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAzQ0A3M0A3MEA2MUA2RUAzRUAzQ0A2Q0A2OUA2RUA2QkAyMEA3MkA2NUA2Q0AzREAyMkA3M0A2OEA2RkA3MkA3NEA2M0A3NUA3NEAyMEA2OUA2M0A2RkA2RUAyMkAyMEA2OEA3MkA2NUA2NkAzREAyMkA2OEA3NEA3NEA3MEA3M0AzQUAyRkAyRkA3N0A3N0A3N0AyRUA2OEA2NUA2Q0A2Q0A2RkA2MkA2MUA2RUA2QkAyRUA2NkA3MkAyRkA3MkA3M0A2M0AyRkA2M0A2RkA2RUA3NEA3MkA2OUA2MkAyRkA2OUA2REA2MUA2N0A2NUAyRkA2MUA3MEA3MEA2Q0A2OUA2M0A2MUA3NEA2OUA2RkA2RUAyRkA3N0A2MUA2Q0A2Q0A2NUA3NEAyREA0OEA0MkA1RkA2OUA2M0A2RkA2RUA2NUAyRUA3MEA2RUA2N0AyMkAyMEA3NEA3OUA3MEA2NUAzREAyMkA2OUA2REA2MUA2N0A2NUAyRkA3NkA2RUA2NEAyRUA2REA2OUA2M0A3MkA2RkA3M0A2RkA2NkA3NEAyRUA2OUA2M0A2RkA2RUAyMkAyMEAyRkAzRUAzQ0AyRkA3M0A3MEA2MUA2RUAzRUAwQUAwOUAzQ0A2REA2NUA3NEA2MUAyMEA2M0A2OEA2MUA3MkA3M0A2NUA3NEAzREAyMkA3NUA3NEA2NkAyREAzOEAyMkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2REA2NUA3NEA2MUAyMEA2OEA3NEA3NEA3MEAyREA2NUA3MUA3NUA2OUA3NkAzREAyMkA1OEAyREA1NUA0MUAyREA0M0A2RkA2REA3MEA2MUA3NEA2OUA2MkA2Q0A2NUAyMkAyMEA2M0A2RkA2RUA3NEA2NUA2RUA3NEAzREAyMkA0OUA0NUAzREA0NUA2NEA2N0A2NUAyMkAyMEAyRkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2MUA2RUA3MUA3NUA2NUAyMEA2NEA2OUA2N0A2OUA3NEA2MUA2Q0A2NUAyMEA0OEA2NUA2Q0A2Q0A2RkAyMEA2MkA2MUA2RUA2QkAyMUAyMOKAk0AyMEA2M0A2RkA2RUA2RUA2NUA3OEA2OUA2RkA2RUAyMEBFMEAyMEA2Q+KAmUA2NUA3M0A3MEA2MUA2M0A2NUAyMEA2M0A2Q0A2OUA2NUA2RUA3NEAzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAwOUAwQUAwOUAwOUAwQUAzQ0A3M0A3NEA3OUA2Q0A2NUAzRUAwQUAyQUAyMEAyMEAyMEAyMEAyMEAyMEA3QkA2REA2MUA3MkA2N0A2OUA2RUAzQUAzMEAzQkA3MEA2MUA2NEA2NEA2OUA2RUA2N0AzQUAzMEAzQkA3REAwQUA2OEA3NEA2REA2Q0AyQ0AwQUA2MkA2RkA2NEA3OUAyMEAyMEAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA2RkA3NkA2NUA3MkA2NkA2Q0A2RkA3N0AzQUA2OEA2OUA2NEA2NEA2NUA2RUAzQkA3REAwQUA3NEA2MUA2MkA2Q0A2NUAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3NEA2MUA2MkA2Q0A2NUAyREA2Q0A2MUA3OUA2RkA3NUA3NEAzQUA3M0A3NEA2MUA3NEA2OUA2M0AzQkAwQUA2MkA2RkA3MkA2NEA2NUA3MkAyREA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQUA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQkA3REAwQUA2OUA2NkA3MkA2MUA2REA2NUAyMEAyMEA3QkA2NkA2Q0A2RkA2MUA3NEAzQUA2Q0A2NUA2NkA3NEAzQkAyMEA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAyRUA2OEA2NUA2MUA2NEA2NUA3MkAyMEA3QkA2MkA2RkA3MkA2NEA2NUA3MkAyREA2MkA2RkA3NEA3NEA2RkA2REAzQUAzMUA3MEA3OEAyMEA3M0A2RkA2Q0A2OUA2NEAyMEAyM0AzMEAzMEAzMEA3REAwQUAyRUA2M0A2RkA2RUA3NEA2NUA2RUA3NEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAzQ0AyRkA3M0A3NEA3OUA2Q0A2NUAzRUAwQUAzQ0AyRkA2OEA2NUA2MUA2NEAzRUAwQUAzQ0A2MkA2RkA2NEA3OUAzRUAwQUAyMEAyMEAyMEAwQUAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2OUA2NkA3MkA2MUA2REA2NUAyMEA3M0A3MkA2M0AzREAyMkA2OEA3NEA3NEA3MEAzQUAyRkAyRkA3N0A3N0A3N0AyRUA2NEA2RkA2RUA2N0AzM0AyRUA2M0A2RkA2REAyRUA2MUA3NUAyRkA2OEA2NUA2Q0A2Q0A2RkAyRkAyMkAyMEA2NkA3MkA2MUA2REA2NUA2MkA2RkA3MkA2NEA2NUA3MkAzREAyMkAzMEAyMkAzRUAzQ0AyRkA2OUA2NkA3MkA2MUA2REA2NUAzRUAwQUAzQ0AyRkA2MkA2RkA2NEA3OUAzRUAwQUAzQ0AyRkA2OEA3NEA2REA2Q0AzRSc7IGRvY3VtZW50LndyaXRlKHVuZXNjYXBlKHN0ci5yZXBsYWNlKC9AL2csJyUnKSkpOyA8L3NjcmlwdD4=

SCREENSHOT :


CLICK : Accéder aux comptes

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.143.49])


NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Lisez votre message!

2016 International Conference Program

Dear Sir/Madam,

On behalf of the International Economic Development on Human Security and Terrorism Organization, I am pleased to invite you to our conference that will be held from August 15th to 19th, 2016 @ the conference place in Dallas Texas USA and August 22th-26th 2016 @ in Republic of Senegal. The conference meeting will contain various talks and mini workshops related to the issues of Challenges to Economic Development & Human Security in our society.

The topic of the conference is "The Effect of Terrorism on Global Economy and Human Security " the sponsors of this event shall cover your round-trip air tickets from your country to the USA and from USA to Republic of Senegal back to your country and we shall also provide visa assistance with the U.S Embassy in your country of residence and your ground transportation from the airport to the conference venue. The hotel accommodation booking cost will be your own responsibility. Please contact the conference secretariat for more information and registration for participation: [iedhsto.officedesk@gmail.com].

We look forward to your confirmed presence at the conference.

Respectfully Yours,
Dr. Happy Wisdom,
Program Assistant.

Email analysis :

NOTE : iedhsto.officedesk@gmail.com
NOTE : nitu@bajajcapital.com
NOTE : Return-Path : < nitu@bajajcapital.com >
NOTE : X-Originating-Ip : [41.83.40.40]


NOTE : Mime-Version : 1.0
NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (zclient/8.6.0_GA_1153)
NOTE : Thread-Topic : 2016 International Conference Program
NOTE : client-ip=220.227.158.213;
NOTE : Received : from zimbra.bajajcapital.com (mail.bajajcapital.com. [220.227.158.213])


NOTE : 2016 International Conference Program

[Mail (1)] Vous avez reçu un message : (Phishing Banque Populaire)

Bonjour,

Le département technique procéde à une mise à jour importante de logiciel programmée de facon à améliorer la qualité de nos services .

Nos vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer votre PassCyberPlus :

Confirmer votre PassCyberPlus

Nous vous remercions pour la confiance que vous acordez à nous et restons à votre disposition .

Cordialement,

Ceci est un troisiéme et dernier rappel nous vous invitant a accéder a votre formulaire dés que possible,

dans le cas contraire nous ne somme pas responsables des debit inhabituels sur votre compte

BANQUEPOPULAIRE

Phishing analysis :

CLICK : Confirmer votre PassCyberPlus
OPEN : http://eurotronic-arts.si/autocomplete
REDIRECT : http://livinggreenlandscaping.com/cli/pop1/index.php?id=25
NOTE : Phishing was removed...


Email analysis :

NOTE : _C_y_b_e_r_P_l_u_s@ovh.fr
NOTE : X-Mailer : PHP/5.3.10-1ubuntu3.23
NOTE : X-Php-Originating-Script : 0:zamailer.php
NOTE : [Mail (1)] Vous avez reçu un message :