Urgent ! (Phishing Banque Populaire)

Bonjour,

Le département technique procède à une mise à jour 2016 de logiciel, programmée de façon à améliorer
la qualité de nos services.
Nous vous demandons avec bienveillance de procéder à la mise à jour en cliquant sur le lien ci-dessous et
de sécuriser votre PassCyberPlus:

ACCÉDER À MES COMPTE

Nous vous remercions pour la confiance que vous nous accordez et restons à votre disposition.

Cordialement
Directeur de la relation clients

Si vous ne voulez plus recevoir ce message automatique, connectez-vous à votre espace employeur et modifiez l'option de rappel de déclaration dans la rubrique

Email screenshot :

Email analysis :

NOTE : asadadass@bil.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < asadadass@bil.com >
NOTE : Received : from bil.com ([84.39.33.123])
NOTE : Received : by bil.com
NOTE : X-Php-Originating-Script : 0:xroot.php
NOTE : Urgent !

Phishing analysis :

CLICK : ACCÉDER À MES COMPTE
OPEN : http://shop.longavita-ug.ru/LICENSE/pop/
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php
SCREENSHOT :

CLICK : OK
REDIRECT http://personalcolor.co/facebook/pop/*/index.html
SCREENSHOT :

CLICK : VALIDER
REDIRECT : http://personalcolor.co/facebook/pop/*/login.php
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php

ATTENTION BENEFICIARY,

WE THE WESTERN UNION REMMITTING OFFICE WERE HEREBY WRITE TO INFORM YOU THAT WE HAVE ALREADY SENT YOUR FULL COMPENSATION PAYMENT OF $6.800,000.00 TO YOU THROUGH WESTERN UNION, YOU WILL BE RECEIVING 10.000.00USD PER DAY, AND WE HAVE SEND THE FIRST PAYMENT TO YOU. SO CONTACT OUR DIRECTOR Dr.Peter Anthony AND ASK HIM TO GIVE YOU THE WESTERN UNION PAYMENT INFORMATION SO THAT YOU CAN BE ABLE TO PICK UP YOUR FUNDS THROUGH WESTERN UNION WITHOUT ANY PROBLEM.

CONTACT HIM WITH THE BELLOW INFORMATION.
(unionw633@gmail.com)
PHONE NUMBER (+22999165308)
AND CONTACT HIM WITH YOUR FULL INFORMATION.

Your name............
country.... ..........
phone ...........
address...............
city..........
age..................
sex..................

CALL OR EMAIL HIM NOW SO THAT HE CAN PROVIDE THE WESTERN UNION INFORMATION TO YOU AS SOON AS YOU CAN.

Thanks and Remain Blessed John Paul.
From WESTERN UNION.
YOUR FIRST PAYMENT THROUGH WESTERN UNION.

Email analysis :

NOTE : unionw633@gmail.com
NOTE : officefile112016@tochka.net
NOTE : dvmail.tochka.net (imap.tochka.net. [91.207.122.195])
NOTE : client-ip=91.207.122.195;

عاجل جدا

900،000 دولار أمريكي تمنح لك من قبل شركة شيفروليه. إرسال الاسم والعنوان والهاتف المحمول والجنسية عن طريق: chevroletcompany 34@gmail.com

Email analysis :

NOTE : chevroletcompany34@gmail.com
NOTE : botrach.qbh@moj.gov.vn
NOTE : Return-Path : < botrach.qbh@moj.gov.vn >
NOTE : X-Originating-Ip : [10.28.30.60]
NOTE : Mime-Version : 1.0
NOTE : X-Mailer : Zimbra 7 (zclient/7)
NOTE : Message-Id : < *-*@mail.moj.gov.vn >
NOTE : client-ip=203.113.130.106;

NOTE : Received : from Internal Mail-Server by Mail-SeCureOUT
NOTE : (envelope-from botrach.qbh@moj.gov.vn)
NOTE : Received : from mail.moj.gov.vn (mail1.moj.gov.vn [10.28.30.68])
NOTE : by mail.moj.gov.vn (Postfix)

What is moj.gov.vn ?

- MOJ is the Vietnamese Ministry of Justice.
- The server of the Vietnamese Ministry of Justice was used to relay this scam.
- Account : botrach.qbh

DRINGEND

Hallo Freund,

Mein Name ist Herr Richard Cody ich mit einer der führenden Banken hier in London, UK arbeiten. Ich würde benötigen, um Ihre Zustimmung an Sie als nächsten Angehörigen unserer späten Kunden zu präsentieren, die während des 11. März 2011 Erdbeben-Katastrophe in Japan gestorben. Er war ein reicher Geschäftsmann, der £ 38.000.000,00 (achtunddreißig Millionen britische Pfund) in unserer Bank hinterlegt. Er starb ohne nächsten Angehörigen registriert, wie er lange war geschieden und hatte kein Kind.

Ich war sein Konto Offizier und habe in meinem Besitz alle erforderlichen Unterlagen Sie als seine Nutznießer nächsten Angehörigen zu präsentieren. Ich kontaktierte Sie, weil Sie gleichen Namen Identität mit unserer späten Client und kann perfekt passen als nächsten Angehörigen, wir können zusammenarbeiten, diesen Fonds zu erreichen. Bitte hören Sie, das ist real und geht in Banken auf der ganzen Welt ohne Menschen zu kennen. Lassen Sie uns diese Gelegenheit nutzen, weil es nicht immer kommt.

Viele Kunden öffnen private Konten bei verschiedenen Banken ohne das Wissen ihrer Familien und wenn sie sterben, wird dieses Geld an die Bank verloren, es sei denn, jemand Anspruch kommt. Dies ist, wie viele Bankdirektoren so viel Geld silently.On Bestätigung dieser Meldung machen und Ihr Interesse angibt, werde ich Ihnen weitere Informationen zu liefern.

Bitte bemühen Sie mich mit der folgenden zur Verfügung zu stellen, damit wir in Details zu diskutieren:

1) Handy-Nummern:
2) Vollständiger Name:
3) Kontaktadresse und Beruf:

Ich dringend hoffen, Ihre Antwort zu bekommen, so bald wie möglich durch meine private E-Mail: (richardcody7@outlook.com).

Dein,

Herr Richard Cody.

Email analysis :

NOTE : richardcody7@outlook.com
NOTE : richardcody.1@hotmail.com
NOTE : client-ip=65.55.90.107;
NOTE : Received-Spf : SoftFail (protection.outlook.com:
NOTE : domain of transitioning hotmail.com discourages
NOTE : use of 25.152.0.52 as permitted sender)
NOTE : 25.152.0.52

Bonsoir très cher (e)

Bonsoir très cher (e)

Je suis Mr André ROY, ancien militaire en retraite. Durant ma carrière de militaire, je reconnais devant le seigneur créateur du Ciel et de la terre d'avoir effectué des trafics illégaux dans le domaine du trafic de drogue et des armes. En ce moment-là, tous mes virements bancaires se faisaient sur mon compte bancaire dans un Pays de l'Afrique de l'Ouest. Je suis maintenant frère Archevêque Métropolitain et Primat de France de l'Église catholique.

Mais suite à mon état critique dû au cancer du poumon et dont je serai en phase terminale, il m'a été conseillé par l'un des frères de mon église après confession de faire une charité avec une grande partie de ce fonds dont je dispose dans cette banque à de différentes personnes dans presque tous les pays du monde afin que le seigneur pardonne mes péchés, puisque je ne saurai pas dépenser toute cette fortune en moins d'un an. J’ai obtenu votre mail par le logiciel contact Express 2016 le moteur de recherche des adresses mail pour que vous puissiez bénéficier gratuitement d'un montant de 800.000 € (Huit Cent mille euros). Au nom du seigneur créateur du ciel et de la terre, cette somme vous aidera à régler une bonne partie de vos problèmes financiers. Dites-vous que vous ne courrez aucun risque en acceptant cette donation de ma part, car mes fonds déposés dans cette banque sont en toute sécurité et sont enregistrés entend que fonds légaux avec tous les documents à l'appui grâce à mon Avocat de ce Pays. Alors si vous pensez rentrer en possession de ces fonds, veuillez bien contacter mon notaire pour faire la réclamation de ce don afin qu'il vous fasse suivre les procédures afin que le chèque de Banque soit établi à votre nom.

Nom du notaire : VIGNON ROBERT

E-mail du notaire : cabinetvignon@hotmail.com

Site Web : cabinetvignon.onlc.fr

Merci d'avance de votre compréhension

Mr André ROY

Email analysis :

NOTE : kaselionel28@hotmail.com
NOTE : Received : from blu004-omc4s13.hotmail.com (65.55.111.152)
NOTE : Received : from BLU179-W28 ([65.55.111.137]) by BLU004-OMC4S13.hotmail.com

Norply

Your Account Will Be Closed !

Dear Customer,

We have noticed that some data from your account information seems inaccurate or unverified. You have to check your information in order to continue using our service smoothly. We need a little bit more information about you to help confirm your identity. Now check the account informations that belongs to you !

Update My Informations

Email screenshot :

Email analysis :

NOTE : Norply@cp2.tarhely.pw
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cp2.tarhely.pw:
NOTE : authenticated_id: bunmegelozesbeke/primary_hostname/system user
NOTE : Return-Path : < bunmegelozesbeke@cp2.tarhely.pw >
NOTE : X-Authenticated-Sender : cp2.tarhely.pw: bunmegelozesbeke
NOTE : X-Php-Script : www.bunmegelozesbekesmegye.hu/mangusta/upload/img/php.php
NOTE : for 105.105.26.151

NOTE : Received : from tomtech.hu (tomtech.hu. [185.112.156.244])
NOTE : Received : from bunmegelozesbeke
NOTE : by cp2.tarhely.pw with local (Exim 4.87)
NOTE : (envelope-from < bunmegelozesbeke@cp2.tarhely.pw >)
NOTE : Norply

Phishing analysis :

CLICK : Update My Informations
OPEN : http://www.handicraftdesignbank.in/upload/products/He/service/manage
RESULT : Phishing is unresponsive.

INVITATION TO ATTEND WORLD PEACE FOUNDATION (I.W.P.F) 2016

Dear Sir/Madam,

The International World Peace Foundation Conference (I.W.P.F) is pleased to invite you to participate in the forth-coming International Conference on Human Trafficking, Child Abuse, HIV/AIDS. Racism and Human Right.This event will commence from August 1st- 5th 2016 in California, United State of America and August 8th-12th to 2016 in Republic of Senegal. I am honored to invite you to attend these events as my guest.

For more details and requirements for your registration,

kindly contact the secretary Mrs Miret Johnson via E-mail:(secretary.info91@gmail.com)

Also feel free to contact me if you need any further details related to these events. Endeavor to inform the secretary that you were invited to participate by me (Ms.Isabella William)a staff member of the World Peace Foundation Conference. Note that the Organizing Committee and Our donor sponsors will take the full responsibility of all registered participants visa processing for the United States & Republic of Senegal respectively. That will include your Round trip air tickets to both events. While delegates will only be responsible for confirming their Hotel accommodation in Republic of Senegal where the second phase of the event will take place. I do hope you can make time in your busy schedule to attend these conferences and share your ideas on the listed topic above. Kindly keep me informed via (isabellawilliam91@outlook.com) if you will be able to make it to attend the events.


Thanks
Ms.Isabella William
The International World Peace Foundation Conference (I.W.P.F)
Los Angles, California
United State of America

Email analysis :

NOTE : rpriyanka@bajajcapital.com
NOTE : isabellawilliam91@outlook.com
NOTE : X-Originating-Ip : [41.82.33.17]

NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (ZimbraWebClient - FF46 (Win)/8.6.0_GA_1153)
NOTE : Received : from zimbra.bajajcapital.com (zimbra.bajajcapital.com [132.0.0.3])

NOTE : by zimbra.bajajcapital.com

Very Urgent (Chevrolet Scam)

900,000 usd award to you by chevrolet company. send name, address, mobile and nationality via:

Email analysis :

NOTE : chevrolet@zcs-mta01.apf.asso.fr
NOTE : company@zcs-mta01.apf.asso.fr
NOTE : chevroletcompany34@gmail.com
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < prvs=*=chevrolet@zcs-mta01.apf.asso.fr >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at zimbra.apf.asso.fr
NOTE : Authentication-Results : 46.228.131.242 is neither permitted nor denied
NOTE : Content-Description : Mail message body
NOTE : Message-Id : < *.*@zcs-mta01.apf.asso.fr >
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Antivirus : avast! (VPS 160603-1, 06/03/2016), Outbound message
NOTE : Content-Type : text/plain; charset="iso-8859-1"
NOTE : client-ip=46.228.131.242;
NOTE : Received : from FSMSG0548.sp.f-secure.com
NOTE : (fsmsg0548.sp.f-secure.com. [46.228.131.242])

NOTE : Received : from mx-out.apf.asso.fr (mx-out.apf.asso.fr [213.152.3.213])
NOTE : Received : from zcs-mta01.apf.asso.fr (zcs-mta01.apf.asso.fr [192.168.101.125])
NOTE : by mx-out.apf.asso.fr (Postfix)

NOTE : Received : from USER-PC.zuku.co.ke (unknown [196.207.187.23])

NOTE : by zcs-mta01.apf.asso.fr (Postfix)
NOTE : Very Urgent

FROM C.B.P {TREAT AS URGENT}!!

U.S. Customs and Border Protection
1300 Pennsylvania Ave NW, Washington, DC 20229,
United States.

Urgent Attention: Beneficiary,

I am Assistant Commissioner Kevin K. McAleenan head of Field Operations (OFO) of the U.S. Customs and Border Protection (CBP). We have just intercepted and confiscated two trunks at John F Kennedy International Airport in New York, NY 11430 coming from a foreign country. We crosschecked the content of the boxes and found it contained a total sum of $4.1 million dollars. Also with one of the trunks were documents with your name as the receiver of the money. As we progressed in our investigations of the Diplomat which accompanied the trunks into the United States we learned that he was to deliver these funds to your residence as payment of an inheritance/winning, which was due to you. Further checks on the consignment, we found out that the consignment paperwork lacked the PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE forms. We then confiscated both trunks and released the Diplomat.

The trunks According to section 229 subsection 31 of the International, Commerce Regulators Code Enforcement Guidelines, your consignment lacks PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE from the joint team of Homeland Security and therefore you must contact us for direction on how to procure the two certificates, so that you can be relieved of the charges of evading tax which is a jail offense under section 12 subsection 441 of the Tax Code. We will also be asking the IRS to launch an investigation of money laundering if you do not follow our instructions.

You are therefore required to contact me within 72 hours, at that point I will walk you through the process of clearing and claiming the money.

Failure to comply may lead to your arrest, interrogation and/or you being prosecuted in the Court of Law for tax evasion and or money laundering. You are also advised not to contact any bank in Africa, Europe or banking institution.

Yours in service,
Kevin K. McAleenan
Head of Field Operations (OFO),
U.S. Customs and Border Protection (CBP)

Email analysis :

NOTE : kevin@uscbp.com
NOTE : postmaster@gmx.net
NOTE : Received : from [222.124.18.76] (helo=fm1.smtp.telkom.net)

NOTE : by smtp-out091-sv3.telkom.net with esmtps
NOTE : Received : from User (74.subnet222-124-201.astinet.telkom.net.id [222.124.201.74]

NOTE : (may be forged)) by fm1.smtp.telkom.net

RE: TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA

MY NAME IS MR.FRANK .E RYAN OF TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA. I AM SENDING THIS PRIVATE EMAIL BASED ON THE CONFIDENTIALITY OF THE TRANSACTION. PLEASE, I WILL LIKE TO ADVISE; IF AFTER GOING THROUGH MY PROPOSAL AND YOU DO NOT ACCEPT IT, KINDLY KEEP IT TO YOURSELF.

AS OF THIS MOMENT, I AM STILL IN SERVICE WITH THE AB GHANA. AND I WILL NOT BY ANY MEANS LIKE TO LOSE MY JOB, SO IF YOU ARE NOT INTERESTED, KEEP THIS TO YOURSELF. I HAVE PUT IN OVER 23 YEARS IN THIS BANK BUT I DO NOT HAVE ANYTHING TO SHOW FOR IT. THIS IS JUST MY OPPORTUNITY TO MAKE SURE THAT I GIVE MY CHILDREN A DECENT TRAINING SINCE MY GOVT WHICH IS CORRUPT HAS REFUSED TO TAKE CARE OF ITS RESPONSIBILITY. INFANT I AM SICK AND TIRED OF EVERYTHING HERE AND I NEED TO GET OUT. I FOUND OUT THAT YOU ALMOST MET ALL THE STATUTORY REQUIREMENTS IN RESPECT OF YOUR PAYMENT. PLEASE BE EQUALLY ADVISED THAT NO SECURITY COMPANY IN AFRICA CAN HANDLE YOUR CONTRACT PAYMENT/INHERITANCE FUND WITH ANY BANK WITHOUT THE INSTRUCTIONS OF THE AFI BANK, YOUR PROBLEM IS THAT OF INTEREST GROUP IN THE FEDERAL MINISTRY OF FINANCE THAT IS SUPPOSED TO ORDER TRANSFER OF YOUR FUND WITH THE APPROVAL OF THE AB. A LOT OF PEOPLE ARE INTERESTED IN YOUR PAYMENT AND THAT EXPLAINS WHY YOU RECEIVE EMAILS AND PHONE CALLS FROM DIFFERENT PEOPLE EVERYDAY, THEIR WHOLE GAME PLAN IS TO FRUSTRATE YOU; IN-ORDER FOR YOU TO ABANDON THE PAYMENT AND THEN, THEY WILL BE COMFORTABLE AND BE FREE ENOUGH TO TRANSFER THE FUNDS INTO THEIR OVERSEAS ACCOUNT. THEIR AIM AND TARGET IS NOT THE MONEY YOU ARE GIVING THEM BUT TO FRUSTRATE YOU, HENCE, YOU HAVE LOST TRUST ON WHOM TO BELIEVE TO BE GENUINE. I CAN ASSURE YOU THAT THIS MAY LAST FOR YEARS, YET NOTHING HAPPENS,TO SUM IT UP, I WISH TO ASSURE YOU THAT WITH MY POSITION HERE IN THE TELEX DEPARTMENT, I CAN PUNCH THE COMPUTER AND CREDIT YOUR ACCOUNT STRAIGHT, I CAN ACCOMPLISH THIS UNDER FIVE WORKING DAYS, BUT WE HAVE TO REACH AN AGREEMENT. FIRST OF ALL, YOU HAVE TO LET ME KNOW HOW MUCH YOU WILL GIVE ME AT THE CONSUMMATION OF THIS DEAL. FINALLY, YOU WILL HAVE TO ACCEPT TO KEEP THIS TRANSACTION STRICTLY CONFIDENTIAL IF YOU ACCEPT MY PROPOSAL, KINDLY GET BACK TO ME IMMEDIATELY ON MY PRIVATE MAIL ADDRESS (frankryanbb@outlook.com) AND CONFIRM YOUR PARTICULARS ON REPLY.

REGARDS,

MR.FRANK RYAN
+233-541863101

Email analysis :

NOTE : frankryanbb@outlook.com
NOTE : FRANKMORGAN@AFRIBANK.COM.GH
NOTE : Received : from User (76-8-85-59.dbshosting.com [76.8.85.59])
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : by bsmtpd at dbshosting.com
NOTE : Authentication-Results : 76.8.85.230
NOTE : X-Priority : 3
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Barracuda-Connect : 76-8-85-59.dbshosting.com[76.8.85.59]

NOTE : Content-Type : text/plain; charset="Windows-1251"

Kindly respond for more detail

Am Gen John W Nicholson Jr. i am with the us army in Camp Abu Naji / FOB Garry Owen (Al Amarah)I need your assistant to move some funds out of Iraq.Kindly respond for more detail

Email analysis :

NOTE : Return-Path :
NOTE : X-Originatingip : 105.225.245.50 (printing)
NOTE : Mime-Version : 1.0
NOTE : smtp.mailfrom=Gen_John@us.army.mil
NOTE : Message-Id : < *.*@mgip.com >
NOTE : X-Mailer : OpenWebMail 2.53
NOTE : X-Col-Mta : smtp.colbd.com
NOTE : X-Col-Mta : dhs01.colbd.net
NOTE : Content-Type : text/plain; charset=utf-8
NOTE : Received-Spf : client-ip=202.65.168.39;
NOTE : Received : from mta.colbd.net (mta.colbd.net. [202.65.168.39])
NOTE : Received : from dhs01.colbd.net (mailx.regentfashion.com [202.65.168.44])
NOTE : Received : from mail.superknittingbd.com (mail.superknittingbd.com [202.65.169.46])
NOTE : Received : from superknittingbd.com (localhost [127.0.0.1] (may be forged))
NOTE : by mail.superknittingbd.com (8.14.4/8.14.4)
NOTE : Kindly respond for more detail

Please Act Accordingly

Dear Beneficiary,

I am Jacob J. Lew, Secretary of the Treasury under the U.S. Department of the Treasury. You can get more details about me here;

https://en.wikipedia.org/wiki/Jack_Lew

At the recently concluded meeting with the World Bank and the United Nations, an agreement was reached between both parties for us to settle all outstanding payments accrued to individuals/corporations with respect to local and overseas contract payment, debt re-scheduling and outstanding compensation payment. Fortunately, you have been selected alongside a few other beneficiaries to receive your own payment of $1.5million (One Million five hundred thousand United States Dollars only). We have been notified that you are yet to receive your fund valued at $1.5million This money will now be transferred to your nominated bank account. You are advised to kindly reply this email with the below details enclosed to help us process your payment;

(1) Full Names:
(2) Residential Address:
(3) Country of Residence:
(4) Age:
(5) Phone/Cell Number:
(6) Occupation:

Yours faithfully,

Jacob J. Lew
Secretary of the Treasury
(U.S. Department of the Treasury)

Note: The information contained in this e-mail is private & confidential and may also be legally privileged. If you are not the intended recipient, please notify us, preferably by e-mail, and do not read, copy or disclose the contents of this message to anyone.

Email analysis :

NOTE : info@usa.gov
NOTE : mrjacklew74@gmail.com
NOTE : X-Authenticated-Sender : vps.massautocomponents.com: info@massautocomponents.com
NOTE : X-Get-Message-Sender-Via : vps.massautocomponents.com:
NOTE : authenticated_id: info@massautocomponents.com
NOTE : Received : from [167.88.9.70] (port=54680 helo=User) by vps.massautocomponents.com