Thursday, February 2, 2017

Service client : Sécuriser votrᥱ Cybᥱrplus ! (Phishing Banque Populaire)

Bonjour

Le département technique procède à une mise à jour de logiciel programmée de
façon à améliorer la qualité de nos services . Nous vous demandons avec
bienveillance de sécuriser votre Cyberplus .

21-01-2017 : Régulation de votre dossier en linge.

Nous vous remercions de votre confiance.
Cordialement
Conseil Clientèle.

Email analysis :

NOTE : noreply@nej.fr
Received : from 184.164.74.221

Phishing analysis :NOTE :

CLICK : http://opticaguadalquivir.es/puce
REDIRECT : http://www.tailors-hostel.com/gestion/txt/-/ilon/resf/Pages/
SCREENSHOT :

Microsoft account termination request in progress. (Microsoft Phishing, Swisscom Phishing, Directory listing)

Microsoft Security info

We received a message from you requesting for your account termination, please ignore this message if the request was from you. Your account would be deleted from our system in the next 24 hours.

(Note: All mails in your inbox, spam, draft, and sent items would be terminated, and access to your account would be denied.)

Click on cancel request if the message wasn't from you.

CANCEL REQUEST

Cancel the termination request to keep enjoying Microsoft!

Thanks,

The Microsoft account team.

Safety Certification Copyright © 2017 Microsoft

Phishing analysis :

SCREENSHOT :


CLICK : http://ow.ly/***
RESULT : A BASE64 is loaded in the url bar.
RESULT : data:text/html;base64,
SCREENSHOT :


RESULT : Microsoft phishing
CODE SOURCE ANALYSIS : form action="http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/result.php
NOTE : Another wordpress website hacked...
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/


RESULT : Repository of phishing.
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/bluewin


RESULT : Swisscom Phishing


GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/


RESULT : Microsoft phishing

GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/viko/


RESULT : Microsoft phishing

Mr.David Kamau

I am the final signatory to all foreign transfers of huge funds moving within banks both the local and international levels in line to foreign contracts settlement. I have before me the list of foreign contract payment files, which are due to be transferred to their nominated accounts. Meanwhile, we identified some of these accounts to be ghost accounts, unclaimed deposits and over invoiced sum etc. I wish to have a deal with you as regards to the unpaid fund. I have a file before me and hope the date's are correct and UN-tampered. As it is my duty to recommend the transfer of these surplus fund to the Federal Government Treasury and Reserve Accounts as unclaimed deposit. I have the opportunity to write you based on the instruction I received two days ago from the senate committee on contract payment/foreign debts to submit the list of payment reports expenditures and audited reports of revenues. Among several others, I have decided to remit the total sum of USD15.2 million following Mr.David Kamau.

Email analysis :

NOTE : mr.davidkamau1@yahoo.com
NOTE : mrdavidkamau1@gmail.com
NOTE : X-Rocketymmf : bsobeab
NOTE : Received : from [41.86.234.171]


NOTE : by web101604.mail.kks.yahoo.co.jp

Letter From Hospital

My Dearest One, This is Ms Mariam Mubarak Mustafa from Trinidad &Tobago. I am writing from the hospital in Ivory Coast, therefore this mail is very urgent, I am dying in the hospital which I don't know what tomorrow will be. I was told by my doctor that I was poisoned and has got my liver damaged

I have an orphan child, named Kofi Peter and $12.6 million Dollars I inherited from my late father, my step mother and her children are after Kofi because he knows about the poison,

Kindly get back to me

May Almighty God bless you and use you to accomplish my wish. Pray for me always.

Ms Mariam Mubarak Mustafa

Email analysis :

NOTE : mariam.n1883@gmail.com
NOTE : ceo.kofipeter1950@gmail.com
NOTE : X-Mailer : YahooMailWebService/0.8.111_70
NOTE : X-Rocketymmf : sk_44no
NOTE : Received : from [173.208.81.180]


NOTE : by web101201.mail.kks.yahoo.co.jp via HTTP