Saturday, August 19, 2017

BARCLAY,S BANK PLC,UK ( Scam )

KJHGFDDFGHJKLKJHGF
BARCLAY,S BANK PLC,UK
1 Churchill Place,
London, E14 5HP
Tel: (352) 437-8240
From The Desk Of:
Mr. Jimmy Johnson
Email(justiciaclient@gmail.com)

Attention,

I am Mr. Jimmy Johnson from Barclays Bank PLC,UK. we had just formed a new forum which is the newly inaugurated World Debt Recovery committee (WDRC). My committee has a mandate to recover unpaid debts associated with NNPC contracts, Lottery fund, inheritance fund, loans and grants etc ranging from $1M-$95.5M owed to various beneficiaries and companies across the globe (Asia, Europe, USA, Africa, and Australia) and submit the list of the unpaid beneficiaries/companies to the 2 appointed official paying Banks for immediate payment of the fund. In the course of our investigation, your email address/particulars were shortlisted among the first fifteen individuals yet to be paid hence this email. However, we received a petition today from one Mrs. Christina Morgan that you are dead. According to her, you died in a plane crash as such your fund should be paid to her as the apparent heir. She has also submitted her Bank account with Bank of America for the transfer of the fund to her. To avoid undue delay or paying the fund to wrong individual/beneficiary, we have decided to contact you for confirmation. If we fail to hear from you after 72 hours, it will be assumed that the petition of Mrs. Morgan is true and the fund will be paid to her without further delay. Therefore, We would like you to choose below your choice of fund transfer:

(A) Bank Transfer/Online Banking
(B) Certified Bank Draft/Cheque
(C) ATM Card
(D) Consignment

Your full personal information is also required as below which will be needed for the transfer of your fund.

(A) Full name and residential address
(B) Next of kin
(C) Occupation
(D) Nationality
(E) Bank Account Information
(F) Telephone numbers
(G) Scan the first page of your international passport or drivers license, recent passport photograph, send all via email attachment.

Email(justiciaclient@gmail.com)

Your urgent response is always required because you have a limited time to execute this fund. be free to call us any time for more information.

Sincerely Yours
Mr. Jimmy Johnson

Email analysis :

NOTE : client-ip=92.61.41.40;


NOTE : X-Originator-Ip : 41.86.234.171


NOTE : justiciaclient@gmail.com
NOTE : User-Agent : Roundcube Webmail/0.4.2
NOTE : Return-Path : < shadowmagic222@one.lt >
NOTE : Organization : Mr. Jimmy Johnson
NOTE : Mime-Version : 1.0
NOTE : X-Php-Originating-Script : 502:func.inc
NOTE : BARCLAY,S BANK PLC,UK

Your fund has been discovered (Scam from a zombie server)

Hello,
My name is Frank. I am a top-exec in a global bank here in Asia. I have an offer for you that will greatly benefit us both if we work together. Please, do get in touch with me so I can explain more about the deal.
Cordially,
Frank

Email analysis :

NOTE : p.pproject@outlook.com
NOTE : test@rachatcredits.ovh
NOTE : X-Ovh-Remote : 213.186.33.59 (b9.ovh.net)
NOTE : Mime-Version : 1.0
NOTE : Content-Description : Mail message body
NOTE : client-ip=91.121.204.118;


NOTE : helo=ns336204.ip-91-121-204.eu;
NOTE : Received : from [51.254.235.99] (ip99.ip-51-254-235.eu [51.254.235.99])


NOTE : by ns336204.ip-91-121-204.eu (Postfix)
NOTE : Rép :
NOTE : Scam from a zombie server hosted on OVH.

Votre demande d'ahésion ! (Phishing Société Générale)


vos information
SG

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < noreply@tix.fr >
NOTE : X-Sender-Info : < 349043243@infong732.kundenserver.de >
NOTE : Received : from mout.kundenserver.de ([212.227.126.133])
NOTE : Received : from infong732.kundenserver.de (infong732.kundenserver.de [212.227.29.55])
NOTE : by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis)
NOTE : Received : from 62.210.15.181 (IP may be forged by CGI script)
NOTE : by infong732.kundenserver.de
NOTE : Votre demande d'ahésion !

Phishing analysis :

CLICK : SG
OPEN : x-webdoc://***
OPEN : SOURCE CODE
EXTRACTED : http://apalomino.com/calson/ - http://peinturesdusud-avignon.com/sec
EXTRACTED : cyberzoide@multimanoi.com_body
OPEN : http://apalomino.com/calson/
REDIRECT : http://cubiertasbarcelona.es/eteg/nera/
SCREENSHOT :


Impacted services :

Relay : kundenserver.de
Open Redirect : apalomino.com
Phishing hosted on : cubiertasbarcelona.es
Victim : Société Générale