Dear friend (Email Leak)

Dear friend

Good morning my dear and how wre you doing today. I am koffi .sidonie.and I hereby write this email to you with great sorrow in my heart and heavy tears in my eyes simply because my late father relative here have tried several times to kill me so that the can inherit my late father properties as I am my parent only child. As a result of this development,I went to the bank here where my late father deposited this money and explained about my situation to the bank director which he promised to help me with this transfer as soon as I can find someone who can help me secure it after receiving it in his or her bank account because I will also relocate to the person's country to continue my education and also start a new life as I dont have any other family member this place who cares for me.

The total money in question is USD $8.3 million dollar and i will provide you with other informations once you indicate your willingness.

Best Regards,
Miss koffi .sidonie

Email analysis :

NOTE : jennetteome15@daum.net
NOTE : Received : from wwl1737.hanmail.net ([117.52.3.197])
NOTE : X-Originating-Ip : [41.207.16.195]

Email leak :

endofpainspelltemple@gmail.com, drlugardendofpainspelltemple@yahoo.com, gustorresbig@gmail.com, gurushackers@outlook.com, hacklord20@gmail.com, joseph.l.meeker@gmail.com, sharonysmithy@gmail.com, amarice51@gmail.com, ch.goldschmidt@ollech-immobilien.ch, claire.george35@gmail.com, dorismorgan08@gmail.com, xxhypodermiaxx@gmail.com, edutwtw@gmail.com, okusisiokusisi2040@gmail.com, disgaifuchs@tutanota.com, newyorkrichlife@gmail.com, rebeccacourtney08@gmail.com, greatsukusolutiontemple@gmail.com, maryrobin08@yahoo.com, lizincedric76@gamail.com, herbalhealeracademy1@gmail.com, rosariothomas17@gmail.com, ricksimpsoncannabis@gmail.com, jeffjohn2653@gmail.com, joetheplumber529@gmail.com, jonathanwalker121@gmail.com, martinmcpherson1980@gmail.com, johanna@dollsdancers.fi, samplejanice0@gmail.com, zeusethicalhacker@gmail.com, zeusethical@gmail.com, klaus.apfelstrudel.von@gmail.com, Carloscafe@mail.com, jbankwater@gmail.com, juicer112@gmail.com, jebacarkecompany@wp.pl, jebacarkecompaty@wp.pl, Carloscafe@mailinator.com, jennifertull1@gmail.com, christheawesome46@gmail.com, davidhartman48@outlook.com, dschrute391@gmail.com, obasolutionhome@gmail.com, dannysauron1@gmail.com, burtmacklin9000@hotmail.com, Ehicarespellhelp@gmail.COM, katierose08888@gmail.com, danielandersonprivate@gmail.com, barrykrunt@gmail.com, stanleyphillips623@gmail.com, CANDOVALOVESPELL@GMAIL.COM, lauralbert24@gmail.com, obrawkins.nathan@gmail.com, monicaspiritualtemple@gmail.com, ogunspiritualspelltemple@gmail.com, supersolutionhome1@gmail.com, supersolutionhom@yahoo.com, alexiskimberly2010@gmail.com, osesespelltemple@gmail.com, out..drofemospelltemple@gmail.com, franknelson079@gmail.com, randywilsonCEO@gmail.com, azuumaspelltemple@gmail.com, Azuumaspelltemple@mail.com, osesespelltemple@gmaill.com, doeaf01@yahoo.com, neways103@hushmail.com, tomkelvin40@gmail.com, jessybrown223@gmail.com, richiejack@gmail.com, dr.eveherbeshome@gmail.com, sandra4@yahoo.com, adodalovespelltemple@gmail.com, turokmeceno12345@gmail.com, Ologbotemple@gmail.com, emilylukeman@gmail.com, andyjohnsonz10@gmail.com, dr.okijaspellshrine@hotmail.com, annabelpeterson73@gmail.com, jjroger74@hotmail.com, diannafaber52@gmail.com, sharrongreg81@gmail.com, ehigraceherbalcurecenter@gmail.com, ehigraceherpescure@gmail.com, justcallmeminty@gmail.com, fastatmcardmachine@gmail.com, startechblankatmhackers@outlook.com, beniyhachris19@gmail.com, papapowerfultemple10@gmail.com, sandramark799@gmail.com, comments@your-views.co.uk, helenaadamsp@gmail.com, babaagbasolutiontemple@gmail.com, salobaspiritualtemple@gmail.com, sadikcardhackers.us@gmail.com, dincrediblehackers@gmail.com, cybercrack227@gmail.com, ultimatespellcaster0@gmail.com

Emirates NBD Dubai!!!

Greetings from U.A.E to you My Dear friend,

How are you doing today hope I met you in good health?

I am Mr.Abdulla Qassem Group Chief Operating Officer of Emirates NBD Dubai. I have a business matter of great importance proposal worth of $30,000,000.00 (Thirty Million United State Dollars) for you that has to do with your name. reply urgently for details

Have a nice day and God bless. Anticipating your prompt response.

Regards.

Abdulla Qassem.
Group Chief Operating Officer of Emirates NBD Dubai.

Email analysis :

NOTE : Emirates NBD Dubai!!!
NOTE : che_qassem626@outlook.com
NOTE : hedler.gebaeudereinigung@gmx.de
NOTE : client-ip=82.165.159.41;

NOTE : Received : from LENOVO-PC ([38.95.108.246])

NOTE : by mail.gmx.com (mrgmx103)

Lisez votre nouveau message. (Phishing Hello bank)

Bonjours,

Suite au double payement d'une facture par erreur sur votre compte.
 veuillez completer votre formulaire de remboursement,
 Pour consulter, Veuiller cliquez sur le lien ce-dessous :
Lisez votre message

Nous vous remercions de votre confiance.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Email analysis :

NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@blcart.com >
NOTE : Received : from blcart.com ([188.166.166.99])
NOTE : Received : by blcart.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:g.php
NOTE : Message-Id : < 20160704070443.B634F120214@blcart.com >
NOTE : Lisez votre nouveau message.

Phishing analysis :

CLICK : Lisez votre message
OPEN : http://www.objets-sante-securite.com/localization/aa.php
NOTE : base64 url...

data:text/html;https://www.hellobank.fr/fr/espace-client;base64,PFNjcmlwdCBMYW5ndWFnZT0nSmF2YXNjcmlwdCc+DQo8IS0tINiq2LTZgdmK2LEgQW0zUmVmaC5Db20gLS0+DQo8IS0tDQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgnJTNDJTY4JTc0JTZEJTZDJTNFJTNDJTY4JTY1JTYxJTY0JTNFJTNDJTJGJTY4JTY1JTYxJTY0JTNFJTNDJTYyJTZGJTY0JTc5JTNFJTBBJTA5JTNDJTc0JTY5JTc0JTZDJTY1JTNFJTQyJTYxJTZFJTcxJTc1JTY1JTIwJTY0JTY5JTY3JTY5JTc0JTYxJTZDJTY1JTIwJTQ4JTY1JTZDJTZDJTZGJTIwJTYyJTYxJTZFJTZCJTIxJTIwJUUyJUFDJTFDJTIwJTYzJTZGJTZFJTZFJTY1JTc4JTY5JTZGJTZFJTIwJUMzJTI2JTZFJTYyJTczJTcwJTNCJTIwJTZDJUUyJUFDJTIyJTY1JTczJTcwJTYxJTYzJTY1JTIwJTYzJTZDJTY5JTY1JTZFJTc0JTNDJTJGJTc0JTY5JTc0JTZDJTY1JTNFJTBBJTA5JTA5JTNDJTZDJTY5JTZFJTZCJTIwJTcyJTY1JTZDJTNEJTIyJTczJTY4JTZGJTcyJTc0JTYzJTc1JTc0JTIwJTY5JTYzJTZGJTZFJTIyJTIwJTc0JTc5JTcwJTY1JTNEJTIyJTY5JTZEJTYxJTY3JTY1JTJGJTc4JTJEJTY5JTYzJTZGJTZFJTIyJTIwJTY4JTcyJTY1JTY2JTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTZGJTYyJTZBJTY1JTc0JTczJTJEJTczJTYxJTZFJTc0JTY1JTJEJTczJTY1JTYzJTc1JTcyJTY5JTc0JTY1JTJFJTYzJTZGJTZEJTJGJTZDJTZGJTYzJTYxJTZDJTY5JTdBJTYxJTc0JTY5JTZGJTZFJTJGJTYxJTYxJTJGJTY4JTZGJTZEJTY1JTJGJTY5JTZEJTYxJTY3JTY1JTczJTJGJTc0JTY5JTc0JTZDJTY1JTJFJTUwJTRFJTQ3JTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTIyJTc1JTc0JTY2JTJEJTM4JTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTU4JTJEJTU1JTQxJTJEJTQzJTZGJTZEJTcwJTYxJTc0JTY5JTYyJTZDJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTQ5JTQ1JTNEJTQ1JTZEJTc1JTZDJTYxJTc0JTY1JTQ5JTQ1JTM3JTIyJTNFJTBBJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTQzJTZGJTZFJTc0JTY1JTZFJTc0JTJEJTU0JTc5JTcwJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTc0JTY1JTc4JTc0JTJGJTY4JTc0JTZEJTZDJTNCJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTU1JTU0JTQ2JTJEJTM4JTIyJTNFJTBBJTIwJTNDJTczJTc0JTc5JTZDJTY1JTNFJTBBJTIwJTIwJTdCJTZEJTYxJTcyJTY3JTY5JTZFJTNBJTMwJTNCJTcwJTYxJTY0JTY0JTY5JTZFJTY3JTNBJTMwJTNCJTdEJTBBJTY4JTc0JTZEJTZDJTJDJTBBJTYyJTZGJTY0JTc5JTIwJTIwJTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTZGJTc2JTY1JTcyJTY2JTZDJTZGJTc3JTNBJTY4JTY5JTY0JTY0JTY1JTZFJTNCJTdEJTBBJTc0JTYxJTYyJTZDJTY1JTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc0JTYxJTYyJTZDJTY1JTJEJTZDJTYxJTc5JTZGJTc1JTc0JTNBJTczJTc0JTYxJTc0JTY5JTYzJTNCJTBBJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNBJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNCJTdEJTBBJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTIwJTdCJTY2JTZDJTZGJTYxJTc0JTNBJTZDJTY1JTY2JTc0JTNCJTIwJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTJFJTY4JTY1JTYxJTY0JTY1JTcyJTIwJTdCJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYyJTZGJTc0JTc0JTZGJTZEJTNBJTMxJTcwJTc4JTIwJTczJTZGJTZDJTY5JTY0JTIwJTIzJTMwJTMwJTMwJTdEJTBBJTJFJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTNDJTJGJTczJTc0JTc5JTZDJTY1JTNFJTBBJTBBJTBBJTIwJTIwJTIwJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTNDJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTczJTcyJTYzJTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTZGJTYyJTZBJTY1JTc0JTczJTJEJTczJTYxJTZFJTc0JTY1JTJEJTczJTY1JTYzJTc1JTcyJTY5JTc0JTY1JTJFJTYzJTZGJTZEJTJGJTZDJTZGJTYzJTYxJTZDJTY5JTdBJTYxJTc0JTY5JTZGJTZFJTJGJTYxJTYxJTJGJTIyJTIwJTY2JTcyJTYxJTZEJTY1JTYyJTZGJTcyJTY0JTY1JTcyJTNEJTIyJTMwJTIyJTNFJTNDJTJGJTY5JTY2JTcyJTYxJTZEJTY1JTNFJTBBJTA5JTIwJTIwJTBBJTNDJTJGJTYyJTZGJTY0JTc5JTNFJTNDJTJGJTY4JTc0JTZEJTZDJTNFJykpOw0KLy8tLT4NCjwvU2NyaXB0Pg==

Base 64 Decode : file
Unescaped javascript : file

SCREENSHOT :

CLICK : Accéder aux comptes
NOTE : WRONG PASS....
SCREENSHOT :

Dernier rappel (Phishing Société Générale)

Cher(e) Client(e) :

Afin de prévenir l'utilisation frauduleuse des cartes bancaires sur Internet, Société Générale est dotée d'un dispositif de controle des prélèvements. Ce service est entierement gratuit Notre systeme a detecte que vous n'avez pas active Pass sécurité

Cliquez ici

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

asrv@agri.fr

Screenshot of the email

Email analysis :

NOTE : "STE GENERALE"@flexbus.fr
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@flexbus.fr >
NOTE : Received : from flexbus.fr ([84.39.48.85])
NOTE : Received : by flexbus.fr (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:PTRTFG.php
NOTE : Dernier rappel

Espace Client(CA-LJ-TR-08-T6) (Phishing Apple ITC)

Bonjour,

Nous vous prions de trouver dans le document ci-joint les informations relatives à la modification de votre convention de compte, de vos annexes cartes, ainsi que du guide des conditions et tarifs 2016 A.pple!.

CONSULTER LE DÉTAIL DES MODIFICATIONS

Ces modifications entreront en vigueur dans un délai de 2 mois à compter de la mise à disposition du présent message. Nous vous rappelons que l’absence de contestation de ces modifications dans un délai de 2 mois vaudra acceptation des dites modifications de votre part et, qu’en cas de refus des modifications proposées, vous pouvez résilier la convention de compte sans frais avant l’entrée en vigueur des dites modifications. Vous trouverez en ligne l’ensemble des conventions, des annexes cartes et le guide des conditions et tarifs mis à jour de ces modifications dans la rubrique « Tarifs ».

Restons en contact et à bientôt,

La i.Tunes Team.

App.le, SA au capital de 2 492 770 306 € – Siège social : 16, boulevard des Italiens – 75009 Paris – Immatriculée sous le n° 662 042 449 R.C.S Paris Identifiant C.E FR76 662 042 449 – ORIAS n° 07 022 735. : 01 43 63 15 15 (Appel non surtaxé) -

Email analysis :

NOTE : ID@webxc214s03.ad.aruba.it
NOTE : iTunes@webxc214s03.ad.aruba.it
NOTE : 19285607@webxc214s03.ad.aruba.it
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < 19285607@webxc214s03.ad.aruba.it >
NOTE : Received : from webxc214s03.ad.aruba.it ([89.46.105.241])
NOTE : by smartcmd01.ad.aruba.it
NOTE : Received : by webxc214s03.ad.aruba.it
NOTE : X-Php-Originating-Script : 19285607:admin.php
NOTE : Message-Id : < 20160702073405.9D1DAC0118557@webxc214s03.ad.aruba.it >
NOTE : Espace Client(CA-LJ-TR-08-T6)

Phishing analysis :

CLICK : CONSULTER LE DÉTAIL DES MODIFICATIONS
OPEN : http://personalpittraining.nl/.../Apple
REDIRECT : http://personalpittraining.nl/.../Apple/*/Apple/
SCREENSHOT :

CLICK : Login
REDIRECT : http://personalpittraining.nl/.../Apple/*/Apple/inscription/
SCREENSHOT :

CLICK : Valider mes informations
REDIRECT : https://appleid.apple.com/

Conditions à prסpos des viгements (Phishing Hello bank)

Bonjour .

.

Relation

Cordialement

Screenshot of the email :

Email analysis :

NOTE : Content-Type : text/html; charset=UTF-8
NOTE : Content-Type : application/xhtml+xml
NOTE : Content-Disposition : inline
NOTE : X-Priority : 2
NOTE : Return-Path : < prefet@paroles-musique.com >
NOTE : Content-Transfer-Encoding : 8bit
NOTE : List-Post : khr
NOTE : Received : from paroles-musique.com ([104.36.17.205])

NOTE : host-205-17-36-104.cloudsigma.net
NOTE : Conditions à prסpos des viгements

Vous avez reçu (1) message (Phishing Crédit Agricole)

Bonjour

Nouvelle information disponible sur votre messagerie
Consultez vos mails en cliquant ci-dessous:

ACCÉDER À MES COMPTE

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.
Pour être sûr de recevoir nos emails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Screenshot of the email :

Email analysis :

NOTE : _CREDIT.AGRlCOLE_@zizsoft.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < "mailto:er"@zizsoft.com >
NOTE : Received : from zizsoft.com ([84.39.48.88])

NOTE : Received : by zizsoft.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:wp-config.php
NOTE : Message-Id : < 20160701061216.E73852173F@zizsoft.com >
NOTE : Vous avez reçu (1) message

Phishing analysis :

CLICK : ACCÉDER À MES COMPTE
OPEN : http://www.cap911.com/classe
RESULT : Phishing was removed...

Lisez votre message! (Phishing Hello bank)

sur un seul site.

Votre actu des

Bonjours Cher(e) Client(e) ,

Un nouveau message est disponible sur votre messagerieo
Pour consulter, Veuiller cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello-Bankª

Ce courriel vous a été envoyé par un système automatique d'émission de messages. L'adresse d'émission n'est pas une adresse de courriel classique. Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Screenshot of the email :

Email analysis :

NOTE : servicehelloban@decathlon.fr
NOTE : www-data@decathlon.fr
NOTE : X-Php-Originating-Script : 0:noi.php
NOTE : Received : by decathlon.fr (Postfix, from userid 33)
NOTE : Received : from decathlon.fr ([139.59.145.95])

NOTE : Decathlon servers were used to relay this phishing.

Tyler Butler sent you "Scanned Documents.zip"

Tyler Butler a file with you on Dropbox

The updated agreement with BDO

Scanned Documents.zip

Download

© 2016 Dropbox

Screenshot of the email :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : americanexpress@welcome.aexp.com
NOTE : 14.174.35.53

NOTE : Received : from static.vnpt.vn (unknown [14.174.35.53])

File analysis :

CLICK : Download
OPEN :

https://www.cubbyusercontent.com/pl/Scanned+Documents.zip/_08fa4c28262f424b970037c786caf840

DOWNLOAD : Scanned Documents.zip
RESULT : Scanned Documents.zip is a virus.

Virus analysis :

FILENAME : Scanned Documents.zip
SHA256 : 27d79850e1bae0d14a689e1d019ef6217d805189b04e486e3d54ed8a363d3689

====================================
Ad-Aware : Trojan.GenericKD.3363605
AegisLab : Troj.Generickd!c
Arcabit : Trojan.Generic.D335315
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3363605
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AGS
Emsisoft : Trojan.GenericKD.3363605 (B)
F-Secure : Trojan.GenericKD.3363605
Fortinet : JS/Nemucod.1509!tr
GData : Trojan.GenericKD.3363605
Ikarus : Trojan.Script
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic
McAfee : JS/Nemucod.la
McAfee-GW-Edition : JS/Nemucod.la
eScan : Trojan.GenericKD.3363605
Microsoft : TrojanDownloader:JS/Nemucod.EW
Sophos : Troj/JSDldr-PH
====================================

Extraction of the zip : 3 files extracted.
Result : Scan001.js, Scan002.js, Scan003.js

File Scan001.js
File Scan002.js
File Scan003.js

CONGRATULATIONS!!! YOU HAVE WON NATIONAL LOTTERY

UK ONLINE NOTIFICATION DESK
BRITISH GOVERNMENT ACCREDITED LICENSED!
UK NATIONAL LOTTERY
REGISTERED UNDER THE DATA PROTECTION,
(Registration No. Z720633X).

UK NATIONAL LOTTERY
TOLPITS LANE, WATFORD, HERTS WD18 9RN,
UNITED KINGDOM

(Customer Service)
Tel: 44 (0) 192 342 5000

Ref: UK/9420X2/683
Batch: 074/05/ZY369

Dear Lucky Winner,

We happily announce to you the draw (#966) of the UK NATIONAL LOTTERY online Sweepstakes International program held on 20th June, 2016. Your e-mail address attached to ticket number : 96475645 188 with Serial number 5368/02, drew the lucky numbers: 30, 3, 5, 44, 14 and 22, bonus number: 10.

CONGRATULATIONS!!!!

Due to mix up of some numbers and names, we instruct you to keep your winning information confidential until your claims has been completely processed and your winning fund is being claimed. This is part of our security protocols to avoid double claiming and unwarranted abuse of this program by some participants. You have therefore been approved to claim a total sum of GBP1,000,000 (One Million Great British Pounds Sterling Only) cash prize,credited to a file No.: KTU/9023118308/16. This is from a total cash prize of GBP10,000,000(Ten Million Great British Pounds) shared among the first Ten(10) lucky winners in this category i.e. Match 5 plus bonus. All participants for the online version were selected randomly from World Wide Websites through our computer ballot draw system extracts from over 500,000 unions, associations and corporate bodies that are listed online.This promotion takes place weekly until the end of the year 2016. In order to redeem your prize, you are expected to present your winning details :(I)Winning Numbers, (ii)Ticket Number, (iv)The File Ref. Number to the agent for verification and confirmation together with the Serial Number.

CLAIM REQUIREMENTS:

1. FULL NAME:
2. DATE OF BIRTH:
3. SEX:
4. OCCUPATION:
5. CONTACT ADDRESS:
6. TELEPHONE NUMBER:

********************************************************
UK NATIONAL LOTTERY CLAIM MANAGER
Name: Mr. Andrew M. Fernandes
Email: nationalfiduciary_claimagent@consultant.com
Tel: 44 (0) 745 218 5251
Fiduciary Agent, UK National Lottery,
********************************************************

CONGRATULATIONS FROM THE MEMBERS AND STAFF OF UK NATIONAL LOTTERY.

Yours faithfully,
Mrs. Courtney Cervantes.
Online coordinator for UK NATIONAL LOTTERY Sweepstakes International Program
NATIONAL LOTTERY.

BELOW ARE THE SPONSORS OF THIS PROGRAM

Executives:

Dr. P. Swier (CEO), Mr. Gerald Goodman (Manager Foreign Operations), Mr. Franklyn Van Der Weijden (Manager Domestic Banking Operations), Dr. James Williams (Director International Credit Department), Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer). Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer).

Email analysis :

NOTE : uknationallotto@post.com
NOTE : uknationallotto@national-lottery.co.uk
NOTE : Received : (from vu2004@localhost)
NOTE : by hosting.datacenter.loc (8.13.8/8.13.8/Submit)
NOTE : 190.66.7.136

Partnership request...

Hello,

I want to come and establish in your country with some money but I need someone to partner with.

Could you please respond for more details?

Thanks.

Jewel.

Email analysis :

NOTE : jewelgoodness@outlook.com
NOTE : amsiwmmw@aol.com
NOTE : Received : from ADMIN-PC (unknown [108.163.240.14])

Good day

Dear Friend,Good day,i am contacting you in respect to my late husband's money ,Once i receive your positive response, i will give you more details.

Mrs Recheal Nana Essien

Email analysis :

NOTE : Good day
NOTE : mrsrnesien@live.fr
NOTE : recheal_essien@aol.com
NOTE : Received : from MICROTIQUE-PC (unknown [85.13.253.153])

NOTE : by mtaout-mbe01.mx.aol.com (MUA/Third Party Client Interface)

Abu Dhabi Fund for Development (ADFD)

Dear Sir,

We are seeking the attention of investors, project owners and general business facilitators for possible collaboration through project development and the actualization of viable investment initiatives globally.

Abu Dhabi Fund for Development (ADFD) focuses on number of areas in which it has developed significant competitive advantage, including acquisitions, aerospace/aviation, telecommunication, technology, energy, industry, health care, infrastructure, real estate, hospitality and service ventures. Abu Dhabi Fund for Development (ADFD) is a catalyst for the economic diversification of Abu Dhabi; established and owned by the Government of Abu Dhabi, the organization's strategy is built on the management of Long-term, capital-intensive investments that deliver strong financial returns and tangible social benefits for the Emirate. ADFD brings together and manages a multi-billion dollar portfolio of the government of Abu Dhabi which we wish to re-invest in project financing and investments in viable ventures on a 2.5% interest rate loan per annum on long term investment projects that can generate up to 10% ROI within the period of the sanctioned loan.

We invite all interested project owners and investors - UAE or non- UAE to contact the undersigned for further information on procedures for consideration.

Kind regards,

Fares Mansour
Director for Global Investment Initiative
Abu Dhabi Fund for Development (ADFD)
Al Bahar Towers, King Abdullah bin Abdulaziz Al Saud Street
P .O. Box 814, Abu Dhabi, U.A.E

Email analysis :

NOTE : khalifamohammeduae@hotmail.com
NOTE : Received : from SNT148-W56 ([65.55.90.9])

NOTE : client-ip=65.55.90.29;
NOTE : Mime-Version : 1.0

SUBJECT: YOU HAVE A PARCEL FOR DELIVERY FROM THE WORLD BANK.?

United Parcel Service,
70 Evo Road
GRA Phase II
Port Harcourt, Rivers
Nigeria
Phone number: +2348162029357

Dear Beneficiary,

SUBJECT: YOU HAVE A PARCEL FOR DELIVERY FROM THE WORLD BANK.

This is to officially notify you that your long overdue payment has been released as a result of the World bank, United Nation and the FBI intervention.
The sum of 10,000,000.00 USD (Ten Million United State Of American Dollars) has been approved for you by the World bank and ready to be remitted to your via an Automated Teller Machine Card to be delivered to you by us the United Parcel Service. Your payment will be remitted to you via an Automated Teller Machine Card issued by MORGAN CHASE BANK and powered by Master card, with a daily withdrawal limit of 10,000 USD. It was also decided that you will send the sum of 259 USD for your Automated teller machine card activation and 230 USD for the shipment of your ATM Card, total amount to pay is 489 usd. Your Automated Teller Machine card is presently in our office for processing and ready for shipment to your address. Kindly confirm your name, address, phone number, scan copy of valid identity card to this email address ezepaul312@gmail.com. As soon as you confirm your address, payment details will be sent to you so you can remit the 489 USD so we can dispatch your ATM card.

You can call paul on : +2348162029357 for details.

We await your swift reply as we have 72 hours to dispatch your ATM card.

Thank you.

Best regards,
Mr paul
UPS NIGERIA
ezepaul312@gmail.com
Phone number: +2348162029357

Email analysis :

NOTE : ezepaul312@gmail.com
NOTE : sssss.hhhh@aol.fr
NOTE : Received : from USER-PC (unknown [197.211.53.30])

NOTE : by mtaout-aad01.mx.aol.com (MUA/Third Party Client Interface)

Salam Hasan

Do you have ATM cash machine in your country?

Hello Dear,

How are you today, i am your friend from Burkina Faso. Can you use ATM Visa card to withdraw money on ATM cash machine in your country?. i want to transfer money to you from my country, it is the part of the money taken by the old politician newly forced out of power. i will change the account to your name and apply for a visa card with your name in our bank, i will send the visa card to you and you will be withdrawing money with it and always send my own percentage of the money. whenever you withdraw money you will send 50% to me and you will take 50% of the money. the visa card and the bank account will be on your name, there is no any risk involve, i assure you will never get into problem. I will be waiting for your information as soon as possible.

Your name...........................................
Age.................................................
Sex.................................................
Country.............................................
Occupation..........................................
Phone number........................................

Best Regards.
Salam Hasan.
+226 79134016

Email analysis :

NOTE : salamhasan116@gmail.com
NOTE : salamhasan114@gmail.com
NOTE : Received : from [154.66.171.50] (port=44864 helo=[10.80.204.71])
NOTE : by mail1.alpha.hostsg.com with esmtpa

ideal1

Attention

We have deposited the check of your fund (8,500 000.00USD) through Western Union department after our finally meeting regarding your fund, All you will do is to contact Western Union director Mr Dan Ike. He will give you direction on how you will be receiving the funds daily.Remember to send him your Full information to avoid wrong transfer such as,

Receiver's Name:_______________
Address: ________________
Country: _____________
Phone Number: _____________

Though, Mr Dan Ike has sent $5000 in your name today so contact Mr Dan Ike as soon as you receive this email call +22998492837 or (info.westernunion1@post.cz)and tell him to give you the Mtcn, sender name and
question/answer to pick the $5000 Please let me know as soon as you received all your fund,

Best Regards.
Mr Rorbert Roy

Email analysis :

NOTE : info.westernunion1@post.cz
NOTE : ideal1@qatar.net.qa
NOTE : Received : from [82.148.101.116]

NOTE : (Forwarded-For: 197.234.219.92)

Rép : Urgent Response

My name is Jones Kunene a legal practitioner based in Johannesburg and the personal attorney to late Mr. Randolph Marriott, a Foreign National who died along with his wife and two sons in a robbery attack in their farm settlement home in Johannesburg, South Africa. My client was a successful and an accomplished family man who made enough fortune before his untimely death. Since then I have made several inquiries through his Embassy to locate any of his extended relatives but this exercise has proved unsuccessful. After several unsuccessful attempts, I decided to trace his relatives to locate any member of his family, not much progress was recorded.

Mr. Randolph Marriott was an influential wealthy businessman, a diamond magnet here in Johannesburg and he left behind a deposit of Fourteen Million, Five Hundred Thousand United States Dollars (USD$14.500, 000.00USD) in his domiciliary bank account in a commercial bank here in South Africa. After the death of Randolph Marriott, his bankers contacted me as his attorney to provide his next of kin who should inherit his funds. The board of directors of his bank adopted a resolution and I was mandated to provide his next of kin for the payment of these funds or forfeit the money to the bank as an abandoned property. The bankers had planned to invoke the abandoned property decree of 1996 to confiscate the funds after the expiration of the period given to me.

Fortunately, in the verge of my search, I came across your name through a consultancy firm in your Chamber of Commerce & Industry that provided me with your reputable data. Being convinced that you might provide clue to my search. I therefore decided to contact you with these facts before me because of the similarities. By virtue of my closeness to the deceased and his immediate family, I am very much aware of my client’s financial standing and the bank account he operates.

I have reasoned very professionally and I feel it will be legally proper to present you as the next of kin to my deceased client, so that you can be paid the funds left in his bank account. I therefore seek your consent to present you as the next of kin to the deceased since you are at an advantage. The proceeds of this bank account valued at USD$14.5Million US Dollars can be paid to you. We shall both share the funds equally, 50% for me and 50% to you. I shall assemble all the necessary legal documents that will be used to back up our claim. All I require is your honest cooperation to enable us seeing the deal through.

NOTE: PLEASE GET IN TOUCH WITH ME BY EMAIL FOR PRIVACY AND CONFIDENTIALITY TO ENABLE US DISCUSS FURTHER Tel: + 27 840 142 450 (joneskunene@webmail.co.za) or (joneskunene@hotmail.com)

I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law.

Yours Sincerely,
Jones Kunene Attorney

Email analysis :

NOTE : joneskunene@webmail.co.za
NOTE : no.reply@drkhalid.co.uk
NOTE : Received : from User ([223.197.230.165])

CONTACT Mrs. JENNIFER JOHNSON FOR YOUR ATM CARD

ATTN; DEAR,

This is Mrs. JENNIFER JOHNSON , I have registered your ATM CARD to the POST OFFICE BENIN REPUBLIC so that they will Post it to your home address and I believe your current address is still the same. Your total amount in the envelope is $4.8 Million USD and the POST OFFICE assured me that there will be no stoppage until it get to your hand. I want you to contact them and re-confirm your address where to Post it.

Contact Mr. John Ben,
03 BP 1000,COTONOU
BENIN REPUBLIC.
E-mail: (postofficefile1@gmail.com)
Telephone +229 99338054
Your full information for the Postal.

FULL NAME: ==============
COUNTRY: ==============
CITY: ==============
CURRENT HOME ADDRESS: ===========
TELEPHONE/CELL PHONE NUMBER.=========
AGE/OCCUPATION: =============
SEX/A COPY OF YOUR IDENTIFICATION: ===============

the manager, informed me that it will take good 3 days to get to your house and your Envelope accumulate. Your Current address has to be reconfirmed when contacting the post office. Call me at +229 99338054 as soon as you receive your Envelope.

Thanks & remain blessed.
Mrs.JENNIFER JOHNSON

Email analysis :

NOTE : www.@skyblue.ocn.ne.jp
NOTE : postofficefile1@gmail.com

FBI LETTER[CODE:210]f[[

JAMES BRIEN COMEY
EXECUTIVE DIRECTOR FBI
FEDERAL BUREAU OF INVESTIGATION FBI.WASHINGTON D.C FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP

The Federal bureau of investigation (FBI) Washington,D.C in conjunction with some other relevant Investigations Agencies have recently been informed through our Global intelligence monitoring network that your over-due contract payment which was fully endorsed in your favor accordingly by the Central bank of Malaysia(Bank Negara Malaysia) has not been claimed. It might interest you to know that we have taken out time in screening through this project as stipulated on our protocol of operation and have finally confirmed that your contract payment is 100% genuine and hitch free from all facet and of which you have the lawful right to claim your fund without any further delay. We further advise that you go ahead in dealing with the Central Bank office accordingly as we will be monitoring all their services with you as well as your correspondence at all level.

We were also made to understand that a lady with name Mrs. Joan C.Bailey from OHIO has already contacted them and also presented to them all the necessary documentation evidencing your claim purported to have been signed personally by you prior to the release of your contract fund valued at about $25million us dollars only but the Central Bank office did the wise thing by insisting on hearing from you personally before they go ahead on wiring your fund to the Bank information which was forwarded to them by the above named Lady so that the main reason why they contacted us so as to assist them in making the investigation. Contact immediately the office of the Central Bank of Malaysia (Bank Negara Malaysia) via email with the below information accordingly:

NAME: Dr. Zeti Akhtar Aziz.
OFFICE ADDRESS: Bank Negara Malaysia,
Jalan Kuching, Kuala Lumpur,
Wilayah Persekutuan,Kuala Lumpur,
Selangor,Malaysia
Email: zeti.aziz@aol.com

Meanwhile, we will advise that you contact the office of the Governor of the Central Bank immediately with the above email address and request that they attend to your payment file as directed, so as to enable you receive your contract fund accordingly. To this effect, you are required to reconfirm and authenticate your given particulars below for certainty and onward processing and release of you funds as we may not be held liable for any wrong payment.

FULL NAMES: __________________________________
CITY: _________________________
STATE: __________________________________
ZIP: ______________
COUNTRY________________________________
SEX: _______________
AGE: __________________
TELEPHONE NUMBER: _____________________
FAX: __________________________

Ensure you follow all their procedure as may be required by them as that will further help hasten up the whole procedure as regard to the transfer of your fund to you as designated. Also have in mind that the Central Bank of Malaysia equally have their own protocol of operation as stipulated on their banking terms, so delay could be very dangerous. Thank you very much for your anticipated co-operation in advance as we earnestly await your urgent response to this matter.

Best Regards,

James Brien Comey
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.

Email analysis :

NOTE : zeti.aziz@aol.com
NOTE : fb@fb.com
NOTE : 162.214.6.66 (mail.arcigee.com)
NOTE : Received : from [13.84.155.162] (port=2019 helo=User)

NOTE : by mail.arcigee.com

Hello Beloved

Dear beloved,

Good day my beloved one, I am writing you these massage to you with tears and sorrow from my heart. I am by name Miss Tience, a 23 years old girl from Kenya, My Mother was Late Mrs Lorna Laboso the former Kenyan Assistant Minister of Home and affairs who was among the plan that crash in a remote area of Kalong s western Kenya. The plane crashed occurred on Tuesday 10th, June, 2008. read more about the crash with the below web site.

http://edition.cnn.com/2008/WORLD/africa/06/10/kenya.crash/index.html

After the burial ceremony of my mother my stepmother and my uncles conspired and sold my mother s properties to an Expert rate in Switzerland and shared the money among themselves and left nothing for me because my father died when I was three years; One faithful morning, I opened my mother's briefcase and found out a document that my mother deposited a huge amount of money in UNITED BANK FOR AFRICA UBA/BIB bank Burkina Faso with my name as the next of kin.

After then I visit Burkina Faso to withdraw the money for a better life so that I can take care of myself and start a new life, on my arrival over there, the Bank Director whom I meet in person told me that my mother left an instruction to the bank, that the money should be release to me only when I am married or I present a trustee who will help me and invest the money overseas. That is the reason why I am in search of a honest and reliable person who will help me and stand as my trustee for the Bank to transfer the money to his bank account.

I will like you to help me to relocate to your country because my stepmother has threatened to assassinate me once she knows my were about. The amount is($8.4 M USD) eight point four million United State Dollars, I have confirmed from the bank in Burkina Faso, You will also help me to put the money in a more profitable business venture in your Country.
However, you will help me by recommending a nice University in your country so I can complete my studies. It will be my pleasure to compensate you with 30% of the total money for your services and the balance shall be my capital, with your kind idea for me to invest under your control over there in your country.

As soon as I receive your positive response showing your interest I will put things in order immediately.I shall appreciate an urgent message indicating your ability willingness to handle this transaction trustfully and sincerely. I thank God Today that I am out from my country (KENYA) right now In (Burkina Faso) where my mother deposited the money with my name as the next of kin, and I have confirmed from the bank with the Documents I have at hand which I will be sending to you after receiving a good respond from you,

I will also be sending to you my picture's in my next mail, thanks and have a nice day.
Sincerely yours

Miss Tience.

Email analysis :

NOTE : misstiencelorna@gmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-5

Make Profit Daily

Hello,

Its as simple as it sounds. Sports betting has become widely accepted and very productive especially when you get the right tips and make the right predictions. Am one sports analyst with a very special and rare talent for making accurate sport predictions and trust me,with my tips and predictions,you'll certainly make profits 5 days in a week,and thats me being modest.

My proposal is simple. My predictions are mostly about soccer and i've been able to help thousands of people make substantial progress as far as their finances are concerned.

This is no scam.

All you need to do is register with an online sports betting site. I'll give you a double-your-money odds and you play the games and get double your stake the next day. If for example you stake 100 usd,you get 200 usd the next day. The amount you stake is strictly at your discretion. Its really that simple.

Whats in it for me?

I'ld be lying if i say am not in this for the money. But am not in it for your money,trust me. Reply this message and my first odds for you is completely on the house. If you choose to continue,then i'll continue to give u GUARANTEED daily odds at a fixed rate,depending on how many odds you want. Believe me,some of my clients request for over 5+ odds. Yes, 5+. Remember that 100 usd? Meaning it automatically becomes 500 usd the next day,provided you play with my tips/predictions. And the security involved is you only get to pay me after you get your winnings from your preferred betting company. So the payment is more like an appreciation.

So lets make some money. You stand to lose nothing by ignoring this message,you gain a lot if you reply.

Predictiongenius88@gmail.com

Soccer Prediction Genius.

Email analysis :

NOTE : predictiongenius88@gmail.com
NOTE : Soccerpredictiongenius@mail.com
NOTE : Received : from h2379245.stratoserver.net ([85.214.84.244]:59111 helo=User)

Great Opportunity for you .....‏

servicesense with all types of retail organizations nationwide to improve sales, profits and growth potential. It provides information through mystery shopping, customer satisfaction surveys and retail compliance surveys which allows customers to make solid business decisions..This company is looking for outstanding shoppers to help evaluate customer service and sales efforts for clients in all states in (USA) You will receive $250 commission per assignment and you can make up to $1250 in a month with multiple assignments. Each assignment is less than or approximately 1 hour.

Send further emails to Alex Darton at the email below if interested .

Kindly send your information to this email: alexdarton244@gmail.com

Full Name:
Address (Or PO Box):
State, City, & Zip:
Email:
Phone (Mobile):
HR Personnel: Alex Darton

Email analysis :

NOTE : cleatis_ll@hotmail.com

Dearest

I am Maria Sharpon, I am a dying widow diagnosed with cancer.
It's certain i don't have much time on my side and i have decided to donate all i have to charity.
I need an honest and trust worthy individual/company to partner with my accountant and
utilize this money in accordance with agreements. I shall render all necessary help.
If you are not interested,kindly pardon me for contacting you.

Email analysis :

NOTE : sharpon.m@live.com

RE: Was sent last night., ..........

monicanl.lin33@outlook.it [mailto:monicanl.lin33@outlook.it]
:

RECEIVED the email i sent to you Yesterday???

Email analysis :

NOTE : monicanl.lin33@outlook.it
NOTE : lsu@msn.it
NOTE : bfhart@reagan.com
NOTE : X-Type : html
NOTE : X-Mailer : webmail/12.5.1-RC

This is an important message.

Greetings,

You've won Ј950,000.00 (Nine Hundred and Fifty Thousand Pounds) on Lottoball draw number 7109-98454322710-545538 conducted this month and your payment centre is London, United Kingdom.
To receive this prize, please contact Dr. Eric Sellers on: ersellers01@hotmail.com quoting your draw number.
Congratulations

Cheers,

Maureen Stevens
Notification officer
Lottoball UK

Email analysis :

NOTE : talktostevens@outlook.com
NOTE : Maureen-S@lottoball.com
NOTE : Received : from User ([80.77.186.114]) by curtis-srv02.Curtisassoc.com

Dear Friend. My private email address is (mrsmaria@foxmail.com)

Dear Friend.

I am Mrs. Maria, the Head of file Department in Bank of Africa. I seek your assistance and I am assured of your capability to champion this business opportunity, to remit the sum of $10.5 million U S dollars into your account. If you are interested please let me know so that i can send you the full details of this transaction. I agree that 40% of this money will be for you, while 10% will be set aside for all expenses incurred during the business and 50% would be for me. If you are interested to execute this business with me, you should contact me in my private email and provide me the below requested information to avoid any delays, and I will furnish you with more elaborate information. My private email address is (mrsmaria@foxmail.com)

(1)Your Name
(2)Your age.........................
(3)Your occupation..................
(4)Your full residential address...............
(5)Your private phone and fax number I await your

prompt response. Best regards,
Mrs. Maria
Email(mrsmaria@foxmail.com)
call me if you are instrested +226 65369757

Email analysis :

NOTE : mrs.mariacc3@aol.jp
NOTE : X-Originating-Ip : [77.67.50.246]

ABOUT YOUR PAYMENT

UNITED BANK FOR AFRICA NIGERIA
HEAD OFFICE ADDRESS UBA HOUSE
57 MARINA P.O. BOX 2406 LAGOS NIGERIA
PHONE:+234 8104484003
FAX: 234 674 478 8273
Greetings,

Am Frank Emeka , director cash processing unit, united bank for Africa [UBA the only bank appointed by the A.U. Members lead by President Robert Mugabe. Because of the frauds going on in West Africa countries where some innocent beneficiaries were asked to pay in advance before receiving their money owed to them. The above Africa union held meeting in Nigeria and resolve to pay all beneficiaries in cash through means of diplomatic courier service. We receive your files from international monetary fund (I.M.F.) as one of the beneficiaries. Take note:Three thousand united state dollars (usd$3,000)have been mapped out for all expenses in taxes and other doccumets that matters. Therefore, I want you to bear it in mind that your total fund will not be five million five hundred thousand united state dollars ($5.500,000.00) but five million four hundred and ninety seven thousand united state dollars ($5.497,000.00). Dear as a senior banker, controlling this cash payment now, I advise you not to waste your money by paying any body in advance again, and if you just follow my instruction, you will receive your money in three days time. Your fund will now be packaged in box and take to the diplomatic courier service for immediate shipment, I will also send the picture of the box by attachment to you to see how the money is packed, and I will send you more mails to give you more information for you to know the genuineness of this transaction. Therefore, do forward your home address and direct phone number to this E-Mailfrankemeka709@gmail.com All the documents will be sent to you if I am assured that you have stopped sending money to those fraudsters. Am waiting to hear from you with the required information of yours.

Frank Emeka
Director cash processing unit
united bank for Africa. (U.B.A)
frankemeka709@gmail.com

Email analysis :

NOTE : lnfo@uba.com
NOTE : X-Php-Script : www.adverthub.com.ng/3.php for 105.112.17.127

Account Alert: Personal Safe Key (PSK)

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance. American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. to create your PSK (Personal Safe Key).
Note: You will be redirected to a secure encrypted website. The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

Create your PSK

Kind regards,
Dave Barry

American Express. All rights reserved.

Screenshot of the email :

Email analysis :

NOTE : AmericanExpress@welcome.aexp.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from adsl-97.79.107.137.tellas.gr (79.107.137.97)

NOTE : Account Alert: Personal Safe Key (PSK)

Phishing analysis :

CLICK : Create your PSK
OPEN : http://verifybyamericanexpress.com/create
NOTE : Website is unresponsive...
NOTE : Domain name analysis...

verifybyamericanexpress.com analysis :

Domain name: verifybyamericanexpress.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-06-27T16:00:00Z
Creation Date: 2016-06-28T14:44:31Z
Registrar Registration Expiration Date: 2017-06-27T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Registrant Name: Mong Lwan
Registrant Organization: n\\a
Registrant Street: 33 Xiamen road
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350318
Registrant Country: CN
Registrant Phone: +86.7543376322
Registrant Fax: +86.7543376322
Registrant Email: cs@now.cn
Admin Name: Mong Lwan
Admin Organization: n\\a
Admin Street: 33 Xiamen road
Admin City: Xiamen
Admin Province/state: FJ
Admin Postal Code: 350318
Admin Country: CN
Admin Phone: +86.7543376322
Admin Fax: +86.7543376322
Admin Email: cs@now.cn
Tech Name: Mong Lwan
Tech Organization: n\\a
Tech Street: 33 Xiamen road
Tech City: Xiamen
Tech Province/state: FJ
Tech Postal Code: 350318
Tech Country: CN
Tech Phone: +86.7543376322
Tech Fax: +86.7543376322
Tech Email: cs@now.cn
Name Server: a.dnspod.com
Name Server: b.dnspod.com
DNSSEC: unsigned
Billing Name: Mong Lwan
Billing Organization: n\\a
Billing Street: 33 Xiamen road
Billing City: Xiamen
Billing Province/state: FJ
Billing Postal Code: 350318
Billing Country: CN
Billing Phone: +86.7543376322
Billing Fax: +86.7543376322
Billing Email: cs@now.cn

FROM:..USA DEPARTMENT OF HOMELAND SECURITY!!!.

I,m Jeh Charles. Johnson. The secretary of the U.S Department of Homeland security Washington DC. Office Address: 3801 Nebraska Ave NW, Washington, DC 20016, United States. We received a report from ECOWAS that you have an abandoned fund worth $4.5 Million in West Africa. I have instructed ECOWAS and the concerned authorities to bring the consignment box to our Head office in Washington DC. the fund will arrive my office today. I want you to kindly Reconfirm Your Full Name, Current Home Address, Nearest Airport and your Direct Cell Phone # So that arrangement can be made for the delivery of the consignment to your home address. You can reach me on this email: Hon.jehjohnson01@gmail.com

I can be reached at: (202) 753_0288. Leave me a text or Voice Message if i am unavailable to answer.

(1)Your Full Name: _______________
(2)Current complete Home Address: ___________
(3)Direct tel/mobile Phone Number: ______________
(4)Name of your Nearest Airport: _______________________
(56)A Copy of Your ID for Identification: _____________________

I wait to hear from you.

Honorable Jeh C. Johnson
The secretary of
the U.S Department of
Homeland security
Washington DC
Office Address:
3801 Nebraska Ave NW,
Washington, DC 20016,
United States.

Email analysis :

NOTE : makeobi@azdiamondbacks.com
NOTE : X-Originating-Ip : [41.86.234.171]

NOTE : 63.144.116.250

From Dr.Isabella Jefferson

Hello dear friend,

I'm Dr.Isabella Jefferson I am a UNITED STATES MILITARY NURSE

From united states of America. Am supportive and caring, looking forward to get a nice friend. I read your profile from professional link network and pick interest on you. I will like to establish mutual friendship with you. Please let continue our conversation through my private email box.Here is my email address ( drisabellajeffersonus@gmail.com ) I will introduce myself better and tell you the reason why i contact you also send you my picture as soon as i receive your mail.Thanks and regards.

Dr.Isabella Jefferson

Email analysis :

NOTE : drisabellajeffersonus@gmail.com
NOTE : aminadukson760@asia.com
NOTE : Received : from 41.82.51.166 ([41.82.39.175])

NOTE : by mail.gmx.com (mrgmxus002)

Attention To This Urgent Message!

UNITED NATIONS / WORLD BANK ORGANIZATION / FBI
UNITED NATIONS HOUSE, 617/618.
BA ZENTRAL BANK, OAK-HILL HOUSE,
130 TON-BRIDGE ROAD, HILDENBOROUGH, TONBRIDGE, KENT TN11 9DZ

Our Ref: YBNGWB/UN/2016.

Attention: Dear Beneficiary,

APPROVED COMPENSATION PAYMENT AWARD OF US$1.5M.

This is to inform you that a Debit Cash Card Number 7876310003001420 Valued at US$1.5 Million United States Dollars has been accredited in your favour.Be aware that you were listed among many who have had various transactions by Republic Du Benin Cotonou banks stalled due to the inability of the corruption riddled past government. Details of the cleared proceedings were erased in a bid to loot funds. As a measure to resolve and correct these mishaps, the present government of the Federal Republic Du Benin Cotonou has approved your bank transaction and certified you to receive the money without hitch. Please contact Barrister.Gilbert Jean, an expertriate mandated by United Nations to cover all outstanding claims due to foreigners since 2014 till date. Contact him via Email:(barrister.gilbert.j.esq.org@gmail.com) with the following information to facilitate your claims as the FBI, WORLD BANK and UNITED NATIONS AUTHORITIES has made every necessary provision to ensure that payment goes to you as the beneficiary:.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,

Sir. Mike Dave.
CIV NAVSUBTORPFAC YORK.
UN ASSIGNED AGENT.

-----------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This message may contain any discussion of legal matters, hence should be taken as an authoritative interpretation of the law.
-----------------------------------------------------------------------------------------------------------------------

Email analysis :

NOTE : barrister.gilbert.j.esq.org@gmail.com
NOTE : comautomotor@speedy.com.ar
NOTE : Received : from localhost (1n1.terra.com [208.84.242.167])

NOTE : (authenticated user comautomotor!speedylm)

Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Dear valued clients,

Our company is a professional manufacturer for Bluetooth earphone,Bluetooth hearing protection earphone, Bluetooth noise cancellation headphone etc., products section, We have been a pioneer for Bluetooth earphone, hearing protection earphone, Active noise cancellation headphone etc., since 2006.

Trust our 10 years of manufacturing experience and strong R & D capability, our professional and powerful 8 members in house R & D team will make your OEM/ODM orders happen!

Contact us today for more our products information and prices lists, look forward receiving your feedback!

Warmest regards,
Frank Young,

Email analysis :

NOTE : huixinsoft41@foxmail.com
NOTE : Return-Path : < tzvseqjkp@wlrl.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : base64
NOTE : Sender : Frank
NOTE : Received : from unknown (HELO wlrl.com) (60.167.133.108)

NOTE : Received : from PC-20150903UGRM ([127.0.0.1])
NOTE : Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Good Day How are you doing.

Good Day,

My name is Miss Ayeisha Nafisa Muhammad a 22 years old girl from Syria, and my father is late Hafez Amin Muhammad who was killed on August 2015 by the Islamic State Terrorist.

I saw your email profile on Google search and I become interested to know you more. I will be very happy to know more about you because I have some thing very important to tell you.

Attachment here is my photo; please reply me so that we can know each other and exchange pleasantries and more photos

Regards
Ayeisha Nafisa Muhammad.

my photo1.jpg

File analysis :

File seems clean : my photo1.jpg
Transmission Reference : UXta1tuzNqKzviXdJnfx
IPTC Digest : b634d4e5e8b221057ad73dd3236c03a6

Instructions :

FBMD01000abf030000e6080000ab100000b6110000ed120000f11700000522000017230000882400001e26000063370000

Special Instructions :

%14%13%03%d3]4%d1%a6%df%d3}4%d3G%ba%d3%cd4%d3F%9b%d7M4%d3F%fa%d7]4%d3G%9d%d7m4%d3G%f5%d7%bd4%d3M9%dbm4%d3M{%db}4%d3O<%db%8d4%d3M^%db%ad4%d3N%b7%df%bd4%d3

Email analysis :

NOTE : ayeishanafisa@yahoo.com
NOTE : Return-Path : < ayeishanafisa@yahoo.com >
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Disposition à prסpos de la ligne mobile (Phishing Free)

Bon jour

CFR

( Centre

Francais de

Recouvrement )

Screenshot of the email :

Email analysis :

NOTE : infos@titowape.com
NOTE : Content-Type : text/html; charset=UTF-8
NOTE : Content-Type : application/xhtml+xml
NOTE : Content-Disposition : inline
NOTE : Return-Path : < prefet@paroles-musique.com >
NOTE : Content-Transfer-Encoding : base64
NOTE : Received : from paroles-musique.com ([104.36.17.205])
NOTE : Disposition à prסpos de la ligne mobile

Phishing analysis :

CLICK : Se connecter
OPEN : http://dakarp.com/jame*.asp
RESULT : Phishing was removed
RESULT : Phishing attempt...

Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Iazalde.Ludwig@alpestour.com
sent you some files
The updated agreement with RTS Consulting

Download

Files (6.24 MB total)
SageAccts 2016-06-29.zip
Will be deleted on
30 June, 2016

Get more out of WeTransfer, get Plus

About WeTransfer Contact Legal Powered by Amazon Web Services To make sure you can receive our emails, please add noreply@wetransfer.com to your trusted contacts

Link analysis :

CLICK : Download
OPEN : https://www.cubbyusercontent.com/pl/SageAccts+2016-06-29.zip/_24cfcb038b1b4223ae0b4d0cc41ecdbe
DOWNLOAD FILE : SageAccts 2016-06-29.zip

File analysis :

FILE : SageAccts 2016-06-29.zip
SHA256 : b50fe4e0b2bfa1e8157c306e7293fb9d097a91b99bf34621a3246211bb5368e2

FILE IS A TROJAN !!!

Avira (no cloud) : HEUR/Suspar.Gen
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@alpestour.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : 1.161.133.80;

NOTE : Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Kindly respond for more details

Am Captain Kelvin Ken Miller currently I need you assistant to move some funds out of Iraq

Email analysis :

NOTE : genjohnwnicholson@ighomail.com
NOTE : abruant@virgilio.it
NOTE : Received : from User (unknown [105.227.180.214])

NOTE : by neptune.exsilia.net (Postfix)

My Name is Sr. ADALBERTO CESÁRIO

My Name is Sr. ADALBERTO CESÁRIO

I am from Portugal I have been diagnosed with cancer. It has defiled all forms of medical treatment, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone (not even myself) but my business. Though I am very rich, I was never generous, I was always hostile to People and only focused on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. I would want to have a Personal and Trustworthy Relationship with you, as I intend and willing to empower the change of ownership for the transfer of my Deposits to your personal possession for further Investment and Charity Disbursement to the Less Privilege and Homeless. This is my private email address adalcesario93@gmail.com,write to me urgently.

I will send you the photos of me and my very hopeless and selfish family members, including my wife, who I learnt is getting married to my personal friend and attorney,

Thank you for your due consideration. God be with you.

Yours Brother.

Sr. ADALBERTO CESÁRIO

Email analysis :

NOTE : adalcesario91@hotmail.com
NOTE : client-ip=65.55.90.91;

NOTE : sender IP is 25.152.2.59

NOTE : Thread-Topic : My Name is Sr. ADALBERTO CESÁRIO
NOTE : Content-Language : en-US
NOTE : Mime-Version : 1.0
NOTE : X-Ms-Has-Attach :

Catering

Hello my name is Charles i will like to know if you do catering service and can i know if you are the owner or manager, what is your name and do you accept credit card ?

Email analysis :

NOTE : ccarson5524@gmail.com
NOTE : claudesq@outlook.com
NOTE : kcarson0007@gmail.com

Low Mailbox Space (Update Your Mailbox To Avoid Error) (Phishing)

Dear User,

Your mailbox quota is full
This may cause your mailbox fault or you may not be able to receive more e-mail

To continue using your mailbox, you need to immediately upgrade your mailbox quota. This service is free.

Upgrade mailbox quota here

Once the upgrade is complete, your mailbox will work effectively.

Mail Administrator 2016

Screenshot of the email :

Email analysis :NOTE :

NOTE : Return-Path : < hazmi@almadar-group.net >
NOTE : Mime-Version : 1.0
NOTE : X-Authenticated-Sender : host.arabsgate115.com: hazmi@almadar-group.net
NOTE : X-Get-Message-Sender-Via : host.arabsgate115.com:
NOTE : authenticated_id: hazmi@almadar-group.net
NOTE : Received-Spf : client-ip=209.59.186.52;
NOTE : Received : from host.arabsgate115.com (host.arabsgate115.com. [209.59.186.52])
NOTE : Received : from [95.141.31.22] (port=59484 helo=[10.129.123.246])

NOTE : by host.arabsgate115.com
NOTE : Low Mailbox Space (Update Your Mailbox To Avoid Error)

Phishing analysis :

CLICK : Upgrade mailbox quota here
OPEN : http://ftxvisualprint.com.br/payment/2015alldomain/connectID.php
REDIRECT : http://ftxvisualprint.com.br/payment/2015alldomain/9vk88r49xgk3k5jjmf9lycov.php

PARAMETERS : ?rand=13InboxLightaspxn.*
PARAMETERS : &fid.*.*
PARAMETERS : &fid=1
PARAMETERS : &fav.1
PARAMETERS : &rand.13InboxLight.aspxn.*
PARAMETERS : &fid.*
PARAMETERS : &fid.1
PARAMETERS : &fav.1
PARAMETERS : &email=
PARAMETERS : &.rand=13InboxLight.aspx
PARAMETERS : ?n=*
PARAMETERS : &fid=4#n=*
PARAMETERS : &fid=1
PARAMETERS : &fav=1

SCREENSHOT :

CLICK : Login to continue
REDIRECT : http://ftxvisualprint.com.br/payment/2015alldomain/connect_phone.php
SCREENSHOT :

CLICK : Verify to continue
REDIRECT : TO THE PREVIOUS PAGE

Alice Watson

MY NAME IS MRS ALICE HUTTON WATSON.WIFE OF LATE AMBASSADOR OF JAMAICA FROM IVORY COAST, PLEASE I WANT YOU TO REPLY ME BACK AS SOON AS YOU READ THIS MESSAGE BECAUSE I WANT TO DISCUSS SOMETHING VERY IMPORTANT WITH YOU, I AM A CANCER PATIENT WITH A VERY SHORT TIME TO LIVE AND I AM CONTACTING YOU BECAUSE I WANT TO ENTRUST THE SUM OF USD 12.7MILLION TO YOUR HAND AS A DONATION FOR CHARITY WORK., TO HELP THE MOTHERLESS CHILDREN AROUND YOU, THIS MONEY WAS DEPOSITED BY MY LATE HUSBAND IN ONE OF THE BANK HERE IN ABIDJAN, AND I AM WAITING FOR YOUR REPLY FOR MORE INSTRUCTION AND INFORMATION ABOUT THIS FUND, REGARD MRS ALICE HUTTON WATSON

Email analysis :

NOTE : phili.gordon73@yahoo.com
NOTE : beccab077@outlook.fr
NOTE : Received : from [98.138.88.237]

NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Sarah Ibrahim

How are you?

My name is Sarah.I am a woman and I would like to add you as my friend and establish a lasting relationship with you please If you are interested to know more about me write i will send you my picture and tell you more about me. I'll be waiting to hear from you soon,

Sarah

Email analysis :

NOTE : theenchantedcat@yahoo.com
NOTE : sarahibrahim10@hotmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Rép : Urgent Response

Salam - Greetings,

May the peace and blessings of Allah be with you. It's nice to have you as a contact. I'm Dr. Mohammed Khalid, from Benghazi - Libya. I'm a private investor and a retired financial expert, I'm interested in investing in any lucrative investment opportunity in the sectors such as Pharmaceutical industry, Resort/real estate, production, technology, start-ups, Cosmetics, Medical center/Clinics, agriculture, mining or any other lucrative business proposal, business plan or business concept would be welcomed.

Send me your business proposal via email to discuss the investment possibilities and terms of cooperation. More details that will assist this investment project would be much welcomed. Shokran!!

I hope to hear from you as soon as possible.

Kind Regards,
Dr. Mohammed Khalid
Benghazi - Libya
+218-6899-37388

Email analysis :

NOTE : mohdkhalid78@yahoo.com
NOTE : no.reply@drkhalid.co.uk
NOTE : Received : from User ([223.197.151.47])

NOTE : by imsantv99.netvigator.com

johnson helen

Hello, My name is Helen i will be very happy to know you and have you as my good friend, And also have important thing to share with you . Have a nice day .

Your new friend
Helen

Email analysis :

NOTE : johnsonhelen16@hotmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : client-ip=216.109.115.62;

: Congratulation you are one of BMW Lucky Winner Contact: davideric431@gmail.com

Congratulation You are one of the ten(10) lucky 2016 end of the year promo winner, please contact Game Manager to claim your price: bmw davideric431@gmail.com

NOTE; delivery charges are winner responsibility

Email analysis :

NOTE : davideric431@gmail.com
NOTE : pop03.mail.atl.earthlink.net@lhr.comsats.net.pk
NOTE : Organization : BWM AUTOMOBIL
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at trancom.ru
NOTE : User-Agent : RoundCube Webmail/0.2.2
NOTE : X-Sender : pop03.mail.atl.earthlink.net@lhr.comsats.net.pk
NOTE : Received : from mail.trancom.ru (mail.trancom.ru. [93.188.188.10])