Tradekey phishing

http://int2.tkcdn.com/lang/en/images/tklogo_log.jpg

Dear Valued Customer,

We received a request to update your account associated with this e-mail address.
This is a request from our server, please follow the instructions below.

Click the link below to continue using our secure server:

https://www.tradekey.com/secure/TID=UPDATE

Thank you for using our services.

http://int2.tkcdn.com/lang/images/iso_horizontal.gif

Privacy Policy - Terms of Use - Intellectual Property Policy
Copyright © 2014 TradeKey.com

Phishing analysis :
=================================================
NOTE : Click https://www.tradekey.com/secure/TID=UPDATE
NOTE : Redirect http://www.onmycloud.fr/libraries/openid/Auth/Yadis/tradekey.com/index.html

NOTE : Validate phishing form
NOTE : Redirect http://www.tradekey.com
=================================================

Mail analysis :
=================================================
NOTE : Received : from mailgate7.iss.soton.ac.uk (mailgate7.iss.soton.ac.uk. [152.78.128.16])
NOTE : Received : from mailgate7.iss.soton.ac.uk (localhost.localdomain [127.0.0.1])
NOTE : Received : from UOS-MSG00037-VS.soton.ac.uk
NOTE : (uos-msg00037-vs.soton.ac.uk [152.78.119.39])
NOTE : by mailgate7.iss.soton.ac.uk (mailgate7.iss.soton.ac.uk [152.78.128.16])
NOTE : envelope-from
NOTE : Received : from User (176.115.143.94)
NOTE : by smtp.soton.ac.uk (152.78.119.39)
NOTE : X-Received : by 10.194.88.138
NOTE : Please contact Serviceline@soton.ac.uk for more information
NOTE : mail2serv@tradekey.com
NOTE : [TradeKey E-mail Notification]
=================================================

Whois analysis :
=================================================
WHOIS Soton.ac.uk :
=================================================
The University of Southampton combines academic excellence with an innovative and entrepreneurial approach to research, supporting a culture that engages...
=================================================
WHOIS onmycloud.fr :
=================================================
nic-hdl: HYGO2-FRNIC
type: ORGANIZATION
contact: HEY YOU GET ON MY CLOUD!
address: HEY YOU GET ON MY CLOUD!
address: 24, rue Danielle Casanova
address: 91330 Yerres
country: FR
phone: +33.6.82.00.63.60
e-mail: jcvareille@onmycloud.fr
registrar: OVH
changed: 08/06/2012 nic@nic.fr
anonymous: NO
obsoleted: NO
source: FRNIC
=================================================

Rép : Swift Payment Confirmation.

Good day,

I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.

7/09/14 14:12:20 LOcalOutAcks-2536-0883793

--------------------Instance Type Transission--------------------

Notification (Transmission) of Original sent to SWFT (ACK) Nerwork Delivcr Status Nerwork Ack

Priorty/Delivcry:

Normal

Swift Lnput:

FIN 103 Single Customer Credit Transfer

Sender:

CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ

Receivr :

CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US

---------------------Message Text--------------------

20:Sender's Reference
986/25LUMUMBA
23B:Bank Operation CodcCRED
32A:Val Dte/Curr/Interbnk Settld Amt
Date:7 September 2014
Currency:USD (US DOLLAR)
50K:Ordering Customer- Name & Address

---------------------Message Text--------------------

{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt

---------------------Intervtions---------------------

Caiegory:Nerwork Report
Creation Time:7/09/14 14:12:20
Application:SWTFT Interface
Operato:Systern
Text{1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}

Regards
Asjad Sayeed/Northern Tannery

Sent from my iPhone

< TT copy.7z >

Virus Analysis :

AVG Inject2.AUZR 20140911
Ad-Aware Gen:Variant.Zusy.105684 20140911
Avira TR/Betabot.A.178 20140911
Baidu-International Trojan.Win32.Neurevt.aJXs 20140911
BitDefender Gen:Variant.Zusy.105684 20140911
Cyren W32/Ransom.QLKF-8999 20140911
DrWeb Trojan.PWS.Stealer.13199 20140911
ESET-NOD32 a variant of Win32/Injector.BLNI 20140911
Emsisoft Gen:Variant.Zusy.105684 (B) 20140911
F-Secure Gen:Variant.Zusy.105684 20140911
Fortinet W32/Neurevt.API!tr 20140911
GData Gen:Variant.Zusy.105684 20140911
Ikarus Trojan.Crypt 20140911
K7AntiVirus Riskware ( 0040eff71 ) 20140910
K7GW Riskware ( 0040eff71 ) 20140910
Kaspersky Trojan.Win32.Neurevt.api 20140911
Kingsoft VIRUS_UNKNOWN 20140911
MicroWorld-eScan Gen:Variant.Zusy.105684 20140911
NANO-Antivirus Trojan.Win32.Stealer.derrjx 20140911
Panda Trj/CI.A 20140910
Sophos Troj/Inject-BCM 20140911
TrendMicro TROJ_GEN.R00JC0EIA14 20140911

Mail analysis :

NOTE : Received : from ebeautiquestore.com (203.175.170.39)

NOTE : Received : from User (unknown [69.26.211.159]) by ebeautiquestore.com

CENTRAL BANK GOVERNOR

THE CENTRAL BANK OF NIGERIA
OFFICE OF THE GOVERNOR
CONTACT Our Ref: CBN/OHG/OXD1/09
Your Ref: ...............
TELEX: CENTRAL BANK.
PAYMENT FILE: CBN/BEN/09.

PAYMENT NOTIFICATION,

Definitely, I know that this letter will be a surprising one to you. Firstly, I will like to introduce my self formally as Mr.Godwin Emefiele, The Executive Governor of The Central Bank of Nigeria (CBN). I am officially contacting you today because your Inheritance Funds were Re-deposited into the "Federal Suspense Account" of CBN Central Bank Of Nigeria last week, because you did not forward your Claim as the Rightful beneficiary Well known to all, The Central Bank of Nigeria is the mother Bank of all commercial Banks here in Nigeria. So has the singular right to carry out this delivery. Really these men were unexpected by me because their visit was impromptu. I had to ask them why they came to see me in person and they said that they were here to collect the Inheritance Bill in Sum of ($5 MILLION USD) which rightfully belongs to you, on your behalf. In respect of your unfinished transaction which you are unable to collect your fund. At this development I asked them who authorized them to come down to Nigeria for the Collection of this Payment and they told me that you asked them to come and collect this Funds on your Behalf. In fact this was the biggest shock that this Bank have ever received so far because your Inheritance Funds is still in the "Federal Suspense Account" of CBN, yet you sent these men to come and collect this Funds on your behalf without notifying us. We in this Bank do not understand why you sent these men to come and Collect your Funds on your behalf. If actually you want them to help you collect your Inheritance Bill Sum, at least you should have informed me as the Executive Governor of this Bank. They actually tendered some Vital Documents, which proved that you actually sent them for the Collection of this Fund. Honestly, it really baffles me that you took such decision without my consent, by and large we still have to consider the fact that as the rightful owner of the fund you still have your own rights too.

Here are the Documents, which they tendered to this Bank:

1. LETTER OF ADMINISTRATION.
2. HIGH COURT INJUNCTION.
3. ORDER TO RELEASE.

Actually, these Documents, which they tendered to this Noble Bank, is a clear Proof that you sent them to Collect this Funds for you. Finally, I told them to come back and they promised to come back. As the Governor of this Noble Bank, I was supposed to Release this Funds to them but I refused to do so because I wanted to hear from you first. Due to the Nature of my job, I will not want to make any mistake in Releasing this Funds to anyone except you whom is the Recognized Bonafide Beneficiary to this Funds. Kindly clarify us on this issue before we make this Payment to these foreigners whom came on your behalf. In receipt of this confidential Letter, you are required to respond immediately to this email : with your full name, address and phone number for reconfirmation and immediate action. However, I want you to know that this fund will reach via bank to bank transfer, neither by any courier nor postage because we found out that there have been much Problems when trying to deliver this via courier services. Moreover the transferring bank will be introduced as soon as we confirmed from you if really you send those men to get your fund on your behalf. I also want you to know that the only fee attach to this fund which you must have to take of is the administrative charges and the paper work $90usd.So be informed.

OFFICIALLY SIGNED.
GOVERNOR OF CENTRAL BANK OF NIGERIA
GOVERNOR GODWIN EMEFIELE

DIRECTIVE TO REMIT WITHHELD FUND.

Union Bank of Nigeria
HEAD OFFICE STALLION PLAZA
36, Marina Lagos.
Foreign operation office
Ogundipe Gbolahan David
E-mail: unb.bank@aol.com

Sequel to the directive from the Federal Ministry of Finance to pay your inheritance/contract/lottery sum of $750,000 USD. An ATM Card Number: 5120 8156 1062 5647 worth USD$750,000 has been accredited by the Union bank of Nigeria as part payment of your withheld transfer authorized by the Ministry of Finance. In view of the payment authorization issued by the Federal Ministry of Finance (FMF) in your favour, we request you provide us with the following information for verification and immediate release of your ATM card.

1.Full Name:
2.Phone number:
3.Delivery Address (not postal address):
4.Age:
5.Gender:
6.Occupation:

We undertake that delivery of your ATM card under this notice will be honoured upon completion of the verification/authentication process. Bear in mind that you will pay the courier service charge ($140) being the amount needed to courier your ATM card to your address as we are not authorized to make deductions from your funds. This is the case only when you cannot be present in person in our above office address to pick your ATM card. You are receiving this message as a result of the directive from the Federal Ministry of Finance instructing the Union Bank of Nigeria to release your withheld payment. You will receive your ATM card within 72hrs of receipt of the courier service charge of $140 needed to courier your ATM card to your address. Please note that you have a 7days period to comply with this request, after which non-compliance will attract declaration of your ATM card as unclaimed and funds reverted to the government treasury. Your prompt response is highly anticipated. Please help us to serve you better.

Yours Faithfully,
Ogundipe Gbolahan David
FOREIGN OPERATIONS

CORPORATE PARTNER

i am Mr.Lee Pong Hohn, the vice president of GLOBAL TRADERS LIMITED,TOKYO JAPAN.My company deals on the importation and exportation of Pharmaceuticals and Textiles products and raw materials from Japan to America/Canada and theUnited Kingdom. My company is currently recruiting Representatives/Agents that will assist us with some logistics jobs as well as receiving payments on our behalf and remitting back to us. Please contact us for more information if you are interested in being an agent of my company through my email address. Subject to your acceptance of this offer, you shall be given more information about the job and your remuneration. I expect your favorable response.

Regards,
Mr.Lee Pong Hohn.
VICE PRESIDENT

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.

Google Docs Phishing

Spreadsheet

You have a pending incoming docs shared with you via Google docs

Click to open: eStatement

Google Docs makes it easy and essential to create, store and share online file ,slide and presentations.

Logo for Google Docs

NOTE : Click "eStatement"
NOTE : "eStatement" open http://www.idocglemangod.com/vgdp.php/
NOTE : Redirect to http://www.blibaryflilex.com/DOCTECH/FGSX/

NOTE : Click "Download pdf 1.02 MB"
NOTE : Open http://www.blibaryflilex.com/DOCTECH/FGSX/auth.php

NOTE : Click "Gmail"
NOTE : Open a form

NOTE : Validate...
NOTE : Credentials are stolen..
NOTE : Redirect to official google page.

MAIL :
=========================================
NOTE : Return-Path : < james@jofashions.com >
NOTE : smtp.mail=james@jofashions.com
NOTE : Mime-Version : 1.0
NOTE : Pending
=========================================

IDOCGLEMANGOD.COM WHOIS :
=========================================
Domain Name: IDOCGLEMANGOD.COM
Registry Domain ID:
Registrar WHOIS Server: whois.netearthone.com
Registrar URL:
Updated Date: 18-Jul-2014
Creation Date: 18-May-2014
Registrar Registration Expiration Date: 18-May-2015
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited
Registry Registrant ID: DI_36368122
Registrant Name: duest clifford
Registrant Organization: 9iuhaddanx
Registrant Street: 89 jalan tuzurak
Registrant City: damasara
Registrant State/Province: kl
Registrant Postal Code: 57000
Registrant Country: MY
Registrant Phone: +60.0122719021
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pleadgids@aol.com
Registry Admin ID: DI_36368122
Admin Name: duest clifford
Admin Organization: 9iuhaddanx
Admin Street: 89 jalan tuzurak
Admin City: damasara
Admin State/Province: kl
Admin Postal Code: 57000
Admin Country: MY
Admin Phone: +60.0122719021
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: pleadgids@aol.com
Registry Tech ID: DI_36368122
Tech Name: duest clifford
Tech Organization: 9iuhaddanx
Tech Street: 89 jalan tuzurak
Tech City: damasara
Tech State/Province: kl
Tech Postal Code: 57000
Tech Country: MY
Tech Phone: +60.0122719021
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: pleadgids@aol.com
Name Server: ns5.jomhosting.net
Name Server: ns6.jomhosting.net
DNSSEC:Unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
Last update of WHOIS database: 2014-09-11T09:01:31+0000Z
=========================================

BLIBARYFLILEX.COM WHOIS :
=========================================
Domain Name: BLIBARYFLILEX.COM
Registry Domain ID:
Registrar WHOIS Server: whois.netearthone.com
Registrar URL:
Updated Date: 18-Jun-2014
Creation Date: 18-Apr-2014
Registrar Registration Expiration Date: 18-Apr-2015
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited
Registry Registrant ID: DI_35582564
Registrant Name: filex assurfix
Registrant Organization: assiexbles
Registrant Street: jalan 8/9c
Registrant City: ampang
Registrant State/Province: kuala lumpur
Registrant Postal Code: 68000
Registrant Country: MY
Registrant Phone: +60.019772233
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: blibary@yahoo.com.my
Registry Admin ID: DI_35582564
Admin Name: filex assurfix
Admin Organization: assiexbles
Admin Street: jalan 8/9c
Admin City: ampang
Admin State/Province: kuala lumpur
Admin Postal Code: 68000
Admin Country: MY
Admin Phone: +60.019772233
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: blibary@yahoo.com.my
Registry Tech ID: DI_35582564
Tech Name: filex assurfix
Tech Organization: assiexbles
Tech Street: jalan 8/9c
Tech City: ampang
Tech State/Province: kuala lumpur
Tech Postal Code: 68000
Tech Country: MY
Tech Phone: +60.019772233
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: blibary@yahoo.com.my
Name Server: ns7.jomhosting.net
Name Server: ns8.jomhosting.net
DNSSEC:Unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
Last update of WHOIS database: 2014-09-11T09:02:35+0000Z
Registration Service Provided By: JOMHOSTING.NET
=========================================