Hello Good Day

Stop contacting them. Because Your fund Is Not with them

I am Mrs Betty Rawlings; A United States Citizen, 58 years old. I reside here in Perth Amboy NJ, My residential address is as follows 482 SAYRE AVE NO,2 PERTH AMBOY 08861 Apt 305, New Jersey, United States. I am thinking of relocating since I am now wealthy.Well I will have to let the cat out of the bag and let this great news known to you, I am one of those that took part in the Compensation awards in Benin Republic many years ago and they refused to pay me, I had spent over $80,000.00 of my life savings while in the USA trying to get my payment but all to no avail.

After all this series of criminal acts that happened to me, I decided to travel down to Benin Republic with all my compensation documents as I was directed to meet with one Barrister Mensah  Baah who happens to be a member of the Compensation Award Committee in Benin. I contacted him and he explained everything to me in detailed information’s, He said whoever is contacting us through emails, Phone or whichever means are fake.

Barr. Mensah  Baah took me to the paying bank for the claim of my compensation payment. With great joy in my heart right now I am the happiest woman on planet earth, I received my compensation funds of Five Million Five Hundred Thousand United State Dollars (US$5,500,000.00).

Moreover, Barr. Mensah  Baah showed me the full list and information’s of receivers that has been scheduled to receive their payments but are yet to receive it, While going through this list carefully I saw your email address and other information’s as one of the beneficiaries, for this reason I have decided to email you to stop dealing with those people, they are not in any way with your funds and won't stop taking money from you, these people are only stealing from you.Right now I will advise that you contact Barrister Mensah  Baah, You can contact him directly on this information below.

COMPENSATION AWARD HOUSE Benin,
NAME: Mensah  Baah
Please Copy His Email: mensahbaah@yeah.net

You really have to stop dealing with those people that are contacting you and telling you all sort of lies as your funds is not in anyways with them. They are only taking advantage of you and they will not stop until you have nothing just like they did to me in the past, The only money I paid after I met Barrister Mensah  Baah is just $108 for the paper works, take note of that.

(NOTE: TELLING YOU TO PAY FOR ANY DELIVERY OR COURIER CHARGE IS ALL NOTHING BUT LIES, I REPEAT THE ONLY MONEY YOU WILL HAVE TO PAY AND WHICH I ALSO PAID IS $108 FOR THE ADMINISTRATIVE/ ENDORSEMENT CHARGE AS IMPOSED BY THE GOVERNMENT AND YOUR PACKAGE CONTAINING YOUR CERTIFIED BANK DRAFT CHEQUE WILL BE REACHING YOU THROUGH THE REGULAR MAIL SERVICE.)

Once again I urge you to stop contacting those people for your own good, I will advise you to contact Barr. Mensah  Baah so that he will help and give you guideline until your funds is delivered to you. Instead of dealing with those people that will be turning you around and asking for different kind of upfront money to complete your transaction, I will advise that you contact only Barr. Mensah  Baah.
Thank You and Remain Blessed.

Mrs Betty Rawlings

Email analysis :

NOTE : mensahbaah@yeah.net
NOTE : andre@tramandai.rs.gov.br
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : X-Php-Originating-Script : 1711:rcube.php
NOTE : Received : by pmt.tramandai.rs.gov.br (Postfix, from userid 33)
NOTE : Received : from pmt.tramandai.rs.gov.br (pmt.tramandai.rs.gov.br. [186.232.55.210])

NOTE : Prefeitura Municipal de Tramandaí was used to relay this scam, with account andre

Contact Mr.Shegun Akintomi(Skye bank ATM director)

Attention please!!!

We were authorized by the President, Federal Republic of Benin and the Governing Board of Central Bank to investigate the unnecessary delay of your payment,to also recommend and approve your claims for payment if the report of the unclaimed contract/inheritance funds is genuine. However, we discovered that your funds has been unnecessarily delayed by corrupt officials of some banks.

We have agreed with the authority that we will handle this payment ourselves to avoid the hopeless situation created by those officials. Currently your Inheritance/Contract fund of $7.5Million has been credited in ATM card.Contact Mr.Shegun Akintomi(Skye bank ATM director)with your details including phone lines for immediate delivery.

Contact Name: Mr.Shegun Akintomi
Email: atm78410@gmail.com
office line:+22999944906

Signed,
management of Skye Bank Plc.

Email analysis :

NOTE : yahagi@tunekawa.co.jp
NOTE : atm78410@gmail.com
NOTE : X-Mailer : Web de Mail, 1.0.0
NOTE : client-ip=216.230.254.50;

TR : !mp0rtant a L!RE.

bien aiméε‏

Excusεz-møi de vous contactεz de cette manièrε car nøus nε nous connaissøns pas.

En bref je me nommε LAURENT BOUDIER d'origine Françaisε et je vis à Londres. Je souffrε d'unε gravε maladiε et j'aimεrais vous faire une prøpøsition qui pourrait vous intéressεr.Il s'agit d'un døn d'une somme de850 000 de euro.

Vous trouverεz sur le documεnt en fichiεr joint plus de rensεignement concernant mon døn je vous prie de la lire lεttre en fichier jøint. Ceci n’étant pas un spam ni virus.

Pour avoir plus de rensεignement concernant cette dønatiøn je vous prie de me Contactεz moi a cette adrεssε. Ceci n’étant pas un spam ni virus :

Conctεz moi a cette adrεssε:

Mail!: laurent.boudier@outlook.com***laurent.boudier@outlook.com

T

Recevez encore une fois de mes salutations les plus distingués .

Cordialement

Monsieur Boudier

256931569426655689465(1).pdf

Email analysis :

NOTE : janujz5@orange.fr
NOTE : claouenan@cazes-goddyn.com
NOTE : clean@orange.com
NOTE : laurent.boudier@outlook.com
NOTE : X-Me-Ip : 86.206.187.80

Samantha Gann sent you "Scan001.zip"

Samantha Gann a file with you on Dropbox

The updated agreement with AlixPartners

Scan001.zip

Download

© 2016 Dropbox

Email screenshot :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from unknown (HELO NNZCABJO) (1.47.202.181)

NOTE : Samantha Gann sent you "Scan001.zip"

File analysis :

CLICK : DOWNLOAD
OPEN : https://www.cubbyusercontent.com/pl/Scan001.zip/_6ec59f8ef081469e9dba0d304a99cb9d
FILENAME : Scan001.zip
RESULT : File is a virus.

Virus analysis :

SHA256: e68dfb45eb15d675073486679ac94cac1788ea5c54a3e39cb9cddddaf73a179e
FILENAME : Scan001.zip
AVG : Downloader.Generic_c.ALTL
Ad-Aware : Trojan.GenericKD.3298975
AegisLab : Exploit.Script.Generic!c
Arcabit : Trojan.Generic.D32569F
Avast : Other:Malware-gen [Trj]
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3298975
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.ADU
Emsisoft : Trojan.GenericKD.3298975 (B)
F-Secure : Trojan.GenericKD.3298975
Fortinet : JS/Nemucod.ET!tr.dldr
GData : Trojan.GenericKD.3298975
Ikarus : JS.Trojan-Downloader.Rogue
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Exploit.Script.Generic
McAfee : Generic.yd
McAfee-GW-Edition : Generic.yd
eScan : Trojan.GenericKD.3298975
Microsoft : TrojanDownloader:JS/Nemucod.AT
Rising : Exploit.Generic!8.3E1-aXLPd6nZxPO (Cloud)
TrendMicro : JS_NEMUCOD.QDA
TrendMicro-HouseCall : JS_NEMUCOD.QDA

Un nouveau messange est disponible sur votre messagerie HelloBank (Phishing Hello bank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Clique Ici

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Email screenshot :

Email analysis :

NOTE : __Hello.Bank__@tix.nl
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < zend@tix.nl >
NOTE : Received : by tix.nl
NOTE : X-Php-Originating-Script : 0:zabo.php
NOTE : Un nouveau messange est disponible sur votre messagerie HelloBank

Phishing analysis :

CLICK : Clique Ici
OPEN : http://belmondo-gent.be/7
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/
SCREENSHOT :

CLICK : Accéder aux comptes
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/check.php?log=*
SCREENSHOT :

CLICK : Vérifier
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/checked.html

REDIRECT : https://www.hellobank.fr/fr/espace-client

[important (1)] Vous avez reçu un message : (Phishing CyberPlus)

Bonjour,

Le département technique procéde à une mise à jour importante de logiciel programmée de facon à améliorer la qualité de nos services .

Nos vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer votre PassCyberPlus :

Confirmer votre PassCyberPlus

Nous vous remercions pour la confiance que vous acordez à nous et restons à votre disposition .

Cordialement,

Ceci est un troisiéme et dernier rappel nous vous invitant a accéder a votre formulaire dés que possible,

dans le cas contraire nous ne somme pas responsables des debit inhabituels sur votre compte

BANQUEPOPULAIRE

Â
Â

Email screenshot :

Email analysis :

NOTE : _C_y_b_e_r_P_l_u_s@amazon.fr
NOTE : Content-Type : text/html;charset='iso-8859-1'
NOTE : X-Proxad-Sc : state=HAM score=0
NOTE : Return-Path : < www-data@regiesmtp505-1.odiso.net >
NOTE : X-Mailer : PHP/5.3.10-1ubuntu3.23
NOTE : Received : by regiesmtp505-1.odiso.net
NOTE : X-Php-Originating-Script : 0:zamailer.php
NOTE : [important (1)] Vous avez reçu un message :

Phishing analysis :

CLICK : Confirmer votre PassCyberPlus
OPEN : http://cyber-rts.com/
REDIRECT : http://livinggreenlandscaping.com/language/en-GB/var
RESULT : Phishing was removed...