Sunday, July 24, 2016

CONSENT

I'm Gary a banker by profession.I've a business deal of great benefit to both of us.
Write me urgently on ( garudolf@yahoo.com ) for further details.

Email analysis :

NOTE : garidolf5@hotmail.com
NOTE : garudolf@yahoo.com
NOTE : client-ip=65.55.34.219;

Hagan Turner

I wish to introduce our firm Transit Funding Group LLC, a private owned consumer finance company founded in the year 2000, operating in Chicago Illinois, United State. We offer all types of loan such as personal and auto loans, debt consolidation, business start-up, business expansion and project funding in all categories, etc. Contact us via E-mail should you be interested: turnerhagang3055@gmail.com

Yours faithfully
Hagan Turner
MD/CEO

Email analysis :

NOTE : turnerhagang3055@gmail.com
NOTE : contact@allgro-ci.com
NOTE : Received : from mail.linux-ci.com (localhost [127.0.0.1])
NOTE : by mail.linux-ci.com (Postfix)
NOTE : Received : from mail.linux-ci.com ([94.247.27.149])
NOTE : X-Originating-Ip : [197.210.225.46]

Saturday, July 23, 2016

Your SSL Certificate has expired

Dear customer,

You are receiving this notification because your Salesforce SSL certificate has expired.
In order to continue using Salesforce.com, you are required to update your digital certificate.

The new Salesforce digital certificate can be downloaded from:
https://salesforce.dattodrive.com/index.php/s/ZoeW7Vs1kfLcUdF/download

Instruction:
Unzip the downloaded file first. SSL certificate cannot be installed if it is zipped.
Double click the SSL certificate file and click 'OK' to confirm installation.
According to our Terms and Conditions, failing to renew the SSL certificate will result in account suspension or cancellation:
http://www.salesforce.com/company/privacy/security.jsp

Thank you for using Salesforce.com

Email screenshot :


Email analysis :

NOTE : support@salesforce.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/plain; charset=ISO-8859-1; format=flowed
NOTE : paultayoy@alpestour.com
NOTE : Received : from 62.42.178.94.dyn.user.ono.com
NOTE : (62.42.178.94.dyn.user.ono.com [62.42.178.94])
NOTE : Your SSL Certificate has expired

Analysis of the link :

CLICK : https://salesforce.dattodrive.com/index.php/s/ZoeW7Vs1kfLcUdF/download
OPEN : https://salesforce.dattodrive.com/index.php/s/ZoeW7Vs1kfLcUdF/download
SCREENSHOT :

Wichtig: Konto-Update (Strato Phishing)

Sehr geehrter Kunde:

Wir führen Wartungsarbeiten an unserer Kundendatenbank , wodurch Sie verpflichtet sind, Ihre Daten sofort zu überprüfen.

Wir betrachten diesen Prozess zwingend

Aktualisieren Sie Ihr Konto

Freundliche Grüße
Strato

Email screenshot :


Email analysis :

NOTE : byron.d@aldamafoods.com
NOTE : Mime-Version : 1.0

Phishing analysis :

CLICK : Aktualisieren Sie Ihr Konto
OPEN : https://db.tt/iBIofV7y
REDIRECT : base64 redirect (raw file on pastebin) (converted html file on pastebin)
SCREENSHOT :

PLEASE PROTECT YOUR ACCOUNT (MailBox Phishing)

Hello Dear

We're letting you know your account will be decline within 24hrs
If you haven't already confirmed, immediately deletion can occur any scheduled.
Need a earlier confirmation as notified before your availability,
kindly confirm your account in our database to avoid this interruption

Click Here to confirm

Best Regards,
The Mailbox Account team

Copyright Š 2016 MailboxTeam Inc. All rights reserved.

Email screenshot :


Email analysis :

NOTE : MailboxTeam@officialmail.com
NOTE : client-ip=80.78.246.99;


Phishing analysis :

CLICK : Click Here
OPEN : http://googldoc.casadekebab.com/google/google/*/
SCREENSHOT :

YOU WON

Your email has won $4,600,000 on Lucky No.39-44-25-17-88 from the UK Lotto online draws of July 2016 held in Thailand. Contact MR. JOHN EDWARD of UK Lotto with your Full Names, Country, Address, Telephone, Age & Gender for payment instructions.Via: edwardjo1430@yahoo.com

Stewart Jerome.

Email analysis :

NOTE : edwardjo1430@yahoo.com
NOTE : jiller.born@aol.com
NOTE : Received : from ADMIN-PC (unknown [77.243.189.212])
NOTE : X-Aol-Ip : 77.243.189.212