interac phish abusing Amazon
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 03 Oct 2024 10:21:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1swOYw-00000000Gsq-2n7E
for dave@doctor.nl2k.ab.ca;
Thu, 03 Oct 2024 10:20:22 -0600
Resent-From: The Doctor
Resent-Date: Thu, 3 Oct 2024 10:20:22 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from a8-200.smtp-out.amazonses.com ([54.240.8.200]:40093)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from <010001925197e4d7-76b0d007-d829-4ad9-83ba-1fc11a0f9757-000000@amazonses.com>)
id 1swOW0-00000000GSH-06hA
for root@nk.ca;
Thu, 03 Oct 2024 10:17:28 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=lipykpvm7egdvvotf6pg6j76hqodr6wr; d=solidecenergie.com;
t=1727945762;
h=From:Subject:To:Content-Type:MIME-Version:Date:Message-Id;
bh=FIGaGOJjlTn7funBh2C8+MFyGfULeh6kps0CK7VaXPo=;
b=0We9G495fmdx96+VU4i4vBNQgNqb/6IYyf11PZa8d86DomdGtON5J7rw7GTSYNaS
aOCAVyaI+j0TiKE/FyeTTqh2WtVWk0yD9eToEbn8SOIXWz6l99nvRjx5Da1h7xzPsZS
tqnJB4cbVrfyeSyi1M6L21JIMrpz40NJN9jjWg1fFslQak66r96PuL/gCcQZNm6tqhu
CkNd1dri7KYwjrtBeWdbf2AjCygCtu7F1UJKWHGStOWWPptPfMqgySkgrnM81Fhreyf
7o21K/fUxOnUaEcOSEkb9SWfj6iCSgqIAo5NHxPws/mLsA422D7pNSCzticAM9YnPl1
0S6bDYmT1g==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1727945762;
h=From:Subject:To:Content-Type:MIME-Version:Date:Message-Id:Feedback-ID;
bh=FIGaGOJjlTn7funBh2C8+MFyGfULeh6kps0CK7VaXPo=;
b=eijK6UVhKi6CMzkij/+mf9iOErTI5XAH8SQKpl8RyXg6IbUf8B3QDGEinTdkt/BT
j+/5KNhqgJNmQVHs9mBVIlHqKI+52BjNau/CLKG08m6+KdPys+lIzG0WoG5Ev4l4Kh4
w8kkRuPzFTqRhaVIkKE7Hexs20qawfiiiSmfzFV4=
From: Interac e-Transfer!
Subject: Interac e-Transfer: You Have a Payment!
To: root@nk.ca
Content-Type: multipart/alternative; boundary="AuJFtouUVYBsTns9nrKVeG6LXOsZ8K=_18"
MIME-Version: 1.0
Date: Thu, 3 Oct 2024 08:56:02 +0000
Message-ID: <010001925197e4d7-76b0d007-d829-4ad9-83ba-1fc11a0f9757-000000@email.amazonses.com>
Feedback-ID: ::1.us-east-1.a5+xpNSUAxJpab5V5BYOTkrAY9ltTdS615z4V07OoIg=:AmazonSES
X-SES-Outgoing: 2024.10.03-54.240.8.200
X-Spam_score: 15.3
X-Spam_score_int: 153
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://www.interac.ca/en Hello root@nk.ca, You have received
a secure transfer of $1350.46 CAD from Addison Clarke on 10/3/2024 - 8:56
AM.
Content analysis details: (15.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
[54.240.8.200 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[54.240.8.200 listed in dnsbl.ahbl.org]
[54.240.8.200 listed in dnsbl.ahbl.org]
[54.240.8.200 listed in dnsbl.ahbl.org]
[54.240.8.200 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[54.240.8.200 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[54.240.8.200 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[54.240.8.200 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[54.240.8.200 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[54.240.8.200 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
1.1 DKIMWL_BL DKIMwl.org - Blocked sender
0.0 FROM_FMBLA_NEWDOM14 From domain was registered in last 7-14 days
2.0 GR_DOMAIN_AMAZON1 Received contains spam friendly host (amazon)
1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
2.3 MANGLED_TRNFER BODY: mangled TRANSFER
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
mails
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.0 LOTS_OF_MONEY Huge... sums of money
Subject: {SPAM?} Interac e-Transfer: You Have a Payment!
This is a multi-part message in MIME format
--AuJFtouUVYBsTns9nrKVeG6LXOsZ8K=_18
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
https://www.interac.ca/en
Hello root@nk.ca,
You have received a secure transfer of $1350.46 CAD from Addison Clar=
ke on 10/3/2024 - 8:56 AM.
Deposit Your Funds: at
https://e-moneyonline.s3.us-west-2.amazonaws.com/customer_authns.html=
Or
Select a Different Financial Institution https://4online-authns.s3.us=
-west-2.amazonaws.com/authnsv04.html
Expiration: 10/3/2024 - 8:56 AM
Security Tip: Consider setting up Autodeposit to receive transfers di=
rectly into your bank account without needing to answer security quest=
ions.
If you did not expect this t
ransfer, please contact our support team immediately.
=A9 2000 - 2024 Interac Corp. All rights reserved.
Terms of Use https://www.interac.ca/en/interac-e-transfer-terms-of-us=
e/
=AE Trademarks of Interac Corp.
--AuJFtouUVYBsTns9nrKVeG6LXOsZ8K=_18
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0">
qqj.r.us-east-1.awstrack.me/I0/010001925197e4d7-76b0d007-d829-4ad9-83ba-1fc=
11a0f9757-000000/UqElRGIA_hYmn7gojJK7jazJuOQ=3D394" style=3D"display: none;=
width: 1px; height: 1px;">
--AuJFtouUVYBsTns9nrKVeG6LXOsZ8K=_18--