More Royal Bank Phish
Posted by Dave Yadallee on
From - Mon Feb 06 07:38:13 2012
X-Account-Key: account2
X-UIDL: ;=;"!&:,"!BkR!!U5!"!
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Level: **
X-Spam-Status: No, score=2.1 required=5.0 tests=URIBL_WS_SURBL autolearn=no
version=3.3.2
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Mon, 06 Feb 2012 07:37:16 -0700
From: "RBC Royal Bank"
Subject: *****SPAM**** ***SPAM** RBC Royal Bank: Fraud Attempts
Date: Mon, 6 Feb 2012 08:40:40 -0500
Message-Id:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4F2FE59C.052940DC"
X-UIDL: ;=;"!&:,"!BkR!!U5!"!
This is a multi-part message in MIME format.
------------=_4F2FE59C.052940DC
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Sign-In Protection - Unsuccessfu Sign-In Protection - Unsuccessful
Sign-In Attempt Personal Banking Account XXXXX-XXXXXXX [...]
Content analysis details: (6.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: brandraisers.com]
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4F2FE59C.052940DC
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: aboo@doctor.nl2k.ab.ca
Delivered-To: aboo@doctor.nl2k.ab.ca
Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 4935812CFA82
for; Mon, 6 Feb 2012 07:37:13 -0700 (MST)
X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Score: 18.043
X-Spam-Level: ******************
X-Spam-Status: Yes, score=18.043 tagged_above=2 required=6.2
tests=[BAYES_50=0.001, FORGED_MUA_OUTLOOK=3.116,
FORGED_OUTLOOK_HTML=0.001, FROM_MISSPACED=2.709,
FROM_MISSP_DKIM=1.126, FROM_MISSP_MSFT=1.622, FROM_MISSP_NO_TO=0.168,
FROM_MISSP_URI=0.001, FROM_MISSP_USER=1.677, FSL_CTYPE_WIN1251=1.29,
FSL_NEW_HELO_USER=0.487, FSL_UA=0.176, FSL_XM_419=0.153,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MISSING_HEADERS=1.292,
NSL_RCVD_FROM_USER=0.498, TO_NO_BRKTS_FROM_MSSP=0.01,
TO_NO_BRKTS_MSFT=0.758, URIBL_WS_SURBL=1.5] autolearn=unavailable
Received: from doctor.nl2k.ab.ca ([127.0.0.1])
by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Z2WMetVyIuI6 for;
Mon, 6 Feb 2012 07:37:09 -0700 (MST)
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id 20F2712CFA81; Mon, 6 Feb 2012 07:37:09 -0700 (MST)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Mon, 6 Feb 2012 07:37:09 -0700
Resent-Message-ID: <20120206143709.GA18125@doctor.nl2k.ab.ca>
Resent-To: See root
X-Original-To: doctor@nl2k.ab.ca
Delivered-To: doctor@nl2k.ab.ca
Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 0225D12CFA82
for; Mon, 6 Feb 2012 06:56:59 -0700 (MST)
X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca
Received: from doctor.nl2k.ab.ca ([127.0.0.1])
by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Tud_n81lTOFU for;
Mon, 6 Feb 2012 06:56:54 -0700 (MST)
Received: from beckmanonline.com (mail.beckmanonline.com [99.102.61.249])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 15FF412CFA81
for; Mon, 6 Feb 2012 06:56:47 -0700 (MST)
Received: from User ([24.97.216.105]) by beckmanonline.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 6 Feb 2012 07:40:42 -0600
From: "RBC Royal Bank"
Subject: ***SPAM** RBC Royal Bank: Fraud Attempts
Date: Mon, 6 Feb 2012 08:40:40 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020205.4F2FD85A.00B4,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 24.97.216.105
X-WatchGuard-Mail-From: ibanking@ib.rbc.com
Message-ID:
X-OriginalArrivalTime: 06 Feb 2012 13:40:42.0637 (UTC) FILETIME=[EBC09BD0:01CCE4D4]
X-Sanitizer: This message has been sanitized!
X-Sanitizer-URL: http://mailtools.anomy.net/
X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $
Sign-In Protection - Unsuccessfu
The response to your personal logon details did not match our records.
* A recent change in your contact information.
If you remember trying to access Online Banking on the above date and time,
please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/
"That was me."
If you do not remember trying to access Online Banking on the above date and
time, please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/
"That was not
me."
You will then be prompted to confirm your Personal Verification Questions and we
will send you an e-mail notifying that your account is active again.
We take your security very seriously. To help keep your Online Banking
information safe, be careful not to share your Password or Username, Client Card
Number or Personal Verification Question answers with anyone else. Please do not
reply to this email, as it was sent from an unmonitored account.
^RBC Online Banking is offered by Royal Bank of Canada.
------------=_4F2FE59C.052940DC--
X-Account-Key: account2
X-UIDL: ;=;"!&:,"!BkR!!U5!"!
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Level: **
X-Spam-Status: No, score=2.1 required=5.0 tests=URIBL_WS_SURBL autolearn=no
version=3.3.2
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Mon, 06 Feb 2012 07:37:16 -0700
From: "RBC Royal Bank"
Subject: *****SPAM**** ***SPAM** RBC Royal Bank: Fraud Attempts
Date: Mon, 6 Feb 2012 08:40:40 -0500
Message-Id:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4F2FE59C.052940DC"
X-UIDL: ;=;"!&:,"!BkR!!U5!"!
This is a multi-part message in MIME format.
------------=_4F2FE59C.052940DC
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Sign-In Protection - Unsuccessfu Sign-In Protection - Unsuccessful
Sign-In Attempt Personal Banking Account XXXXX-XXXXXXX [...]
Content analysis details: (6.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: brandraisers.com]
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4F2FE59C.052940DC
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: aboo@doctor.nl2k.ab.ca
Delivered-To: aboo@doctor.nl2k.ab.ca
Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 4935812CFA82
for
X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Score: 18.043
X-Spam-Level: ******************
X-Spam-Status: Yes, score=18.043 tagged_above=2 required=6.2
tests=[BAYES_50=0.001, FORGED_MUA_OUTLOOK=3.116,
FORGED_OUTLOOK_HTML=0.001, FROM_MISSPACED=2.709,
FROM_MISSP_DKIM=1.126, FROM_MISSP_MSFT=1.622, FROM_MISSP_NO_TO=0.168,
FROM_MISSP_URI=0.001, FROM_MISSP_USER=1.677, FSL_CTYPE_WIN1251=1.29,
FSL_NEW_HELO_USER=0.487, FSL_UA=0.176, FSL_XM_419=0.153,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MISSING_HEADERS=1.292,
NSL_RCVD_FROM_USER=0.498, TO_NO_BRKTS_FROM_MSSP=0.01,
TO_NO_BRKTS_MSFT=0.758, URIBL_WS_SURBL=1.5] autolearn=unavailable
Received: from doctor.nl2k.ab.ca ([127.0.0.1])
by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Z2WMetVyIuI6 for
Mon, 6 Feb 2012 07:37:09 -0700 (MST)
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id 20F2712CFA81; Mon, 6 Feb 2012 07:37:09 -0700 (MST)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Mon, 6 Feb 2012 07:37:09 -0700
Resent-Message-ID: <20120206143709.GA18125@doctor.nl2k.ab.ca>
Resent-To: See root
X-Original-To: doctor@nl2k.ab.ca
Delivered-To: doctor@nl2k.ab.ca
Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 0225D12CFA82
for
X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca
Received: from doctor.nl2k.ab.ca ([127.0.0.1])
by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Tud_n81lTOFU for
Mon, 6 Feb 2012 06:56:54 -0700 (MST)
Received: from beckmanonline.com (mail.beckmanonline.com [99.102.61.249])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 15FF412CFA81
for
Received: from User ([24.97.216.105]) by beckmanonline.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 6 Feb 2012 07:40:42 -0600
From: "RBC Royal Bank"
Subject: ***SPAM** RBC Royal Bank: Fraud Attempts
Date: Mon, 6 Feb 2012 08:40:40 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020205.4F2FD85A.00B4,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 24.97.216.105
X-WatchGuard-Mail-From: ibanking@ib.rbc.com
Message-ID:
X-OriginalArrivalTime: 06 Feb 2012 13:40:42.0637 (UTC) FILETIME=[EBC09BD0:01CCE4D4]
X-Sanitizer: This message has been sanitized!
X-Sanitizer-URL: http://mailtools.anomy.net/
X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $
Sign-In Protection - Unsuccessful Sign-In Attempt
Personal Banking Account XXXXX-XXXXXXX
You are receiving this email because your RBC Online Banking^ was denied on
Thursday, Feb 05, 2012 at 05:14:55
Access was denied for one of two reasons:
* A recent change in your contact information.
If you remember trying to access Online Banking on the above date and time,
please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/
"That was me."
If you do not remember trying to access Online Banking on the above date and
time, please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/
"That was not
me."
You will then be prompted to confirm your Personal Verification Questions and we
will send you an e-mail notifying that your account is active again.
We take your security very seriously. To help keep your Online Banking
information safe, be careful not to share your Password or Username, Client Card
Number or Personal Verification Question answers with anyone else. Please do not
reply to this email, as it was sent from an unmonitored account.
^RBC Online Banking is offered by Royal Bank of Canada.
------------=_4F2FE59C.052940DC--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments