More Royal Bank Phish

From - Mon Feb 06 07:38:13 2012

X-Account-Key: account2

X-UIDL: ;=;"!&:,"!BkR!!U5!"!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca

X-Spam-Level: **

X-Spam-Status: No, score=2.1 required=5.0 tests=URIBL_WS_SURBL autolearn=no

version=3.3.2

Received: from localhost by doctor.nl2k.ab.ca

with SpamAssassin (version 3.3.2);

Mon, 06 Feb 2012 07:37:16 -0700

From: "RBC Royal Bank"

Subject: *****SPAM**** ***SPAM** RBC Royal Bank: Fraud Attempts

Date: Mon, 6 Feb 2012 08:40:40 -0500

Message-Id:

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary="----------=_4F2FE59C.052940DC"

X-UIDL: ;=;"!&:,"!BkR!!U5!"!



This is a multi-part message in MIME format.



------------=_4F2FE59C.052940DC

Content-Type: text/plain; charset=iso-8859-1

Content-Disposition: inline

Content-Transfer-Encoding: 8bit



Spam detection software, running on the system "doctor.nl2k.ab.ca", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.



Content preview: Sign-In Protection - Unsuccessfu Sign-In Protection - Unsuccessful

Sign-In Attempt Personal Banking Account XXXXX-XXXXXXX [...]



Content analysis details: (6.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist

[URIs: brandraisers.com]

4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook



The original message was not completely plain text, and may be unsafe to

open with some email clients; in particular, it may contain a virus,

or confirm that your address can receive spam. If you wish to view

it, it may be safer to save it to a file and open it with an editor.





------------=_4F2FE59C.052940DC

Content-Type: message/rfc822; x-spam-type=original

Content-Description: original message before SpamAssassin

Content-Disposition: attachment

Content-Transfer-Encoding: 8bit



Return-Path:

X-Original-To: aboo@doctor.nl2k.ab.ca

Delivered-To: aboo@doctor.nl2k.ab.ca

Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])

by doctor.nl2k.ab.ca (Postfix) with ESMTP id 4935812CFA82

for ; Mon, 6 Feb 2012 07:37:13 -0700 (MST)

X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca

X-Spam-Flag: YES

X-Spam-Score: 18.043

X-Spam-Level: ******************

X-Spam-Status: Yes, score=18.043 tagged_above=2 required=6.2

tests=[BAYES_50=0.001, FORGED_MUA_OUTLOOK=3.116,

FORGED_OUTLOOK_HTML=0.001, FROM_MISSPACED=2.709,

FROM_MISSP_DKIM=1.126, FROM_MISSP_MSFT=1.622, FROM_MISSP_NO_TO=0.168,

FROM_MISSP_URI=0.001, FROM_MISSP_USER=1.677, FSL_CTYPE_WIN1251=1.29,

FSL_NEW_HELO_USER=0.487, FSL_UA=0.176, FSL_XM_419=0.153,

HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MISSING_HEADERS=1.292,

NSL_RCVD_FROM_USER=0.498, TO_NO_BRKTS_FROM_MSSP=0.01,

TO_NO_BRKTS_MSFT=0.758, URIBL_WS_SURBL=1.5] autolearn=unavailable

Received: from doctor.nl2k.ab.ca ([127.0.0.1])

by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id Z2WMetVyIuI6 for ;

Mon, 6 Feb 2012 07:37:09 -0700 (MST)

Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)

id 20F2712CFA81; Mon, 6 Feb 2012 07:37:09 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Mon, 6 Feb 2012 07:37:09 -0700

Resent-Message-ID: <20120206143709.GA18125@doctor.nl2k.ab.ca>

Resent-To: See root

X-Original-To: doctor@nl2k.ab.ca

Delivered-To: doctor@nl2k.ab.ca

Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])

by doctor.nl2k.ab.ca (Postfix) with ESMTP id 0225D12CFA82

for ; Mon, 6 Feb 2012 06:56:59 -0700 (MST)

X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca

Received: from doctor.nl2k.ab.ca ([127.0.0.1])

by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id Tud_n81lTOFU for ;

Mon, 6 Feb 2012 06:56:54 -0700 (MST)

Received: from beckmanonline.com (mail.beckmanonline.com [99.102.61.249])

by doctor.nl2k.ab.ca (Postfix) with ESMTP id 15FF412CFA81

for ; Mon, 6 Feb 2012 06:56:47 -0700 (MST)

Received: from User ([24.97.216.105]) by beckmanonline.com with Microsoft SMTPSVC(6.0.3790.4675);

Mon, 6 Feb 2012 07:40:42 -0600

From: "RBC Royal Bank"

Subject: ***SPAM** RBC Royal Bank: Fraud Attempts

Date: Mon, 6 Feb 2012 08:40:40 -0500

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-WatchGuard-IPS: message checked

X-WatchGuard-Spam-ID: str=0001.0A020205.4F2FD85A.00B4,ss=1,fgs=0

X-WatchGuard-Spam-Score: 0, clean; 0, no virus

X-WatchGuard-Mail-Client-IP: 24.97.216.105

X-WatchGuard-Mail-From: ibanking@ib.rbc.com

Message-ID:

X-OriginalArrivalTime: 06 Feb 2012 13:40:42.0637 (UTC) FILETIME=[EBC09BD0:01CCE4D4]

X-Sanitizer: This message has been sanitized!

X-Sanitizer-URL: http://mailtools.anomy.net/

X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $













Sign-In Protection - Unsuccessfu









Sign-In Protection - Unsuccessful Sign-In Attempt





Personal Banking Account XXXXX-XXXXXXX





You are receiving this email because your RBC Online Banking^ was denied on

Thursday, Feb 05, 2012 at 05:14:55





Access was denied for one of two reasons:





The response to your personal logon details did not match our records.





* A recent change in your contact information.







If you remember trying to access Online Banking on the above date and time,

please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/

"That was me."





If you do not remember trying to access Online Banking on the above date and

time, please select http://brandraisers.com/js/interacsessions43634rdfgkjsdfksdfjw52342342/

"That was not

me."






You will then be prompted to confirm your Personal Verification Questions and we

will send you an e-mail notifying that your account is active again.





We take your security very seriously. To help keep your Online Banking

information safe, be careful not to share your Password or Username, Client Card

Number or Personal Verification Question answers with anyone else. Please do not

reply to this email, as it was sent from an unmonitored account.





^RBC Online Banking is offered by Royal Bank of Canada.















------------=_4F2FE59C.052940DC--





Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA