More Bank of Montreal Phish
Posted by Dave Yadallee on
From - Tue Jun 11 13:44:34 2013
X-Account-Key: account1
X-UIDL: 00001c024f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Mon, 10 Jun 2013 07:43:50 -0600
Received: from server.webhostingscotland.net ([109.75.162.216])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from)
id 1Um2Nt-0000iQ-Pi
for dave@nk.ca; Mon, 10 Jun 2013 07:43:50 -0600
Received: from 72-48-88-11.static.grandenetworks.net ([72.48.88.11]:56781 helo=elsmail1)
by server.webhostingscotland.net with esmtpa (Exim 4.80)
(envelope-from)
id 1Um2Nh-0003yL-4U; Mon, 10 Jun 2013 14:43:33 +0100
MIME-Version: 1.0
Date: Mon, 10 Jun 2013 08:43:29 -0500
X-Priority: 3 (Normal)
Subject: Failed login attempts - Reference ID: (3nt77aokU7cPMiA)
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
From: "Bank of Montreal"
Message-ID: <74B4FD4C53FA0F278C7E1EDFC256744128DA1F3D@ELSMAIL1>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.webhostingscotland.net
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bmo.com
X-Get-Message-Sender-Via: server.webhostingscotland.net: authenticated_id: info@funkylemon.com
X-Spam_score: 13.3
X-Spam_score_int: 133
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: New Page 1 Your Online Banking access has been locked due
to an unusual number of failed login attempts. You will need to click : Log
On to BMO Online Banking and proceed with the verification process. [...]
Content analysis details: (13.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
11 RCVD_IN_JMF_BR RBL: Sender listed in JMF-BROWN
[109.75.162.216 listed in hostkarma.junkemailfilter.com]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.7 SARE_HTML_URI_LHOST31 URI: Long unbroken string within URI
Subject: {SPAM?} Failed login attempts - Reference ID: (3nt77aokU7cPMiA)
252">
New Page 1
" cellPadding=3D"10"
width=3D"575" summary=3D"layout" borderColorLight=3D"#003399" border=3D"1">
X-Account-Key: account1
X-UIDL: 00001c024f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Mon, 10 Jun 2013 07:43:50 -0600
Received: from server.webhostingscotland.net ([109.75.162.216])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from
id 1Um2Nt-0000iQ-Pi
for dave@nk.ca; Mon, 10 Jun 2013 07:43:50 -0600
Received: from 72-48-88-11.static.grandenetworks.net ([72.48.88.11]:56781 helo=elsmail1)
by server.webhostingscotland.net with esmtpa (Exim 4.80)
(envelope-from
id 1Um2Nh-0003yL-4U; Mon, 10 Jun 2013 14:43:33 +0100
MIME-Version: 1.0
Date: Mon, 10 Jun 2013 08:43:29 -0500
X-Priority: 3 (Normal)
Subject: Failed login attempts - Reference ID: (3nt77aokU7cPMiA)
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
From: "Bank of Montreal"
Message-ID: <74B4FD4C53FA0F278C7E1EDFC256744128DA1F3D@ELSMAIL1>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.webhostingscotland.net
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bmo.com
X-Get-Message-Sender-Via: server.webhostingscotland.net: authenticated_id: info@funkylemon.com
X-Spam_score: 13.3
X-Spam_score_int: 133
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: New Page 1 Your Online Banking access has been locked due
to an unusual number of failed login attempts. You will need to click : Log
On to BMO Online Banking and proceed with the verification process. [...]
Content analysis details: (13.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
11 RCVD_IN_JMF_BR RBL: Sender listed in JMF-BROWN
[109.75.162.216 listed in hostkarma.junkemailfilter.com]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.7 SARE_HTML_URI_LHOST31 URI: Long unbroken string within URI
Subject: {SPAM?} Failed login attempts - Reference ID: (3nt77aokU7cPMiA)
252">
" cellPadding=3D"10"
width=3D"575" summary=3D"layout" borderColorLight=3D"#003399" border=3D"1">
e.gif">
rong>
Your Online Ba=
nking access has been locked due to an unusual number of fa=
iled login attempts.
You will need to click :
/b1/?token=3D82f5acb51a3c06955318325ebdee7b0d">Log On to BMO Online Bank=
ing and proceed with the verification process.
ont face=3D"Verdana" size=3D"2">
Sinc
-- p2h! -->erely,
BMO Financial Group
Message ID: OU5WKZylS1PtM3MbhcSPSszioqEnq3y1
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments