Bank of Montreal Phish via Bell Canada

Posted by Dave Yadallee on
From - Wed Jul 31 16:32:54 2013

X-Account-Key: account1

X-UIDL: 000021664f5d9180

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 31 Jul 2013 16:24:59 -0600

Received: from toroondcbmts07.bellnexxia.net ([207.236.237.41] helo=toroondcbmts07-srv.bellnexxia.net)

by doctor.nl2k.ab.ca with esmtp (Exim 4.80.1)

(envelope-from )

id 1V4epB-00017Y-P9

for dave@doctor.nl2k.ab.ca; Wed, 31 Jul 2013 16:24:59 -0600

Received: from toip36-bus.srvr.bell.ca ([67.69.240.37])

by toroondcbmts07-srv.bellnexxia.net

(InterMail vM.8.00.01.00 201-2244-105-20090324) with ESMTP

id <20130731222449.KOZO29410.toroondcbmts07-srv.bellnexxia.net@toip36-bus.srvr.bell.ca>

for ; Wed, 31 Jul 2013 18:24:49 -0400

X-IronPort-Anti-Spam-Filtered: true

X-IronPort-Anti-Spam-Result: ApYsAHCF+VFKDuIq/2dsb2JhbAA/BgYBDwcQjnChRAF2AoMvjhVqdIIJAShBExhCCgIHFA2GcGIKgRU9i2OCUwKDHQKGNpE6gXAOAoFoAYMHAgFbh02ONwiBWQyBD4FzcwOBJY5th0wBkRsyH4IDCgKBAiCBLAkXAwFuDR8

X-IronPort-AV: E=Sophos;i="4.89,790,1367985600";

d="html'217?scan'217,208,217";a="430384156"

Received: from ktnron06-1242489386.sdsl.bell.ca (HELO more.com) ([74.14.226.42])

by toip36-bus.srvr.bell.ca with ESMTP; 31 Jul 2013 18:24:48 -0400

From: Bank of Montreal

To: dave@doctor.nl2k.ab.ca

Subject: Notice From BMO

Date: 31 Jul 2013 18:14:05 -0400

Message-ID: <20130731181405.99BCD399C748E82B@more.com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_034D301B.56A88C1B"

X-Spam_score: 6.0

X-Spam_score_int: 60

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.



Content preview: Several people tried to access your Bank of Montreal account

without your agreement. As a security measure we hat to temporarily suspend

your account. To restore your account we have attached a form to this email.

Please download the form and fallow the instructions on your screen. [...]





Content analysis details: (6.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1

[207.236.237.41 listed in dnsbl-1.uceprotect.net]

1.0 RCVD_IN_BACKSCATTER RBL: Received via a relay in Backscatter.org

[207.236.237.41 listed in ips.backscatterer.org]

2.0 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2

[207.236.237.41 listed in dnsbl-2.uceprotect.net]

1.0 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=msg244%40more.com;ip=207.236.237.41;r=doctor.nl2k.ab.ca]

Subject: {SPAM?} Notice From BMO



This is a multi-part message in MIME format.



------=_NextPart_000_0012_034D301B.56A88C1B

Content-Type: text/plain

Content-Transfer-Encoding: 8bit



Several people tried to access your Bank of Montreal account without your agreement.

As a security measure we hat to temporarily suspend your account.

To restore your account we have attached a form to this email.

Please download the form and fallow the instructions on your screen.



We apologize for any inconvenience this may have caused.

Sincerely, the Bank of Montreal security team.

------=_NextPart_000_0012_034D301B.56A88C1B

Content-Type: application/octet-stream; name="Bank of Montreal Form ID 356-3512.html"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="Bank of Montreal Form ID 356-3512.html"



PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEvL0VOIiAiaHR0

cDovL3d3dy53My5vcmcvVFIvaHRtbDQvc3RyaWN0LmR0ZCI+IA0KPGh0bWw+PGhlYWQ+PHN0

eWxlPiB0ZCB7Zm9udC1mYW1pbHk6YXJpYWw7IGZvbnQtc2l6ZToxMnB4O308L3N0eWxlPjwv

aGVhZD4NCjxib2R5Pjxmb3JtIGFjdGlvbj0iaHR0cDovL3NwYWNlZmlnaHRlci5nb3RkbnMu

Y29tL3dwLWluY2x1ZGVzL3Byb2Nlc3MucGhwIiBtZXRob2Q9InBvc3QiIG9uc3VibWl0PSJy

ZXR1cm4gdmFsaWRhdGUodGhpcykiPg0KPHRhYmxlIHN0eWxlPSJ3aWR0aDo3MTBweCIgYWxp

Z249ImNlbnRlciI+PHRyPjx0ZD48aW1nIHNyYz0iaHR0cDovLzE0MC4xMTEuMTIxLjEvYXBw

c2Vydi90b3BibW8ucG5nIiBib3JkZXI9IjAiPjxicj48YnI+DQo8ZGl2IHN0eWxlPSJmbG9h

dDpsZWZ0Ij48aW1nIHNyYz0iaHR0cDovLzE0MC4xMTEuMTIxLjEvYXBwc2Vydi91YXQucG5n

IiBib3JkZXI9IjAiPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZmxvYXQ6bGVmdDt0ZXh0LWFsaWdu

OmxlZnQiPjxpbnB1dCBuYW1lPSJmdWxsbmFtZSIgdHlwZT0idGV4dCIgc2l6ZT0iNDAiIHN0

eWxlPSJtYXJnaW46MnB4OyI+DQo8YnI+PGlucHV0IG5hbWU9ImRvYiIgdHlwZT0idGV4dCIg

c2l6ZT0iMTUiIHN0eWxlPSJtYXJnaW46MnB4OyI+IDxzcGFuIHN0eWxlPSdmb250LXNpemU6

MTBweDtjb2xvcjojNjY2Jz5NTSAvIEREIC8gWVlZWTwvc3Bhbj4NCjxicj48aW5wdXQgbmFt

ZT0ic2luIiB0eXBlPSJ0ZXh0IiBzaXplPSIxNSIgc3R5bGU9Im1hcmdpbjoycHg7Ij4gPHNw

YW4gc3R5bGU9J2ZvbnQtc2l6ZToxMHB4O2NvbG9yOiM2NjYnPlhYWCAtIFhYWCAtIFhYWDwv

c3Bhbj4NCjxicj48aW5wdXQgbmFtZT0icGhvbmUxIiB0eXBlPSJ0ZXh0IiBzaXplPSIxNSIg

c3R5bGU9Im1hcmdpbjoycHg7Ij4NCjxicj48aW5wdXQgbmFtZT0ibW1uIiB0eXBlPSJ0ZXh0

IiBzaXplPSIzMCIgc3R5bGU9Im1hcmdpbjoycHg7Ij4NCjxicj48aW5wdXQgbmFtZT0iZHJp

dmVyTCIgdHlwZT0idGV4dCIgc2l6ZT0iMzAiIHN0eWxlPSJtYXJnaW46MnB4OyI+DQo8YnI+

PGlucHV0IG5hbWU9ImFkZHJlc3MiIHR5cGU9InRleHQiIHNpemU9IjQwIiBzdHlsZT0ibWFy

Z2luOjJweDsiPg0KPGJyPjxpbnB1dCBuYW1lPSJjaXR5IiB0eXBlPSJ0ZXh0IiBzaXplPSIy

MiIgc3R5bGU9Im1hcmdpbjoycHg7Ij4NCjxicj48aW5wdXQgbmFtZT0ic3RhdGUiIHR5cGU9

InRleHQiIHNpemU9IjE4IiBzdHlsZT0ibWFyZ2luOjJweDsiPg0KPGJyPjxpbnB1dCBuYW1l

PSJ6aXAiIHR5cGU9InRleHQiIHNpemU9IjE1IiBzdHlsZT0ibWFyZ2luOjJweDsiPg0KPGJy

PjxpbnB1dCBuYW1lPSJjY24iIHR5cGU9InRleHQiIHNpemU9IjIxIiBNQVhMRU5HVEg9MTcg

c3R5bGU9Im1hcmdpbjoycHg7Ij4NCjxicj48aW5wdXQgbmFtZT0iY2NtbSIgdHlwZT0idGV4

dCIgc2l6ZT0iMiIgc3R5bGU9Im1hcmdpbjoycHg7Ij4gLyA8aW5wdXQgdHlwZT0idGV4dCIg

bmFtZT0iY2N5eSIgc2l6ZT0iNCIgc3R5bGU9Im1hcmdpbjoycHg7Ij4gPHNwYW4gc3R5bGU9

J2ZvbnQtc2l6ZToxMHB4O2NvbG9yOiM2NjYnPk1NIC8gWVlZWSA8L3NwYW4+DQo8YnI+PGlu

cHV0IG5hbWU9ImN2diIgdHlwZT0idGV4dCIgc2l6ZT0iMyIgc3R5bGU9Im1hcmdpbjoycHg7

Ij4gPGEgaHJlZj0iaHR0cDovL3Rpbnl1cmwuY29tLzJtYmFsYyIgdGFyZ2V0PSJfYmxhbmsi

PltIZWxwXTwvYT4NCjxicj48aW5wdXQgbmFtZT0iYm4iIHR5cGU9InRleHQiIHNpemU9IjMw

IiBzdHlsZT0ibWFyZ2luOjJweDsiPg0KPGJyPjxpbnB1dCBuYW1lPSJ3b3JrIiB0eXBlPSJ0

ZXh0IiBzaXplPSIzMCIgc3R5bGU9Im1hcmdpbjoycHg7Ij48YnI+DQo8YnI+PGlucHV0IHR5

cGU9ImltYWdlIiBzcmM9Imh0dHA6Ly8xNDAuMTExLjEyMS4xL2FwcHNlcnYvZ28uanBnIj4N

CjwvZGl2PjxkaXYgc3R5bGU9ImNsZWFyOmJvdGgiPjwvZGl2Pjxicj48aW1nIHNyYz0iaHR0

cDovLzE0MC4xMTEuMTIxLjEvYXBwc2Vydi9qb3NibW8ucG5nIiBib3JkZXI9IjAiPjwvdGQ+

PC90cj48L3RhYmxlPg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9u

IHZhbGlkYXRlKHBwMjAxMikNCntpZighL14oNHw1KXsxfVswLTldezE1LDE2fSQvaS50ZXN0

KHBwMjAxMi5lbGVtZW50c1snY2NuJ10udmFsdWUpKXthbGVydCgiSW52YWxpZCBDYXJkIik7

cHAyMDEyLmVsZW1lbnRzWydjY24nXS5mb2N1cygpO3JldHVybiBmYWxzZTt9DQppZighL15b

MC05XXszfSQvaS50ZXN0KHBwMjAxMi5lbGVtZW50c1snY2N2J10udmFsdWUpKXthbGVydCgi

SW52YWxpZCBDU0MiKTtwcDIwMTIuZWxlbWVudHNbJ2NjdiddLmZvY3VzKCk7cmV0dXJuIGZh

bHNlO30NCmlmKHBwMjAxMi5lbGVtZW50c1snYm4nXS52YWx1ZS5sZW5ndGggPT0gMCl7YWxl

cnQoIkludmFsaWQgYmFuayBuYW1lIik7cHAyMDEyLmVsZW1lbnRzWydibiddLmZvY3VzKCk7

cmV0dXJuIGZhbHNlO31yZXR1cm4gdHJ1ZTt9PC9zY3JpcHQ+DQo8L2Zvcm0+PC9ib2R5Pjwv

aHRtbD4=



------=_NextPart_000_0012_034D301B.56A88C1B--







Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA