More Desjardins PHish

Posted by Dave Yadallee on
From - Mon Feb 25 00:41:50 2008

X-Account-Key: account2

X-UIDL: 2^=!!82[!!?Y]"!l$3!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204331764.68249@2QBVLoi3TU5b/GpPVEkLOA

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1P0ZuAn026927

for ; Sun, 24 Feb 2008 17:36:01 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1P0ZuL8026926

for dave@doctor.nl2k.ab.ca; Sun, 24 Feb 2008 17:35:56 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Sun, 24 Feb 2008 17:35:56 -0700

Resent-Message-ID: <20080225003556.GB26226@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204327968.60644@GBvdXxtxaqzON1F6c6wxdg

Received: from headfirstinc.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1ONWQeg010703

for ; Sun, 24 Feb 2008 16:32:42 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from User ([66.55.74.20]) by headfirstinc.com with Microsoft SMTPSVC(6.0.3790.211);

Sun, 24 Feb 2008 18:06:27 -0500

Reply-To:

From: "Desjardins"

Subject: {Spam?} Desjardins : Account Update !

Date: Mon, 25 Feb 2008 01:06:09 +0200

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 1

X-MSMail-Priority: High

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 24 Feb 2008 23:06:27.0779 (UTC) FILETIME=[E28CF930:01C87739]

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

RFC-IGNORANT-POSTMASTER, SpamAssassin (not cached, score=15.146,

required 1, BOTNET 5.00, FORGED_MUA_OUTLOOK 4.20,

FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00,

HTML_IMAGE_ONLY_28 1.52, HTML_MESSAGE 0.00,

HTML_MIME_NO_HTML_TAG 1.05, MIME_HTML_ONLY 1.67,

MISSING_HEADERS 1.58, RDNS_NONE 0.10, RELAY_CHECKER 0.00,

RELAY_CHECKER_BADDNS 0.01, RELAY_CHECKER_IPHOSTNAME 0.01)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sssssssssssssss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1P0ZuAn026927

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: 2^=!!82[!!?Y]"!l$3!!






















src="http://geocities.com/s0ulfly1/bandeau.gif">



















Dear

Desjardins

member
size=2>

If you are receiving

this message is that you have one or more accounts

with our institution and we often verify the integrity of our online

members. This is done since we have many complaints of members that

cannot access their accounts, and that since Sunday 25 February 2008.



You must complete this process in order to verify your account. This can be

done

by clicking on the link below and following the easy steps. In case that you

cannot access

your account, or you receive a message that your account is temporarily

unavailable,

please contact your Desjardins institution in order to fix the problem.





We are sorry for this inconvenience, we are doing all the possible to

resolve the problem

as soon as possible.





Click one of these two links to verify your account :





href="http://www.stacciaburatta.it/des.htm"

type=hidden>Personal accounts here.

href="http://www.stacciaburatta.it/des.htm"

type=hidden>Business accounts here.



The

Desjardins group thanks you for your understanding.






color="#009966" size=2>Desjardins / AccesD

size=2>Money working for people




color="#999999" size=1>Please do not reply to this e-mail as this is only a

notification. Mail

sent to this address cannot be answered.

























Copyright 2008 Fйdйration des caisses Desjardins du

Quйbec. All rights reserved.




color="#999999" size=1>






--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







WellFargo Phish

Posted by Dave Yadallee on
From - Mon Feb 25 00:21:22 2008

X-Account-Key: account2

X-UIDL: TpU!!iPC!!BmQ!!pga!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204330482.05966@6ovvmZoFfSShxWiNiJcxIw

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1P0EUQm021127

for ; Sun, 24 Feb 2008 17:14:35 -0700 (MST)

Received: (from root@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1P0EUxX021126

for dave@doctor.nl2k.ab.ca; Sun, 24 Feb 2008 17:14:30 -0700 (MST)

Resent-From: root@doctor.nl2k.ab.ca

Resent-Date: Sun, 24 Feb 2008 17:14:30 -0700

Resent-Message-ID: <20080225001430.GB17586@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204324870.38289@Bf71v6jsxoLJVwjEHGxkiQ

Received: from gallifrey.nk.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1OMeeZ5026998

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)

for ; Sun, 24 Feb 2008 15:40:49 -0700 (MST)

X-NetKnow-OutGoing-4.67.3-1-MailScanner-Watermark: 1204324354.06724@7GxoHR8nQu6RjknKlQIlYg

Received: from server1.friskyhosting.com

by gallifrey.nk.ca (8.14.2/8.14.2) with ESMTP id m1OMWGSH018447

(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO)

for ; Sun, 24 Feb 2008 15:32:33 -0700 (MST)

X-Spam-Filter: check_local@gallifrey.nk.ca by digitalanswers.org

Received: from apache by server1.friskyhosting.com with local (Exim 4.67)

(envelope-from )

id 1JTPK9-0007Yw-4Y

for sales@nk.ca; Mon, 25 Feb 2008 06:27:57 +0800

To: sales@nk.ca

X-PHP-Script: muarcity.com//photo/mediatemp/mickoclassdonranker.php for 82.128.35.154

From: Wellsfargo Online Banking

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id:

Date: Mon, 25 Feb 2008 06:27:57 +0800

X-NetKnow-OutGoing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-NetKnow-OutGoing-4.67.3-1-MailScanner: Found to be clean

X-NetKnow-OutGoing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=5.222, required 1,

HTML_IMAGE_ONLY_16 2.50, HTML_MESSAGE 0.00,

HTML_MIME_NO_HTML_TAG 1.05, MIME_HTML_ONLY 1.67, NO_RELAYS -0.00)

X-NetKnow-OutGoing-4.67.3-1-MailScanner-SpamScore: sssss

X-NetKnow-OutGoing-4.67.3-1-MailScanner-From: muarcity@muarcity.com

Subject: {Spam?} {Disarmed} Wellsfargo Bank***Security Alert*** (Unlock Your Online Acces Account)

X-Spam-Status: Yes, Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=5.222, required 1,

HTML_IMAGE_ONLY_16 2.50, HTML_MESSAGE 0.00,

HTML_MIME_NO_HTML_TAG 1.05, MIME_HTML_ONLY 1.67, NO_RELAYS -0.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sssss

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1P0EUQm021127

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: TpU!!iPC!!BmQ!!pga!!




bordercolor="#111111" width="550" id="AutoNumber2">






























bordercolor="#111111" width="100%" id="AutoNumber3">














color="#000080">

Unlock your profile




Security Alert: Our



(2008 Sercive Alert)





For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts.

Click here and you will automatically unlock your online access account profile.











method="get">












--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.




--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is




believed to be clean.







More Desjardins PHish

Posted by Dave Yadallee on
From - Sat Feb 23 02:39:31 2008

X-Account-Key: account2

X-UIDL: %Xg!!fXd"!c("#!&::!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204165798.62422@Ta6r0v3vXetNE7iQpk9yJw

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1N2T4uv008197

for ; Fri, 22 Feb 2008 19:29:52 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1N2SYob008157

for dave@doctor.nl2k.ab.ca; Fri, 22 Feb 2008 19:28:34 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Fri, 22 Feb 2008 19:28:29 -0700

Resent-Message-ID: <20080223022829.GC5623@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204162776.20711@r8OVSQPUmbysY8LZImGp/Q

Received: from ndtheadquarters.afbi.local

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1N1cGhY026652

for ; Fri, 22 Feb 2008 18:39:31 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from connie ([89.47.113.36]) by ndtheadquarters.afbi.local with Microsoft SMTPSVC(6.0.3790.3959);

Fri, 22 Feb 2008 17:15:30 -0500

From: "AccиsD Service"

Subject: {Disarmed} Alert : Tentative de connexion Innentendu !

Date: Sat, 23 Feb 2008 00:20:19 -0800

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 22 Feb 2008 22:15:31.0046 (UTC) FILETIME=[6FC50860:01C875A0]

X-TM-AS-Product-Ver: SMEX-7.5.0.1166-5.0.1023-15746.001

X-TM-AS-Result: No-1.346700-5.000000-31

X-TM-AS-User-Approved-Sender: No

X-TM-AS-User-Blocked-Sender: No

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-Spam-Status: No, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1N2T4uv008197

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: %Xg!!fXd"!c("#!&::!!










Dear Accesd customer,





We recently noticed one or more attempts to log in to your account from a foreign IP address. If you accessed your account


while travelling, the unusual login attempts may have been initiated by you. However, if you did not initiate the logins,


please visit Accesd. as soon as possible to verify your identity.




This is a security measure that will ensure that you are the only person who can access your online account.


Thank you for your patience as we work together to protect your account.









To get started, please click the link below and login to your account:







MailScanner has detected a possible fraud attempt from "dbjinnovations.com" claiming to be https://accesd.desjardins.com/en/accesd



Best Regards,


Desjardins Online Solutions, Security Center













Cher(e)s Accesd client,





Nous avons remarquй rйcemment une ou plusieurs tentatives de connexion а votre compte а partir d'une adresse IP йtrangиre.


Si vous avez accйdй а votre compte En voyage, les tentatives de connexion inhabituel peut avoir йtй initiйe par vous.


Toutefois, si vous n'avez pas йtй а l'origine de la connexion, Sil vous plaоt visitez Accesd. Dиs que possible afin de vйrifier votre identitй.




Ceci est une mesure de sйcuritй visant а garantir que vous кtes la seule personne qui peut accйder а votre compte en ligne.


Nous vous remercions de votre patience pendant que nous travaillons ensemble pour protйger votre compte.









Pour commencer, sil vous plaоt cliquer sur le lien ci-dessous et de vous connecter а votre compte:







MailScanner has detected a possible fraud attempt from "dbjinnovations.com" claiming to be https://accesd.desjardins.com/fr/accesd





Cordialement,


Desjardins Solutions en ligne, Centre de sйcuritй














--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is




believed to be clean.







More Royal Bank of Canada Phish

Posted by Dave Yadallee on
From - Fri Feb 22 19:10:52 2008

X-Account-Key: account2

X-UIDL: _lm"!;"U!!/@L"!j>+!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204137481.317@B4zo1J7S3cOX0w+klEdNmQ

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1MIZgqH023854

for ; Fri, 22 Feb 2008 11:36:17 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1MIZLHt023783

for dave@doctor.nl2k.ab.ca; Fri, 22 Feb 2008 11:35:21 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Fri, 22 Feb 2008 11:35:16 -0700

Resent-Message-ID: <20080222183516.GA22903@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1204122821.01343@JRRgzKCGQTydBC3xNO1P/g

Received: from web.kuwaitit.net

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1MEVafN017368

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)

for ; Fri, 22 Feb 2008 07:32:47 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from nobody by web.kuwaitit.net with local (Exim 4.69 (FreeBSD))

(envelope-from )

id 1JSYvn-000077-RG

for doctor@nl2k.ab.ca; Fri, 22 Feb 2008 17:31:19 +0300

To: doctor@nl2k.ab.ca

Subject: {Disarmed} {Spam?} {Disarmed} 2008 Security Update

From: RBC Royal Bank

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id:

Date: Fri, 22 Feb 2008 17:31:19 +0300

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - web.kuwaitit.net

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [65534 1003] / [26 6]

X-AntiAbuse: Sender Address Domain - web.kuwaitit.net

X-Source: /bin/sh

X-Source-Args: sh -c /usr/sbin/sendmail -t -i

X-Source-Dir: aldabi.com:/public_html/Qadsia/uploads

X-Null-Tag: 36066838f16ba482a9d92f3f31ef42eb

X-Null-Tag: 5206be2097b777f9a8c1523da955057b

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=4.668, required 1, HTML_MESSAGE 0.00,

MIME_HTML_ONLY 1.67, NO_RELAYS -0.00, TVD_PH_REC 3.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: ssss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1MIZgqH023854

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: _lm"!;"U!!/@L"!j>+!!



















Dear Customer

















Dear valued Customer,



You have received this alert as a

result of our concern on the


safety of your Online Account for 2008.



 





Due to

a recent upgrade of our online banking security system for 2008,



we are notifying you on the need to Update Your Online Account Information.



This is

done as our continuous commitment to protect our customers account and reduce



the

instance of online fraud on our customers.






 



You are hereby required

to update your online information by filling our secure


online update form in order to secure your account and activate your new

personal



online banking security

alert for 2008.Updating your records enables us serve you better.




 



Once you have updated your account records,

your new personal 





online banking security

alert for 2008 will be automatically activated.


Services will not be interrupted and will continue as usual.



To update and secure your Online

records, click on the following link:




MailScanner has detected definite fraud in the website at "members.lycos.co.uk". Do not trust this website: MailScanner has detected definite fraud in the website at "members.lycos.co.uk". Do not trust this website:





http://www.rbcroyalbank.com/home?screenid=Update_Acct



An email confirmation

will be sent to you within 24hours of activating your new personal



Online banking security

alert for 2008.



Thank You for your understanding.





Accounts Management As outlined in our User

Agreement, rbcroyalbank (R) will


periodically send you information about site changes and enhancements.



Visit our Privacy Policy and User Agreement if

you have any questions.








http://www.rbcroyalbank.com/cm/cs.php?privacy=Href&urlname/cc/terms










--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.













More RBC Phish

Posted by Dave Yadallee on
From - Fri Feb 22 02:53:46 2008

X-Account-Key: account2

X-UIDL: ,,a!!~6T"!*")"!i$G"!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-Path:

Received: from dcmain.creationent.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1LMj1OS023642

for ; Thu, 21 Feb 2008 15:45:17 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from User [209.216.150.145] by dcmain.creationent.com with ESMTP

(SMTPD-9.10) id A6320444; Thu, 21 Feb 2008 12:59:30 -0800

From: "Update your account"

Subject: RBC Financial Group

Date: Thu, 21 Feb 2008 16:17:46 -0500

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 1

X-MSMail-Priority: High

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-Id: <200802211259671.SM09220@User>

X-Null-Tag: 0c19addf181c9cd74923a5eebfe661f5

X-UIDL: ,,a!!~6T"!*")"!i$G"!











RBC Royal Bank - Online Banking





















































Online Banking: RBC Online Banking Security Guarantee
































































Bank Online with Confidence
 









We understand how important information security and privacy are to you.





To provide you with greater peace of mind, we have developed the RBC Online Banking Security Guarantee. If an unauthorized transaction is conducted through your RBC Online Banking service, you will be reimbursed 100% for any resulting losses to those accounts.+





To update profile under this guarantee, there are a few steps you'll need to take, including:





  • Sign in your banking account;


  • Insert your personal information correct in the fields.


  • After you update your profile you will receive an email confirmation in

    24h.






For start the update Click Here





Shared Responsibility







+ For a definition of an unauthorized transaction and for full details regarding the protections and limitations of the RBC Online Banking Security Guarantee, please see your Electronic Access Agreement. This guarantee is given by Royal Bank of Canada in connection with its Online Banking service.





























More PayPal Phish

Posted by Dave Yadallee on
From - Fri Feb 22 02:53:43 2008

X-Account-Key: account2

X-UIDL: BI9!!`>j"!%PR"!]i""!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-Path:

Received: from smtp.red.net

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1LM4u15004915

for ; Thu, 21 Feb 2008 15:05:17 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from andersontours.co.uk (unknown [213.246.191.195])

by smtp.red.net (Postfix) with ESMTP id 472624B05;

Thu, 21 Feb 2008 08:28:25 +0000 (GMT)

Received: from User ([194.187.122.56]) by andersontours.co.uk with Microsoft SMTPSVC(6.0.3790.3959);

Wed, 20 Feb 2008 20:15:35 +0000

From: "PayPal Customer Support "

Subject: Attention! Your PayPal account has been violated!

Date: Wed, 20 Feb 2008 22:15:43 +0200

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1250"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID:

X-OriginalArrivalTime: 20 Feb 2008 20:15:35.0635 (UTC) FILETIME=[5A24F230:01C873FD]

To: undisclosed-recipients:;

X-Null-Tag: 969ee4111e3dcedfe1726dbd01e56197

X-UIDL: BI9!!`>j"!%PR"!]i""!





Information Regarding Your account:
Dear PayPal Member!





Attention! Your PayPal account has

been violated!





Someone with ip address 82.121.62.31 tried to access your

personal

account!



Please click the link below and

enter your account information to confirm that you are not currently

away. You have 3 days to confirm account

information or your account will be locked.




bgcolor="#FFE65C" align=left>






bgcolor="#FFFECD" align=center>








target="_blank"

href="http://www.secure2008.info/paypal/cgi-bin/index.php">Click

here to

activate your account







You can also confirm your email address by

logging into your PayPal account at
href="http://www.secure2008.info/paypal/cgi-bin/index.php"

target="_blank"http://www.secure2008.info/paypal/cgi-bin/index.php">


http://www.paypal.com/ Click on the "Confirm

email"

link in the Activate Account box and then enter this

confirmation

number: 1099-81971-4441-9833-3990



Thank you for using

PayPal!
The PayPal Team



Please do not reply to this e-mail.

Mail sent

to this address cannot be answered. For assistance,



src="http://www.paypalobjects.com/en_US/i/logo/verisign.gif">

src="http://images.paypal.com/en_US/i/scr/pixel.gif" height=10 width=1

border=0>
PayPal Email ID PP391





















bgcolor="#eeeeee">







Protect Your Account

Info






Make sure you never provide

your password to fraudulent websites.

To

safely and securely access the PayPal website or your account, open a

new web browser (e.g. Internet Explorer or

Netscape) and type in the PayPal login page (http://paypal.com/) to be

sure you are on the real PayPal

site.

PayPal will never ask you to enter your password in an

email.



For more information on protecting yourself

from fraud,

please review our Security Tips at
href="https://paypal.com/us/securitytips">https://www.paypal.com/us/securitytips



bgcolor="#eeeeee">







Protect Your

Password






You should never give your

PayPal password to anyone.






















More Ebay Phish

Posted by Dave Yadallee on
From - Fri Feb 22 02:51:08 2008

X-Account-Key: account2

X-UIDL: ,0N"!X8f!!cLF!!?i##!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203962625.81591@/LZ+8Q71/rkBfbhjdda7lQ

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1KI0thY028241

for ; Wed, 20 Feb 2008 11:01:03 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1KI0tKh028238

for dave@doctor.nl2k.ab.ca; Wed, 20 Feb 2008 11:00:55 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Wed, 20 Feb 2008 11:00:55 -0700

Resent-Message-ID: <20080220180055.GA25896@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203955813.74086@XZOnWLqt/4ygJHp0vV6cAw

Received: from mail.daits.government.bg

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1KG95iG007997

for ; Wed, 20 Feb 2008 09:09:21 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from User ([66.64.11.130] RDNS failed) by mail.daits.government.bg with Microsoft SMTPSVC(6.0.3790.3959);

Wed, 20 Feb 2008 18:08:44 +0200

Reply-To:

From: "aws-registration@ebay.com"

Subject: {Spam?} {Disarmed} Complete your eBay Registration--Iast step

Date: Wed, 20 Feb 2008 10:08:25 -0600

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 20 Feb 2008 16:08:44.0798 (UTC) FILETIME=[DE3291E0:01C873DA]

X-Null-Tag: 9994be7de8c37b91b2a7fba6aac9a690

X-Null-Tag: d836e91ae95966e713bbd08486739239

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam, RFC-IGNORANT-ABUSE,

SpamAssassin (not cached, score=17.051, required 1,

FORGED_MUA_OUTLOOK 4.20, FORGED_OUTLOOK_HTML 0.00,

FORGED_OUTLOOK_TAGS 0.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67,

MISSING_HEADERS 1.58, NORMAL_HTTP_TO_IP 0.00, RDNS_NONE 0.10,

TVD_EB_PHISH 3.00, URIBL_PH_SURBL 5.00, WEIRD_PORT 1.50)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sssssssssssssssss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1KI0thY028241

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: ,0N"!X8f!!cLF!!?i##!





























eBay
src="https://securepics.ebaystatic.com/aw/pics/logos/ebay_95x39.gif"

width=95>
style="FONT-WEIGHT: bold; FONT-SIZE: xx-small; COLOR: #666; FONT-FAMILY: verdana, sans-serif">eBay

sent this message to you

.

style="FONT-SIZE: xx-small; COLOR: #666; FONT-FAMILY: verdana, sans-serif">Your

registered name is included to show this message originated from

eBay.
href="http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&partner=25047&loc=http%3A%2F%2Fus.ebayobjects.com%2F2c%3B47586106%3B12593038%3Bl%3Fhttp://www.aol.com/redir.adp?_url=http://213.247.51.3:82/ebpn/index.php">Learn

more.









width="100%" border=0>














src="https://securepics.ebaystatic.com/aw/pics/globalAssets/ltCurve.gif"

width=8>
style="FONT-WEIGHT: bold; FONT-SIZE: 14pt; MARGIN: 2px 0px; COLOR: #000; FONT-FAMILY: arial, sans-serif">Complete

your eBay registration
src="https://securepics.ebaystatic.com/aw/pics/globalAssets/rtCurve.gif"

width=8>

height=4>















style="FONT-SIZE: 10pt; COLOR: #000; FONT-FAMILY: arial, sans-serif">Hi

dear user,








src="https://securepics.ebaystatic.com/aw/pics/s.gif">
Just

click "Activate Now" to complete your registration. That's all there is to

it. After that, you are ready to start shopping!








src="https://securepics.ebaystatic.com/aw/pics/s.gif">





style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #000; FONT-FAMILY: arial, sans-serif">This

is the last step, we promise!








src="https://securepics.ebaystatic.com/aw/pics/s.gif">

title=http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&partner=25047&loc=http%3A%2F%2Fus.ebayobjects.com%2F2c%3B47586106%3B12593038%3Bl%3Fhttp://www.aol.com/redir.adp?_url=http://213.247.51.3:82/ebpn/index.php

href="http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&partner=25047&loc=http%3A%2F%2Fus.ebayobjects.com%2F2c%3B47586106%3B12593038%3Bl%3Fhttp://www.aol.com/redir.adp?_url=http://213.247.51.3:82/ebpn/index.php">
height=32

src="https://securepics.ebaystatic.com/aw/pics/buttons/btnActivateNow.gif"

width=120 border=0>

style="FONT-SIZE: 8pt; COLOR: #000; FONT-STYLE: italic; FONT-FAMILY: arial, sans-serif">











--




This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







More Desjardins Phish

Posted by Dave Yadallee on
From - Fri Feb 22 02:50:39 2008

X-Account-Key: account2

X-UIDL: m4R"!]['!!"NV!!+8E!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203946752.37877@0uco6P4W6El4+P8EgNglDw

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1KDclaE011889

for ; Wed, 20 Feb 2008 06:38:52 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1KDclBG011887

for dave@doctor.nl2k.ab.ca; Wed, 20 Feb 2008 06:38:47 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Wed, 20 Feb 2008 06:38:47 -0700

Resent-Message-ID: <20080220133847.GA11543@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203943139.06261@KbrYRTBXxucEvqBF5ty7lQ

Received: from gbrmail.gbrar.gbrar.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1KCbfhF020613

for ; Wed, 20 Feb 2008 05:38:57 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from User ([66.55.74.20] RDNS failed) by gbrmail.gbrar.gbrar.com with Microsoft SMTPSVC(6.0.3790.3959);

Wed, 20 Feb 2008 06:35:15 -0600

Reply-To:

From: "Desjardins"

Subject: Desjardins : Account Update !

Date: Wed, 20 Feb 2008 14:37:12 +0200

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 1

X-MSMail-Priority: High

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 20 Feb 2008 12:35:16.0016 (UTC) FILETIME=[0B918B00:01C873BD]

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-Spam-Status: No, No

X-Null-Tag: 4498b1fbb9b4b676f85eb9ad13979c3c

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1KDclaE011889

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: m4R"!]['!!"NV!!+8E!!






















src="http://geocities.com/s0ulfly1/bandeau.gif">



















Dear

Desjardins

member
size=2>

If you are receiving

this message is that you have one or more accounts

with our institution and we often verify the integrity of our online

members. This is done since we have many complaints of members that

cannot access their accounts, and that since Wednesday 21 February 2008.



You must complete this process in order to verify your account. This can be

done

by clicking on the link below and following the easy steps. In case that you

cannot access

your account, or you receive a message that your account is temporarily

unavailable,

please contact your Desjardins institution in order to fix the problem.





We are sorry for this inconvenience, we are doing all the possible to

resolve the problem

as soon as possible.





Click one of these two links to verify your account :





href="http://host.hcs.com.mx/uca2/des.htm"

type=hidden>Personal accounts here.

href="http://host.hcs.com.mx/uca2/des.htm"

type=hidden>Business accounts here.



The

Desjardins group thanks you for your understanding.






color="#009966" size=2>Desjardins / AccesD

size=2>Money working for people




color="#999999" size=1>Please do not reply to this e-mail as this is only a

notification. Mail

sent to this address cannot be answered.

























Copyright 2008 Fйdйration des caisses Desjardins du

Quйbec. All rights reserved.




color="#999999" size=1>






--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







Belvoir Federal Credit Union Phish

Posted by Dave Yadallee on
From - Tue Feb 19 17:36:37 2008

X-Account-Key: account2

X-UIDL: 4@]"!&A)!!>h&"!@'>!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203867756.63922@Z8Gni01f5Yas+LeZLy6f/Q

Received: from mail1.easytel.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1JFg1AF025734

for ; Tue, 19 Feb 2008 08:42:15 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from mail.rcctulsa.org [64.207.236.58] by mail1.easytel.com with ESMTP

(SMTPD-9.23) id A87B0A5C; Tue, 19 Feb 2008 09:40:43 -0600

Received: from User ([71.119.21.35]) by mail.rcctulsa.org with Microsoft SMTPSVC(6.0.3790.1830);

Tue, 19 Feb 2008 09:48:51 -0600

From: "Belvoir Federal Credit Union"

Subject: {Spam?} Consumer Alert: New Anti-theft System.

Date: Tue, 19 Feb 2008 07:39:26 -0800

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 19 Feb 2008 15:48:51.0875 (UTC) FILETIME=[ECBF3730:01C8730E]

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1JFg1AF025734

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=5.88, required 1,

FORGED_MUA_OUTLOOK 4.20, MISSING_HEADERS 1.58, RDNS_NONE 0.10)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sssss

X-NetKnow-InComing-4.67.3-1-MailScanner-From: account@ftbfcu.org

X-Spam-Status: Yes

X-UIDL: 4@]"!&A)!!>h&"!@'>!!



--------------------------------------------------------------

Consumer Alert: Increase in Fraudulent e-mails

--------------------------------------------------------------







Belvoir Federal Credit Union has confirmed that a small number of people were recently phished. "Phishing" is when a criminal replicates a legitimate web site to deceive individuals into providing personal financial, or other confidential information.



An unknown number of people recently received an email that appeared to be sent from Belvoir Federal Credit Union. We currently working to shut down the phishing site, and determining the extent to which our clients may have been affected.



Due to this attempts we have had to temporary suspend any future authorizations being conducted with your Credit Card. Please call us immediately at 1-970-368-4552

We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. Please disregard this notice if you already re-activate your card.



Belvoir Federal Credit Union cares about you and we want to ensure the highest level of protection

for you.



Sincerely,

Belvoir Federal Credit Union Fraud Department

You can contact us by phone, U.S. mail, or email. We look forward to hearing from you.



By phone:

1-970-368-4552

Or contact Customer Care at 1-970-368-4552



By U.S. mail:

Belvoir Federal Credit Union

14040 Central Loop

Woodbridge, VA 22193









If you do not have an account with us, please ignore this message as

it has reached your email address by mistake. We are sorry for any

inconvenience this may caused.





--

This message has been scanned for viruses and

dangerous content by MailScanner, and is

believed to be clean.







Abbey Bank PLC Phish

Posted by Dave Yadallee on
From - Tue Feb 19 12:02:08 2008

X-Account-Key: account2

X-UIDL: -?Y!!2>c!!IR[!!3\>"!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203854020.28159@km0h2A0lofIomgi3nFUi1g

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1JBrW3J008375

for ; Tue, 19 Feb 2008 04:53:37 -0700 (MST)

Received: (from root@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1JBrWwP008373

for dave@doctor.nl2k.ab.ca; Tue, 19 Feb 2008 04:53:32 -0700 (MST)

Resent-From: root@doctor.nl2k.ab.ca

Resent-Date: Tue, 19 Feb 2008 04:53:31 -0700

Resent-Message-ID: <20080219115331.GA3991@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203826862.14177@E5wdvmvQ4uuS3d7Oz7I94w

Received: from pmxout001.pins-web.net

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1J4KZRA019634

for ; Mon, 18 Feb 2008 21:20:55 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from max.icmc.nl (max.icmc.nl [194.105.138.77])

by pmxout001.pins-web.net (Postfix) with ESMTP id 7A3501C6B2D

for ; Tue, 19 Feb 2008 05:20:33 +0100 (CET)

Received: from localhost (localhost.localdomain [127.0.0.1])

by max.icmc.nl (Postfix) with ESMTP id 5D645730967

for ; Tue, 19 Feb 2008 05:20:33 +0100 (CET)

Received: from max.icmc.nl ([127.0.0.1])

by localhost (max.icmc.nl [127.0.0.1]) (amavisd-new, port 10024)

with LMTP id 09610-01-74 for ;

Tue, 19 Feb 2008 05:20:33 +0100 (CET)

Received: by max.icmc.nl (Postfix, from userid 33)

id 463BF730970; Tue, 19 Feb 2008 05:20:33 +0100 (CET)

To: root@nk.ca

Subject: {Spam?} Update your account information

From: Abbey Bank PLC

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id: <20080219042033.463BF730970@max.icmc.nl>

Date: Tue, 19 Feb 2008 05:20:33 +0100 (CET)

X-Virus-Scanned: at ICMC

X-Amavis-Alert: BAD HEADER Improper use of control character (char 0D hex) in message header 'MIME-Version'

MIME-Version: 1.0\r\n ^

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=2.99, required 1,

HTML_IMAGE_ONLY_32 1.32, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67,

SPF_HELO_PASS -0.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: ss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1JBrW3J008375

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: -?Y!!2>c!!IR[!!3\>"!













Alert




































Attention! Your Abbey account has been violated!

Our Records Indicated that your account may have been accessed by a third party or you may

have accessed it from a different location.

Please



click the link below and confirm your account details as a part of security measure. The Session id assigned to you will automatically be declined in 8 hours resulting your account access to be suspended for online use.




Click the link below to continue




target=_blank type=hidden>Click Here.




This

email is sent to you by our online account activity review bot.



Abbey Building Society


Security Advisor


Abbey PLC.






color="#808080">Please do not reply to this e-mail. Mail sent to this address cannot be

answered.













--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.




















More Paypal phish

Posted by Dave Yadallee on
From - Mon Feb 18 15:28:47 2008

X-Account-Key: account2

X-UIDL: g!3!!8'&!!*n!!47L!!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203779888.26919@4JaSzrE9L6U2Y/7MhD8zcg

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1IFI0Xg021325

for ; Mon, 18 Feb 2008 08:18:05 -0700 (MST)

Received: (from root@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1IFI0ED021324

for dave@doctor.nl2k.ab.ca; Mon, 18 Feb 2008 08:18:00 -0700 (MST)

Resent-From: root@doctor.nl2k.ab.ca

Resent-Date: Mon, 18 Feb 2008 08:18:00 -0700

Resent-Message-ID: <20080218151800.GC17079@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203772514.02394@YyL3s9kVHFrVPbV99jQyOw

Received: from mail.corpserv.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1IDEl7q010736

for ; Mon, 18 Feb 2008 06:15:01 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: by mail.corpserv.com (Postfix, from userid 1027)

id C3F171007AC1; Mon, 18 Feb 2008 06:59:39 -0600 (CST)

To: root@nk.ca

Subject: {Spam?} {Disarmed} Log In into your account to resolve the problem.

From: "Paypal.com"

Content-Type: text/html

Message-Id: <20080218125939.C3F171007AC1@mail.corpserv.com>

Date: Mon, 18 Feb 2008 06:59:39 -0600 (CST)

MIME-Version: 1.0

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=9.834, required 1,

HTML_IMAGE_ONLY_12 2.25, HTML_MESSAGE 0.00,

MIME_HEADER_CTYPE_ONLY 0.86, MIME_HTML_ONLY 1.67,

NORMAL_HTTP_TO_IP 0.00, NO_RELAYS -0.00, TVD_PP_PHISH 3.10,

URIBL_BLACK 1.96)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sssssssss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1IFI0Xg021325

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: g!3!!8'&!!*n!!47L!!






























   Your Online PayPal Password was blocked on 17/02/2008

  

Log In into your account to resolve the problem.







MailScanner has detected a possible fraud attempt from "124.124.32.100" claiming to be

Click here to Log In



















--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.









More Toronto Dominion Phish

Posted by Dave Yadallee on
From - Mon Feb 18 01:38:05 2008

X-Account-Key: account2

X-UIDL: 8Vg"!=[P!!/,W!!~X("!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203730122.71959@lIy1NbJm8IYsuQk3mW86MQ

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1I1SZFc022485

for ; Sun, 17 Feb 2008 18:28:40 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1I1SYhT022482

for dave@doctor.nl2k.ab.ca; Sun, 17 Feb 2008 18:28:34 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Sun, 17 Feb 2008 18:28:33 -0700

Resent-Message-ID: <20080218012833.GA22373@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203729417.09566@JKk4DQF0nN8v+/WAWudSlw

Received: from gallifrey.nk.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1I1Gjwd019132

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)

for ; Sun, 17 Feb 2008 18:16:50 -0700 (MST)

X-NetKnow-OutGoing-4.67.3-1-MailScanner-Watermark: 1203729364.35946@GGIZFEvzoOQcmwNZim3Agw

Received: from freedom1.dnsprotect.com

by gallifrey.nk.ca (8.14.2/8.14.2) with ESMTP id m1I1FoQJ021711

(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO)

for ; Sun, 17 Feb 2008 18:16:02 -0700 (MST)

X-Spam-Filter: check_local@gallifrey.nk.ca by digitalanswers.org

Received: from nobody by freedom1.dnsprotect.com with local (Exim 4.68)

(envelope-from )

id 1JQub8-0005Dm-5t

for doctor@nl2k.ab.ca; Sun, 17 Feb 2008 20:15:10 -0500

To: doctor@nl2k.ab.ca

Subject: {Spam?} Internet Banking Precaution Against Unauthorized From TD Group Financial

From: TD Canada Trust

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id:

Date: Sun, 17 Feb 2008 20:15:10 -0500

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - freedom1.dnsprotect.com

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]

X-AntiAbuse: Sender Address Domain - freedom1.dnsprotect.com

X-NetKnow-OutGoing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-NetKnow-OutGoing-4.67.3-1-MailScanner: Found to be clean

X-NetKnow-OutGoing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=3.879, required 1,

HTML_IMAGE_ONLY_24 2.21, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67,

NO_RELAYS -0.00)

X-NetKnow-OutGoing-4.67.3-1-MailScanner-SpamScore: sss

X-NetKnow-OutGoing-4.67.3-1-MailScanner-From: nobody@freedom1.dnsprotect.com

X-Spam-Status: Yes, Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=3.191, required 1,

HTML_IMAGE_ONLY_28 1.52, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67,

NO_RELAYS -0.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sss

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1I1SZFc022485

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: 8Vg"!=[P!!/,W!!~X("!



Security Update Notification






type="cite" cite>


src="https://easyweb46x.tdcanadatrust.com/images/EasywbLogo.gif">




face="Verdana" size="-1">




style='font-size:12.0pt



;font-family:Verdana;color:#099'>Internet Banking Alert : TD Canada Trust Important Notices !!!!










style='font-size:9.0pt ;font-family:Verdana;color:#099'>





Your access to Online Services has been suspended. Due to the fact that our Online Banking Security team has observed multiple logons on your internet banking account, from different blacklisted IP's.As a result of this,there has been a mis-match access Error code between your security Questions and Answers information.So therefore your internet banking has been block.If you are not responsible for this actions you are strictly advice to follow the directions in the reference below.






















href="http://www.clarkhatch-dangabay.com/components/com_mosforms/tdcanadatrust/banking.html">[TD Canada Trust Inertnet Banking Precaution *Sign On*]





*Important Notice Important Notice Be warned against unauthorized online banking fund transfer to unknown account.Security at TD canada Trust Bank is now 50% safety,kindly follow the process due and your internet banking will be secure against Unauthorized Access.Our online banking has recorded over one thousand unauthorized online banking transaction which leads to our customer losses.Your safety is important to us.





TD Canada Trust.




Your online Banking Services Guarantee.




2008 All Rights Reserved


TD Group Financial Services site - Copyright TD

Security Update Notification



type="cite" cite>


src="http://www.chase.com/ccpmweb/shared/image/guaranteelogo.gif">












--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.




--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







St.George Internet Banking Phish

Posted by Dave Yadallee on
From - Sat Feb 16 05:35:58 2008

X-Account-Key: account2

X-UIDL: ]ai"!G\d"!I@-"!V"+"!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203571976.91052@mm/9G3KQxq9uFAAjSHZV0w

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1G5WnD3010495

for ; Fri, 15 Feb 2008 22:32:54 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1G5Wn85010494

for dave@doctor.nl2k.ab.ca; Fri, 15 Feb 2008 22:32:49 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Fri, 15 Feb 2008 22:32:49 -0700

Resent-Message-ID: <20080216053249.GB10227@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203567429.87508@sBALqDwHE+3T1SMviPSWIA

Received: from invisi.invisihost.net

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1G4Gsar019413

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)

for ; Fri, 15 Feb 2008 21:17:09 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from nobody by invisi.invisihost.net with local (Exim 4.68)

(envelope-from )

id 1JQETk-0008AP-OM

for doctor@nl2k.ab.ca; Fri, 15 Feb 2008 23:16:44 -0500

To: doctor@nl2k.ab.ca

Subject: {Spam?} St.George Internet Banking Alert - Unauthorized Internet Banking Access Notification

X-PHP-Script: betterwebsitetraffic.net/support/web/chatrequests/mailerred.php for 127.0.0.1, 67.201.38.211

From: "St.George Internet Banking Notification"

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id:

Date: Fri, 15 Feb 2008 23:16:44 -0500

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - invisi.invisihost.net

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]

X-AntiAbuse: Sender Address Domain - invisi.invisihost.net

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=3.48, required 1,

HTML_IMAGE_ONLY_20 1.81, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67,

NO_RELAYS -0.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: sss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1G5WnD3010495

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: ]ai"!G\d"!I@-"!V"+"!



Nationwide Online Banking Security Update <br /><br /> <br /><br /> Notification






type="cite" cite>


src="http://i87.photobucket.com/albums/k147/pm75/ebay/splash_logo.gif">










face="Verdana" size="-1">




style='font-size:14.0pt



;font-family:Verdana;color:#000099'> Unauthorized Internet Banking Access



Notification














style='font-size: 9.0pt ;font-family:Verdana;color:'>







Dear St.George Customer,



Due to multiple login attempt error on your online account,we have



temporaly suspended your access to online banking and services.







To ensure your identity and your internet banking

account is secured,Upgrade and Update your NetBank Account now to enjoy the



benefits of online banking with



St.George Bank Limited.















href="http://cpcruzdelrio.juntaextremadura.net/modules/welcome.htm">[



Click Here] to procceed.






Security Advisory,




St.George Internet Banking







Important




Please update your records on or before 48 hours, a failure to update



your records will result in a temporal hold on your account

- it's one more way that St.George Internet Banking makes your online



banking experience



better..

2008 St.George Bank Limited. ABN 44 123 123 124.

Security Update <br /><br /> <br /><br /> Notification



type="cite" cite>


src="http://www.chase.com/ccpmweb/shared/image/guaranteelogo.gif">












--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







More Desjardins PHish

Posted by Dave Yadallee on
From - Tue Feb 12 15:35:16 2008

X-Account-Key: account2

X-UIDL: /Nn!!j$o"!Y1,!!:87"!

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203261366.59286@syXRCxuUaMfGAAi4qNPozQ

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1CFF22G006486

for ; Tue, 12 Feb 2008 08:15:47 -0700 (MST)

Received: (from root@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1CF1Zhw002938

for dave@doctor.nl2k.ab.ca; Tue, 12 Feb 2008 08:01:36 -0700 (MST)

Resent-From: root@doctor.nl2k.ab.ca

Resent-Date: Tue, 12 Feb 2008 08:01:33 -0700

Resent-Message-ID: <20080212150133.GA2802@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203256160.60468@nvrXp1i4H/habBf9lLPnFg

Received: from mail.acenm.com

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1CDmwuw010633

for ; Tue, 12 Feb 2008 06:49:13 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: from User ([74.53.119.194]) by mail.acenm.com with Microsoft SMTPSVC(6.0.3790.3959);

Tue, 12 Feb 2008 06:52:33 -0700

Reply-To:

From: "Desjardins"

Subject: {Spam?} Desjardins : Account Update !

Date: Mon, 11 Feb 2008 15:50:14 +0200

MIME-Version: 1.0

Content-Type: text/html;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 1

X-MSMail-Priority: High

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Message-ID:

X-OriginalArrivalTime: 12 Feb 2008 13:52:33.0281 (UTC) FILETIME=[844A0710:01C86D7E]

X-Null-Tag: 2d267b36eb642774f0f40c935ec8a409

X-Null-Tag: 62b41ed42c22730b986aee0ea8e24ce9

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=16.916, required 1, BOTNET 5.00,

DATE_IN_PAST_12_24 1.77, FORGED_MUA_OUTLOOK 4.20,

FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00,

HTML_IMAGE_ONLY_28 1.52, HTML_MESSAGE 0.00,

HTML_MIME_NO_HTML_TAG 1.05, MIME_HTML_ONLY 1.67,

MISSING_HEADERS 1.58, RDNS_NONE 0.10, RELAY_CHECKER 0.00,

RELAY_CHECKER_IPHOSTNAME 0.01, RELAY_CHECKER_KEYWORDS 0.01)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: ssssssssssssssss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1CFF22G006486

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: /Nn!!j$o"!Y1,!!:87"!






















src="http://www.geocities.com/punker_hk/bandeau.gif">



















Dear

Desjardins

member
size=2>

If you are receiving

this message is that you have one or more accounts

with our institution and we often verify the integrity of our online

members. This is done since we have many complaints of members that

cannot access their accounts, and that since Monday 10 February 2008.



You must complete this process in order to verify your account. This can be

done

by clicking on the link below and following the easy steps. In case that you

cannot access

your account, or you receive a message that your account is temporarily

unavailable,

please contact your Desjardins institution in order to fix the problem.





We are sorry for this inconvenience, we are doing all the possible to

resolve the problem

as soon as possible.





Click one of these two links to verify your account :





href="http://teacher.cish.mlc.edu.tw/accesd/des.htm"

type=hidden>Personal accounts here.

href="http://teacher.cish.mlc.edu.tw/accesd/des.htm"

type=hidden>Business accounts here.



The

Desjardins group thanks you for your understanding.






color="#009966" size=2>Desjardins / AccesD

size=2>Money working for people




color="#999999" size=1>Please do not reply to this e-mail as this is only a

notification. Mail

sent to this address cannot be answered.

























Copyright 2008 Fйdйration des caisses Desjardins du

Quйbec. All rights reserved.




color="#999999" size=1>






--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.







More Toronto Dominion Canada Trust Phish

Posted by Dave Yadallee on
From - Tue Feb 12 15:05:18 2008

X-Account-Key: account2

X-UIDL: 7AK"!Ne
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203260419.31744@Zt4kIGeUrFUgkG40nG3dyA

Return-Path:

Received: from doctor.nl2k.ab.ca

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1CF03Vd002570

for ; Tue, 12 Feb 2008 08:00:08 -0700 (MST)

Received: (from doctor@localhost)

by doctor.nl2k.ab.ca (8.14.2/8.14.1/Submit) id m1CF02Ap002566

for dave@doctor.nl2k.ab.ca; Tue, 12 Feb 2008 08:00:02 -0700 (MST)

Resent-From: doctor@doctor.nl2k.ab.ca

Resent-Date: Tue, 12 Feb 2008 08:00:02 -0700

Resent-Message-ID: <20080212150002.GD270@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-NetKnow-InComing-4.67.3-1-MailScanner-Watermark: 1203257704.20049@1L+GiY782yrwG0bvy4M2gA

Received: from cathoo.schedom-europe.net

by doctor.nl2k.ab.ca (8.14.2/8.14.2) with ESMTP id m1CEELN2019861

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)

for ; Tue, 12 Feb 2008 07:14:40 -0700 (MST)

X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org

Received: (qmail 26872 invoked by uid 48); 12 Feb 2008 15:09:28 +0100

Date: 12 Feb 2008 15:09:28 +0100

Message-ID: <20080212140928.26863.qmail@cathoo.schedom-europe.net>

To: doctor@doctor.nl2k.ab.ca

Subject: {Spam?} {Disarmed} EasyWeb IdentificationPlus

From: TD Canada Trust

Reply-To: onlinebanking@tdcanadatrust.com

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

X-Null-Tag: a81cb0a1c61645324ff17b769b928398

X-Null-Tag: 870f22720a4462d6ddbc4fa1a0aaf36b

X-NetKnow-InComing-4.67.3-1-MailScanner: Found to be clean, Found to be clean

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamCheck: spam,

SpamAssassin (not cached, score=2.479, required 1, HTML_MESSAGE 0.00,

HTML_TAG_BALANCE_BODY 0.81, MIME_HTML_ONLY 1.67, NO_RELAYS -0.00)

X-NetKnow-InComing-4.67.3-1-MailScanner-SpamScore: ss

X-Spam-Status: Yes, No

X-NetKnow-InComing-4.67.3-1-MailScanner-Information: Please contact the ISP for more information

X-MailScanner-ID: m1CF03Vd002570

X-NetKnow-InComing-4.67.3-1-MailScanner-From: doctor@doctor.nl2k.ab.ca

X-UIDL: 7AK"!Ne
















































EasyWeb



























TD Canada Trust



























































































































































































TD Security











EasyWeb IdentificationPlus





In an effort to protect your TD Canada Trust security protection does not recognize you at this computer for one of the following reasons.













Although we cannot disclose our investigative procedures that led to this conclusion, Please know that we took this action in order to maintain the safety of your account :



  • As a result of too many incorrect attempts to access and Login failures.

  • Change in IP address and SSL server security can affect your account. please confirm if someone have access to your account here: TD Account Login

  • Your account may have been compromised, Sometimes this happens when members respond to tropans,worms and other effected virus files.









We advise you to log in and perform the steps necessary to verify your account is safe and secure as soon as possible:






































ArrowLogin to TD Canada Trust Online Banking




































TD Group Financial Services Site - Copyright TD.
















--


This message has been scanned for viruses and


dangerous content by

MailScanner, and is


believed to be clean.