Spam and Phish | Entries from Monday, May 23. 2022

Urgency spam from Google

Posted by Dave Yadallee on Monday, May 23. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 17:16:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntHGO-000Fit-Ur

for dave@doctor.nl2k.ab.ca;

Mon, 23 May 2022 17:15:00 -0600

Resent-From: The Doctor

Resent-Date: Mon, 23 May 2022 17:15:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f50.google.com ([209.85.217.50]:34347)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntGlN-000Dz4-Oy

for doctor@doctor.nl2k.ab.ca;

Mon, 23 May 2022 16:43:01 -0600

Received: by mail-vs1-f50.google.com with SMTP id b7so16549929vsq.1

for ; Mon, 23 May 2022 15:42:40 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:sender:from:date:message-id:subject:to;

bh=uETXtarVwZqoq55uxf85U5YgwPdkdqdQ5+5+F1r3C0I=;

b=RvHckCG1eoH1Wn0LcvlVGl0aRZmTkkzD9vCo9Preb5OH6xas9y1OL2uB/1AXk85CMr

Em9313VvMs7cRyckN8i5kq8tWPopAaz/RwIKAsFp2BjJWQtjC9cWp9Iro9X4Hp8mpAoD

3yw8GPnJKeJvQPOpQV9YkQkofAJ0e9I77ZfAb44iYh42kfYwD2gVftuyGhBV5PmV+Skj

Y7da/e3NtSPRP1ZxRTkQeWqHN2UjF76k1Rlv7le/wpPZUBABWSzZ8uDKAWoAL04nFtP/

+SWm4QslfXzPss3pkilGCSdvVmdHKKz5GqqJfYoWOTF7EclIxk7ZWnX54wMXhGOj73r9

6OlA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:sender:from:date

:message-id:subject:to;

bh=uETXtarVwZqoq55uxf85U5YgwPdkdqdQ5+5+F1r3C0I=;

b=Lt7NwXeaJkTlGokhkZKWUA11RIE0MwkWS0F0Hvsu9kFMTxMEIj+LW+Z9vyuvZFWtWf

YxXbwbjFTz7TGMCmMl91Z65iEyJZOLPfITgi+6pBO7y1dfNic+K1tXC1nkP/p+OIGEoB

1xE1pqqMJeYvaUQie2mOjZA9erSDapoRmHdgfPEpQLRie4nh2MHOdsOzSAwmMvgVUvKv

6yH88qVzclayFfjO+3f6jKEaBjbHYTRcIkV0tR0DnIAW+uX51sKbK4CiwvySdD6cZa9C

HzDWDrShrx+NI9OD9XWN+nZHdK1V1wUGzGAKvTugz6Ua7jNNVP1LtUJpJVnEJXmYrYUV

4vKg==

X-Gm-Message-State: AOAM533IvV21/pKWx5c0o1AQvUMptLQU73YXAzmJCo9Zi3TRZ7R8yYkp

YU0xqaO6ddCfLjkJsCQfVShPHkJsOtHqISS4qjo=

X-Google-Smtp-Source: ABdhPJx9gXo6Xogw2ENloN1XgIbts04FiISBMx1i62M163rQ06lUHQnlJWGnF0LhrMnj9EmIkllHmaJm61wti95P9k0=

X-Received: by 2002:a67:dc82:0:b0:325:58cc:51c7 with SMTP id

g2-20020a67dc82000000b0032558cc51c7mr10234065vsk.63.1653345754756; Mon, 23

May 2022 15:42:34 -0700 (PDT)

MIME-Version: 1.0

Reply-To: mihirpat55@gmail.com

Sender: mrrobertdadams780@gmail.com

Received: by 2002:a05:612c:70b:b0:2ba:1307:6c0a with HTTP; Mon, 23 May 2022

15:42:33 -0700 (PDT)

From: "Mr. Mihir Patel"

Date: Mon, 23 May 2022 15:42:33 -0700

X-Google-Sender-Auth: lNWdzOySJv9ehlWbcvHK2EyqRNw

Message-ID:

Subject: Your Response Is Needed

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 12.8

X-Spam_score_int: 128

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings, I am contacting you for us to work together on

a profitable business because you bear the same last name with a late client

of our bank. I want to present you as his true next of kin to inherit his

fu [...]

Content analysis details: (12.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[mrrobertdadams780[at]gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.50 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[mrrobertdadams780[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mihirpat55[at]gmail.com]

2.5 HK_SCAM_N2 BODY: No description available.

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

0.0 HK_SCAM No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)

1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Your Response Is Needed

Greetings,

I am contacting you for us to work together on a profitable business

because you bear the same last name with a late client of our bank. I

want to present you as his true next of kin to inherit his fund in our

bank. As his account officer I have some necessary documents in my

disposal to achieve this.

I therefore reckoned that you could receive this fund as you are

qualified by your last name. All the legal papers will be processed in

your name as the deceased's true next of kin.

Please revert back to me for further details if you can handle this with me.

Mr. Mihir Patel

Customer relation officer

CRA phish from UTAH USA (Rockion LLC)

Posted by Dave Yadallee on Monday, May 23. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 14:26:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntEcB-000H9o-2m

for dave@doctor.nl2k.ab.ca;

Mon, 23 May 2022 14:25:19 -0600

Resent-From: The Doctor

Resent-Date: Mon, 23 May 2022 14:25:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from gallifrey.nk.ca ([204.209.81.3]:26858)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntCwv-000Bkd-C8

for doctor@nk.ca;

Mon, 23 May 2022 12:38:39 -0600

Received: from [140.228.29.21] (port=53509 helo=cra-arc.gc.ca)

by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntCwa-000GgS-Ml

for root@gallifrey.nk.ca;

Mon, 23 May 2022 12:38:19 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: root@gallifrey.nk.ca

Subject: ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires

Date: 24 May 2022 02:38:10 +0800

Message-ID: <20220524023810.6C7799B3ED18E859@cra-arc.gc.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency

Content analysis details: (9.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency

Content analysis details: (9.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

Subject: {SPAM?} ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires

=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

" />

=3Dedge" />

0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">

padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">

table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">

ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">

display: table;

width: 100%" class=3D"preheader__inner--inline">

splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20

splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20

ine">

display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">

s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello

t;">You have a refund of $2680.50 CAD from Canada Revenue Agency

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider">

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 24th May, 2022.

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

=

l-width=3D"182" height=3D"48" style=3D"background-color: #1c1601; color: #f=

fffff !important; font-family: PT Serif, Georgia, serif; border-radius: 4px=

;">Deposit Your Refund

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>

=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">

height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">

=20=20=20=20=20=20=20=20

=20=20

nt-size:20px;">

=20=20

=20=20=20=20=20=20

display: table;

width: 100%" class=3D"layout__inner">

Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

display: table;

width: 100%" class=3D"layout__inner">

25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

Margin-right: 20px" class=3D"column__padding--inline">

line-height: 19px" class=3D"email-footer__subscription--inline">

lang=3D"en">Preferences |
scribe style=3D"text-decoration: underline;">Unsubscribe

Gmail phish

Posted by Dave Yadallee on Monday, May 23. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 14:15:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntERr-00090c-AY

for dave@doctor.nl2k.ab.ca;

Mon, 23 May 2022 14:14:39 -0600

Resent-From: The Doctor

Resent-Date: Mon, 23 May 2022 14:14:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f41.google.com ([209.85.167.41]:39641)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nt9Sl-00056J-Vi

for doctor@doctor.nl2k.ab.ca;

Mon, 23 May 2022 08:55:19 -0600

Received: by mail-lf1-f41.google.com with SMTP id y32so26020091lfa.6

for ; Mon, 23 May 2022 07:54:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to

:content-transfer-encoding;

bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;

b=aUWYha+vSZwnWREnhyabjvAPViyTbcuxcLgfeWKt+NdH14je4XwyakDo6r/JzIYtXU

xB/jqkxwngtkEv3WR47sQ26rMP0pFvGb0pruo7m0t4gc5sjL9xvtuuQOVUzJtGMmyfzd

1eRRaKyJmHqQuzrAMfcoFh0K9OmsgMKSj3Sp2iX2nfg6mRYqcp5ENL1itRPPT/9r+Wm6

pdWaKTj5UYqfCCBiXZ1YxGWwCqt7gV2Cuv5U37ObQejvSYhjjaOJlWUUFHac92wYdikg

4vdT3ozH+qIYmsu1TtQ6YcnVINjyVVovLSTi5fqujAIoYwtKq8qrcxQWHpd9WERbtM+D

jb1Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to:content-transfer-encoding;

bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;

b=BYkZ+F3OOYgydymsUujw4V+4uHPHxcc/DJ9bk6sAC93mcyShmy2FqkMWVEgS5E6yg7

/ZyFFrzqJHx+vN4oExQYJ0pRP2HhVuy6wIIAKuAMcLt7SsnKN88ZcJgsp/D8LIDeEdx5

/ByxYVF8cV9L/u0QKOdUbvb4Sr1m37eWhtlTcXMYjU+evtWI7vB/c0EfzTSfbJ2tZnIA

8ARTan1yNxFCcyYNoRCPVpGhEHj8LrJGk/8+RvUGlrcsCyg2vw0lAKwtxaiZYU+0QUuz

kmfki1pF2P9C6WxRl/YFNb6yMArj4AxP0vjbSs0HTeXt1V2pwLfjRAY0t60lxYG5Q9nr

lmuA==

X-Gm-Message-State: AOAM530R5cQXQR5qsW/ZxUODcp5mzSmR1u6skailpuKMI99WBVwmuYQ7

KAgHxHov4iuMJOAiS+OxO3b5FOTeEu8kXzHArag=

X-Google-Smtp-Source: ABdhPJyj48LmTPbryylDIA+/bYYXklZnvNevN31ipCckrarBO6xyTsmRMiwhf+ZktuytGaUmzgvJOhAmsztG8JxYPp8=

X-Received: by 2002:a05:6512:3183:b0:473:dffc:18ac with SMTP id

i3-20020a056512318300b00473dffc18acmr16039603lfe.217.1653317691838; Mon, 23

May 2022 07:54:51 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6512:3a95:0:0:0:0 with HTTP; Mon, 23 May 2022 07:54:49

-0700 (PDT)

Reply-To: judgemartinsesq@aol.com

From: office

Date: Mon, 23 May 2022 07:54:49 -0700

Message-ID:

Subject: TO YOUR ATTENTION!

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 10.0

X-Spam_score_int: 100

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Department of the Treasury. Attention! I am Ms. Janet Yellen

secretary to the U.S Department of the Treasury. We just got confirmation

from the Financial Crimes Enforcement Network Finecn Authorities concerned

that your funds' inheritance [...]

Content analysis details: (10.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[unitedbankforafrica214[at]gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.41 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[unitedbankforafrica214[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 MONEY_BARRISTER Lots of money from a UK lawyer

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} TO YOUR ATTENTION!

Department of the Treasury.

Attention!

I am Ms. Janet Yellen secretary to the U.S Department of the Treasury.

We just got confirmation from the Financial Crimes Enforcement Network

Finecn Authorities concerned that your funds' inheritance has been

re-approved for a transfer value amount of USD$5.5Million Dollars by

the new government.

I have solicited proper security and guarantee of these approved

funds, discrepancy and or risk on delivery. Your safety and security

is assured. Therefore, you are advised to contact Barrister Judge

Martins, being the Attorney in charge.

Note, and be advised that your funds have been coded for security

reasons. So contact the Barrister Judge for more information on how to

obtain your remaining proper document and the cost obligations

clearance for hitch-free delivery to you.

Contact him thus:

Attn. Judge Martins,

Director Foreign Operations Department.

Address: 28 Liberty St, New York,

NY 10005, United States.

Email: judgemartinsesq@aol.com

Make sure you resend to him all vital information needed for clearance

via: Your full Name, Address, Drivers License or valid Id, Company=E2=80=99=

s

name and address, telephone etc.

Ask him other things he may require to complete clearance within 72

hours to deliver your funds finally to you.

Ms. Janet Yellen

Treasury Secretary.

urgency donation spam from Google

Posted by Dave Yadallee on Monday, May 23. 2022

Return-path:

Envelope-to: dave@nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 05:55:00 -0600

Received: from mail-ej1-f47.google.com ([209.85.218.47]:38833)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nt6dD-000NaH-IX

for dave@nl2k.ab.ca;

Mon, 23 May 2022 05:53:54 -0600

Received: by mail-ej1-f47.google.com with SMTP id n10so28257013ejk.5

for ; Mon, 23 May 2022 04:53:34 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=oCB860jPEgxMXHpbgmQrpvvyqwVZYyQqKFFcRaUfAUc=;

b=ULSAwIL8lWB4+JctAnFboaC6xVFnj00vnV/jkkLJATM/byRW+MfY4ZLFDZoVDwGmax

kJ3bGgoKjh2mZizerB2Sz0Nbb77wneQEwsA3QkrMU9cF4TQjP6NlpHGgdEuNO2mWk/PH

CUTno/cybyBFE3+xJ2fqEtE1idtCcdzFolyspl3wf6wJALxis3KtbJI+06lgRg+8RtZj

lfxNqaCf7CIXRvoAImR1Lx2Nn857/zyVk/evmqyA9jvAze3HueOZK4xgdS3r/pcHkvY/

+jZlFcJXdcmGaKbSs6W5T9FeFpr1Rd5I8MNtATcxYKtwKFa25zIBxe6OVPlNXv+VqvMW

EhUg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=oCB860jPEgxMXHpbgmQrpvvyqwVZYyQqKFFcRaUfAUc=;

b=RxMSntUH09LKMJ/YXdC8NjeKQAeDJsxC0xL+QhvLDyT4fBwM1Faicaec0Ve5L8nDcJ

8fAPtifsJBRO8dKytc/a6aFPhS3PATW8h6C1UGyGzBIkGqOw+iM6zMjWch/+mm46+gm8

RvVa9J9BM8BPR98JEyL1i/LhsJETS4dWJz/0u69D8LdMXajYzPkFMLLbB9DyL7zKr8KT

FY91rSY6VEov6rDsx2kLMX/HzQflC1qX036WirKmGyyXZk94F2A+fGTPzkktckqiZsbt

uE8HknjL/pTsnmcKzhdbhw44gI1KI0C566YpqsABKGzrOzSSqjEj00c5yxIur1enXtdQ

yEzg==

X-Gm-Message-State: AOAM533QBigcQeyO5d6YYFXRw3TCX9tBboUb1ssmwSXNlVLnplffi/gJ

Stt77CU/E75yi3xj4QCrodR8JjZTNZLYayz7YPU=

X-Google-Smtp-Source: ABdhPJxsyi1KzSMZUGqJLb2N5ZxQdmyF1kcvYZRah5drjPdFcUdpQ8YPxVtRK8RpO04puDqk1nyzunYrSKVNVxSPV2A=

X-Received: by 2002:a17:906:90c9:b0:6fe:9e40:5cc with SMTP id

v9-20020a17090690c900b006fe9e4005ccmr16570779ejw.367.1653306807761; Mon, 23

May 2022 04:53:27 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6f02:a062:b0:1c:8253:8578 with HTTP; Mon, 23 May 2022

04:53:27 -0700 (PDT)

Reply-To: stefanopessina466@yahoo.com

From: Stefano Pessina

Date: Mon, 23 May 2022 04:53:27 -0700

Message-ID:

Subject: Re

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: dave@nl2k.ab.ca

--

I'm Stefano Pessina, I have a donation for you, Email for more info!

Bank of America phish coming from Google

Posted by Dave Yadallee on Monday, May 23. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 07:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nt8Lw-000DrX-9X

for dave@doctor.nl2k.ab.ca;

Mon, 23 May 2022 07:44:08 -0600

Resent-From: The Doctor

Resent-Date: Mon, 23 May 2022 07:44:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f66.google.com ([209.85.208.66]:41764)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nt1Px-0009p7-Kw

for www@doctor.nl2k.ab.ca;

Mon, 23 May 2022 00:19:53 -0600

Received: by mail-ed1-f66.google.com with SMTP id h11so16591209eda.8

for ; Sun, 22 May 2022 23:19:25 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;

b=pxIeRxBHo5vb2IobcAPezGjoSx9fEd3fHcDufI2wNQhig8LmV40q8MsXnjkGFcMuot

DOf3JvQiiMWvIZrV+bcs+MQLQ/bkdBs55ucBJ2qP/g66i4pR7W4thLt0+9QQXlH8dLbI

HWYB5eI5fjFPwpws9AaAhcfQ33l7quUghcbKz1FNqKbs2anNurBDNf4f8QEaMpH2/2el

p9YzidZpp3QtsB2DswWqzN3mvlManEwignCUWKtQzoSRagoahyUo0rNLh8Gjb4kqnNeN

g8nMOfYRhT8hmXyJW+mrgD7za/G861+Ex1Tiyrt/9TgsACwZchkrj3s/K81vY8Fxn5gA

+hWA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;

b=qcHB1/O8TMqcWQiyMPM+xOMI3HTl4xwqd9yWYiuOMLBzUJIHcT6hdeeyH/bq1F0gKg

/EP6AoR/b4bHPeA03c1Pfz3PpPNMA+R/Je8KJ6x09xviPGTxl/GR8N4FM7A2zbpy93h5

gCiS02bweHElIscIqi6THLfcOLPrE5TwBunqyfFQcjq+OENqZUvvgVcn113+Wbg9FlZI

3gRrZhtIKuFtT5N5rf6+e6t07tdcgM4DkH6vDOm04Os73wtYnyxpKHhpOrMIoZ5LctNm

2BaFwSUfmZ3/002ioQ1BoC2wYZfzSxjyWBAJ0UEXZjLw7v1bm42Em4z/6oHIFWDp2dsg

IJCg==

X-Gm-Message-State: AOAM533XL3x5MZuqLBScAx8RzNlcJ0bIWC6lObhAZ6MDDHWSXgtSqsid

x6L16c6J0tiGWDgYrwqLN1pOh7i43nVPLOWdZ4M=

X-Google-Smtp-Source: ABdhPJwMLDyOSStWNO90NPtO/ifzF47W1fRLmyOq0Gsaqj4i2rAaqbUG/68cdhTipONqnsJesaj8lMy/692oTp7VAL8=

X-Received: by 2002:a05:6402:845:b0:42b:303f:1ef8 with SMTP id

b5-20020a056402084500b0042b303f1ef8mr14023888edz.49.1653286758682; Sun, 22

May 2022 23:19:18 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a17:906:774c:0:0:0:0 with HTTP; Sun, 22 May 2022 23:19:18

-0700 (PDT)

Reply-To: ba4391285@gmail.com

From: Bank Of America

Date: Mon, 23 May 2022 07:19:18 +0100

Message-ID:

Subject: From Bank of America E-mail us now.

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: www@doctor.nl2k.ab.ca

X-Spam_score: 18.6

X-Spam_score_int: 186

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: From Bank of America Address: 301 S College St, Charlotte,

NC 28202, USA RE/NO: 002-BOA/0047/2022 Founded: 1928 Attn: Account Holder

: This is to notify you that a new development has been made today from the

world bank in which the Bank of America has been authorized to release your

INHERITANCE funds, Now the Bank has been ordered t [...]

Content analysis details: (18.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[frankcollins085[at]gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.66 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[frankcollins085[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[ba4391285[at]gmail.com]

2.5 MILLION_USD BODY: Talks about millions of dollars

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

2.9 YOU_INHERIT Discussing your inheritance

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 FILL_THIS_FORM Fill in a form with personal information

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

0.0 MONEY_FORM Lots of money if you fill out a form

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of

money

1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs

3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases

Subject: {SPAM?} From Bank of America E-mail us now.

>From Bank of America

Address: 301 S College St, Charlotte,

NC 28202, USA

RE/NO: 002-BOA/0047/2022

Founded: 1928

Attn: Account Holder :

This is to notify you that a new development has been made today from

the world bank in which the Bank of America has been authorized to

release your INHERITANCE funds, Now the Bank has been ordered to

release your overdue FUND to you.

We have made several contacts to reach you to claim your outstanding

payment, but we did not hear from you till now, so I wish you will

respond and contact us for this notice to claim your fund. We the

Bankers has created an online Bank account on your behalf and the

online Bank account has been funded with the total sum of $4.5 Million

USD in which you would be able to withdraw any amount of money daily

from the online account, Please what Ever you want to Ask make sure

that You Copy this Email and send an email to me (ba4391285@gmail.com)

Below are the online bank account details

Created Opened Account Amount// $4.5 Million USD

Balance $4.5 Million USD

CHECKING ACCOUNT:

Name: Bank Of America

Account No: 7943730460

Routing No: 121042882 (for international transfer)

Routing No: 121000248 (Domestic)

The bank has also stated that you could be able to start accessing the

online bank account once the transfer code has been issued to you. So

send the following details to me as soon as you get this mail.

Your full name:

home or office address:

phone number:

your Country:

Copy of your ID Card:

Your Age:

Marital Status:

Treat as urgent as I will be waiting for the details.

THANKS FOR YOUR COOPERATION.

Respectively Yours

Mr. Brian Moynihan

DIRECTOR BANK OF AMERICA.

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	May '22					Forward →
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

INTERAC E-TRANSFER REFUND: #8644O= N87

INTERAC E-TRANSFER REFUND: #8644O=

N87