Investment Gmail spam
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Jul 2022 18:01:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oCriO-000JBT-0l
for dave@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 18:00:52 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Jul 2022 18:00:51 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f52.google.com ([209.85.167.52]:39802)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oCrgj-000J54-EG
for doctor@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 17:59:14 -0600
Received: by mail-lf1-f52.google.com with SMTP id y11so13681583lfs.6
for; Sat, 16 Jul 2022 16:58:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=eh5COAWpW0fmWc2sHdRoYE/EowEkxjEvK8a4WjlyEuk=;
b=eGNxXusHwQCancmPZaigAQeHc7jwUhYWa2CQHTlNwAZ9KNlL7XR/9+FGQUaz/KvcE4
FG+2b3PuAq50BnPVcMeDBTaLL6bpzinfmdHFE/0cQ9SmYO/yZ4YElGg5mCZfw7K16tvq
F3Dz5cxrg6DO5FOD3PwPiwwjZiW7fQcl6wgqfmPuFleFlpHd62vmOs7h7ZlcbrCuYwCL
OMUloTLIymrHv+BlAR0bejKssRwfeJqCZthcgcJWxWrxhA2/+cozb4m0GChtLsLeEdTR
7tNgYLy8LtCCMp0opPcPbU+Kl9+dlCs+b7KC+3DONFSfUiulPW7Qno71m+nWJrhDzSjA
xSyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=eh5COAWpW0fmWc2sHdRoYE/EowEkxjEvK8a4WjlyEuk=;
b=JFjAA9vzDsKvYz1GVAlM85so8P5KUElsHFQ0xOjZoeL9idaS4uspFtBKO1D4myClNr
9DKvMByZy0IjCEZqbWLNvPYehILUpFb5JAbFo/BsoNYG1uFa/uY4XczrFmL6FvC9fXa0
rkCXeF4/0WlnH2vz99mOX97ZV8LC9FLr1gN5H8zOr4SUjo41KOr6psLdnzmje9UdpOeT
ty9ryvfZaojtbQ+NmS0YMp49ADYoKeRm6qG3hmywV5PCoovHjSiziwlaSU5pUpJ/MvLB
lSyYGa30c201ayxMeP8mEeGzbDvx8vI0t1jU9QSAQCipiYnX39qRwk3KXhj/3Yqf3/SF
fwAg==
X-Gm-Message-State: AJIora8gOLjKdLo/DM9nFcPkh1JZ8SOkhEpM0mIukQdTLwkKVBv672AM
xdbWdHeeMNW7x1xRsSAqVWouLLgzC8qA5RLVKF8=
X-Google-Smtp-Source: AGRyM1thQo39H/GF1Pe3BUuZ1bC52F4Oj50axKJjZUokBdaDfBXTXyJ3HZ/7g5UgONA6rjK5WxyD/DGi0M89ovrOFAk=
X-Received: by 2002:a05:6512:3fa6:b0:47d:c87e:f8f8 with SMTP id
x38-20020a0565123fa600b0047dc87ef8f8mr12161565lfa.159.1658015924797; Sat, 16
Jul 2022 16:58:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:aa6:ca08:0:b0:1f8:d789:40b5 with HTTP; Sat, 16 Jul 2022
16:58:44 -0700 (PDT)
Reply-To: jamesdidiza@gmail.com
From: JHBSA
Date: Sun, 17 Jul 2022 01:58:44 +0200
Message-ID:
Subject: CONTRACT SUM
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 20.2
X-Spam_score_int: 202
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Ma. My name is Mr. James Didiza" a senior government
official in South Africa, I am the Chief of Staff in charge for contract
awards & execution. Also the supervisor of all contracts in Department of
Publ [...]
Content analysis details: (20.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.52 listed in wl.mailspike.net]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[tnthulas0013[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[tnthulas0013[at]gmail.com]
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
2.5 MILLION_USD BODY: Talks about millions of dollars
0.9 URG_BIZ BODY: Contains urgent matter
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} CONTRACT SUM
Dear Sir/Ma.
My name is Mr. James Didiza" a senior government official in South
Africa, I am the Chief of Staff in charge for contract awards &
execution. Also the supervisor of all contracts in Department of
Public Works & Infrastructure. In 2020 During Corona Virus (Pandemic)
Covid-19, I personally Facilitate and supervised the awarded contracts
for supplies of building materials and constructions of ultra modern
shopping malls, low cost housing units, airports maintenance and
Stadiums to Improve the standard of living in this country during the
Pandemic, In some provinces such as the Western Cape, Eastern Cape,
Gauteng & Natal here in South Africa.
Serving in the board, I deliberately inflated and over invoiced the
contract sum, leaving an excess of US$30, 000,000.00 (Thirty Million
United States Dollars Only). At the completion of the contracts, the
real contract sum was paid to the original contractors, leaving the
excess, which was reported to the Government that it belonged to the
sub-contractor that handled part of the original contract. But the
company submitted as the beneficiary was non-existing foreign company,
which was a purported attempt to divert the money for private use. I
do not intend to mince words with you, I have to tell you the truth;
this is a deal but completely risk-free and genuine because the
contract has been perfectly and genuinely executed and completed. It
depends on whether you are interested or not.
Right now this amount is due for payment and is floating in the
treasury not attached to anyone/company. I am the only person who knew
the origin of this fund. But I cannot claim it by my self because I am
still a civil servant. Therefore I am looking for a trustworthy
foreign company or individual whose name can be used to claim this
money for our mutual benefit.
This is strictly a business deal, but it=E2=80=99s completely risk-free and
secure because I will use my official positions to source all the
necessary approvals, official documents and certificates that will
back up the fund to reflect that you/your company genuinely executed
and completed the contract. All necessary arrangements have been put
in place in all the relevant departments for immediate approval of
this payment.
For your co-operation, I have agreed to offer you 2.5% of the entire
amount on conclusion of the transaction while 75% will be for my
family & I. If you are interested in this proposal, I want you to
respond immediately through my personal e-mail account stated below
for further information and directives.
This transaction is expected to be completed within 5 or 8 work days
and it=E2=80=99s highly confidential and discreet. Thank you for your
co-operation. Your urgent reply is awaited through my private email
accounts below.
Best Regards,
Mr. James Didiza.
Private Email: didizasa@gmail.com
(Dept. of Public Works)
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Jul 2022 18:01:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oCriO-000JBT-0l
for dave@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 18:00:52 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Jul 2022 18:00:51 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f52.google.com ([209.85.167.52]:39802)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oCrgj-000J54-EG
for doctor@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 17:59:14 -0600
Received: by mail-lf1-f52.google.com with SMTP id y11so13681583lfs.6
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=eh5COAWpW0fmWc2sHdRoYE/EowEkxjEvK8a4WjlyEuk=;
b=eGNxXusHwQCancmPZaigAQeHc7jwUhYWa2CQHTlNwAZ9KNlL7XR/9+FGQUaz/KvcE4
FG+2b3PuAq50BnPVcMeDBTaLL6bpzinfmdHFE/0cQ9SmYO/yZ4YElGg5mCZfw7K16tvq
F3Dz5cxrg6DO5FOD3PwPiwwjZiW7fQcl6wgqfmPuFleFlpHd62vmOs7h7ZlcbrCuYwCL
OMUloTLIymrHv+BlAR0bejKssRwfeJqCZthcgcJWxWrxhA2/+cozb4m0GChtLsLeEdTR
7tNgYLy8LtCCMp0opPcPbU+Kl9+dlCs+b7KC+3DONFSfUiulPW7Qno71m+nWJrhDzSjA
xSyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=eh5COAWpW0fmWc2sHdRoYE/EowEkxjEvK8a4WjlyEuk=;
b=JFjAA9vzDsKvYz1GVAlM85so8P5KUElsHFQ0xOjZoeL9idaS4uspFtBKO1D4myClNr
9DKvMByZy0IjCEZqbWLNvPYehILUpFb5JAbFo/BsoNYG1uFa/uY4XczrFmL6FvC9fXa0
rkCXeF4/0WlnH2vz99mOX97ZV8LC9FLr1gN5H8zOr4SUjo41KOr6psLdnzmje9UdpOeT
ty9ryvfZaojtbQ+NmS0YMp49ADYoKeRm6qG3hmywV5PCoovHjSiziwlaSU5pUpJ/MvLB
lSyYGa30c201ayxMeP8mEeGzbDvx8vI0t1jU9QSAQCipiYnX39qRwk3KXhj/3Yqf3/SF
fwAg==
X-Gm-Message-State: AJIora8gOLjKdLo/DM9nFcPkh1JZ8SOkhEpM0mIukQdTLwkKVBv672AM
xdbWdHeeMNW7x1xRsSAqVWouLLgzC8qA5RLVKF8=
X-Google-Smtp-Source: AGRyM1thQo39H/GF1Pe3BUuZ1bC52F4Oj50axKJjZUokBdaDfBXTXyJ3HZ/7g5UgONA6rjK5WxyD/DGi0M89ovrOFAk=
X-Received: by 2002:a05:6512:3fa6:b0:47d:c87e:f8f8 with SMTP id
x38-20020a0565123fa600b0047dc87ef8f8mr12161565lfa.159.1658015924797; Sat, 16
Jul 2022 16:58:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:aa6:ca08:0:b0:1f8:d789:40b5 with HTTP; Sat, 16 Jul 2022
16:58:44 -0700 (PDT)
Reply-To: jamesdidiza@gmail.com
From: JHBSA
Date: Sun, 17 Jul 2022 01:58:44 +0200
Message-ID:
Subject: CONTRACT SUM
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 20.2
X-Spam_score_int: 202
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Ma. My name is Mr. James Didiza" a senior government
official in South Africa, I am the Chief of Staff in charge for contract
awards & execution. Also the supervisor of all contracts in Department of
Publ [...]
Content analysis details: (20.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.52 listed in wl.mailspike.net]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[tnthulas0013[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[tnthulas0013[at]gmail.com]
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
2.5 MILLION_USD BODY: Talks about millions of dollars
0.9 URG_BIZ BODY: Contains urgent matter
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} CONTRACT SUM
Dear Sir/Ma.
My name is Mr. James Didiza" a senior government official in South
Africa, I am the Chief of Staff in charge for contract awards &
execution. Also the supervisor of all contracts in Department of
Public Works & Infrastructure. In 2020 During Corona Virus (Pandemic)
Covid-19, I personally Facilitate and supervised the awarded contracts
for supplies of building materials and constructions of ultra modern
shopping malls, low cost housing units, airports maintenance and
Stadiums to Improve the standard of living in this country during the
Pandemic, In some provinces such as the Western Cape, Eastern Cape,
Gauteng & Natal here in South Africa.
Serving in the board, I deliberately inflated and over invoiced the
contract sum, leaving an excess of US$30, 000,000.00 (Thirty Million
United States Dollars Only). At the completion of the contracts, the
real contract sum was paid to the original contractors, leaving the
excess, which was reported to the Government that it belonged to the
sub-contractor that handled part of the original contract. But the
company submitted as the beneficiary was non-existing foreign company,
which was a purported attempt to divert the money for private use. I
do not intend to mince words with you, I have to tell you the truth;
this is a deal but completely risk-free and genuine because the
contract has been perfectly and genuinely executed and completed. It
depends on whether you are interested or not.
Right now this amount is due for payment and is floating in the
treasury not attached to anyone/company. I am the only person who knew
the origin of this fund. But I cannot claim it by my self because I am
still a civil servant. Therefore I am looking for a trustworthy
foreign company or individual whose name can be used to claim this
money for our mutual benefit.
This is strictly a business deal, but it=E2=80=99s completely risk-free and
secure because I will use my official positions to source all the
necessary approvals, official documents and certificates that will
back up the fund to reflect that you/your company genuinely executed
and completed the contract. All necessary arrangements have been put
in place in all the relevant departments for immediate approval of
this payment.
For your co-operation, I have agreed to offer you 2.5% of the entire
amount on conclusion of the transaction while 75% will be for my
family & I. If you are interested in this proposal, I want you to
respond immediately through my personal e-mail account stated below
for further information and directives.
This transaction is expected to be completed within 5 or 8 work days
and it=E2=80=99s highly confidential and discreet. Thank you for your
co-operation. Your urgent reply is awaited through my private email
accounts below.
Best Regards,
Mr. James Didiza.
Private Email: didizasa@gmail.com
(Dept. of Public Works)