Royal Bank of Canada Phish from Microsoft
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Jul 2022 08:54:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oGLwB-0004Rh-9w
for dave@doctor.nl2k.ab.ca;
Tue, 26 Jul 2022 08:53:31 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Jul 2022 08:53:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [52.249.196.180] (port=65009 helo=ib.rbc.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oGLPa-000MA7-P1
for postmaster@nl2k.ab.ca;
Tue, 26 Jul 2022 08:19:55 -0600
Reply-To: f.morgan12@yahoo.com
From: RBC Royal Bank
To: postmaster@nl2k.ab.ca
Subject: Your Attention is Required
Date: 26 Jul 2022 14:19:28 +0000
Message-ID: <20220726141928.2C77F4A016A39806@ib.rbc.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.6
X-Spam_score_int: 76
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: More Information Required Your account needs more information
to keep your account secure. We regret to inform you that your account was
recently double-charged for a payment. We tried to issue you a refund automatically
but f [...]
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sendgrid.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[f.morgan12[at]yahoo.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ibanking%40ib.rbc.com;ip=52.249.196.180;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=ib.rbc.com;ip=52.249.196.180;r=doctor.nl2k.ab.ca]
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in
phishing mails
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
Subject: {SPAM?} Your Attention is Required
w3.org/1999/xhtml">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
=3D"font-size:14px; font-family:arial,helvetica,sans-serif; color:#000000; =
background-color:#FFFFFF;">
font-size: 14px" class=3D"webkit">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%" cellpadding=3D"0" cellspacing=3D"0" borde=
r=3D"0" width=3D"100%" class=3D"wrapper" bgcolor=3D"#FFFFFF">
uter" align=3D"center" cellpadding=3D"0" cellspacing=3D"0" border=3D"0">
=3D"0" border=3D"0">
cellspacing=3D"0" border=3D"0" style=3D"width:100%; max-width:600px;" alig=
n=3D"center">
e=3D"padding:0px 0px 0px 0px; color:#000000; text-align:left;" bgcolor=3D"#=
FFFFFF" width=3D"100%" align=3D"left">
eader-hide" role=3D"module" data-type=3D"preheader" border=3D"0" cellpaddin=
g=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"display: none !important;=
mso-hide: all; visibility: hidden; opacity: 0; color: transparent; height:=
0; width: 0;">
font-size: 14px; margin: 0; padding: 0">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%; table-layout: fixed;" class=3D"wrapper" r=
ole=3D"module" data-type=3D"image" border=3D"0" cellpadding=3D"0" cellspaci=
ng=3D"0" width=3D"100%" data-muid=3D"6ad0916d-aa5c-4e0a-93cd-c02baca8ea84">=
px;" valign=3D"top" align=3D"center">
00000; text-decoration:none; font-family:Helvetica, arial, sans-serif; font=
-size:16px; max-width:20% !important; width:20%; height:auto !important;" c=
lass=3D"max-width" border=3D"0" width=3D"120" alt=3D"" data-proportionally-=
constrained=3D"true" data-responsive=3D"true" src=3D"http://cdn.mcauto-imag=
es-production.sendgrid.net/32724a092ad701f7/8968ea1b-5ec0-4277-8288-eba63a9=
41316/512x512.png" height=3D"120">
=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-la=
yout: fixed;" data-muid=3D"87a492b9-b53c-4895-ae63-fa9b6f456d56" data-mc-mo=
dule-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"color: #0d5cca; font-size: 24px; font-family: "lucida sans unicod=
e", "lucida grande", sans-serif">More Information Re=
quired
family: "lucida sans unicode", "lucida grande", sans-se=
rif">
if;
font-size: 14px">
der=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table=
-layout: fixed;" data-muid=3D"e34902f9-fa0b-44a8-9d6c-7c3c7cbc7bae">
ight=3D"100%" valign=3D"top" bgcolor=3D"">
center" width=3D"100%" height=3D"1px" style=3D"line-height:1px; font-size:1=
px;">
=
=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-la=
yout: fixed;" data-muid=3D"31cfc55c-f773-4f23-8098-33b3e19d0441" data-mc-mo=
dule-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"font-family: "trebuchet ms", helvetica, sans-serif">Your acc=
ount needs more information to keep
your account secure.
We regret to inform you that your account was recently double-charged for a=
payment. We tried to issue you a refund automatically but failed due to an=
error in your billing information.validate your bank account for security =
purposes.
;
font-size: 14px">
module" data-role=3D"module-button" data-type=3D"button" role=3D"module" st=
yle=3D"table-layout:fixed;" width=3D"100%" data-muid=3D"a2a0ab10-bd40-4b7b-=
97dd-faec554e1512">
ding:0px 0px 0px 0px;">
=3D"wrapper-mobile" style=3D"text-align:center;">
style=3D"border-radius:6px; font-size:16px; text-align:center; background-=
color:inherit;">
tyle=3D"background-color:#0D5CCA; border:1px solid #333333; border-color:#3=
33333; border-radius:6px; border-width:1px; color:#ffffff; display:inline-b=
lock; font-size:14px; font-weight:normal; letter-spacing:0px; line-height:n=
ormal; padding:12px 18px 12px 18px; text-align:center; text-decoration:none=
; border-style:solid;" target=3D"_blank">Validate Your Account
er=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-=
layout: fixed;" data-muid=3D"884e1b5d-4c32-4fc5-b356-8054f6f5c47f" data-mc-=
module-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"font-size: 11px; font-family: "trebuchet ms", helvetica, san=
s-serif">Royal Bank of Canada Website, =A9 1995-2020
Legal | Accessibility | Privacy & Security
nt-family: arial,helvetica,sans-serif;
font-size: 14px">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Jul 2022 08:54:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oGLwB-0004Rh-9w
for dave@doctor.nl2k.ab.ca;
Tue, 26 Jul 2022 08:53:31 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Jul 2022 08:53:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [52.249.196.180] (port=65009 helo=ib.rbc.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oGLPa-000MA7-P1
for postmaster@nl2k.ab.ca;
Tue, 26 Jul 2022 08:19:55 -0600
Reply-To: f.morgan12@yahoo.com
From: RBC Royal Bank
To: postmaster@nl2k.ab.ca
Subject: Your Attention is Required
Date: 26 Jul 2022 14:19:28 +0000
Message-ID: <20220726141928.2C77F4A016A39806@ib.rbc.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.6
X-Spam_score_int: 76
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: More Information Required Your account needs more information
to keep your account secure. We regret to inform you that your account was
recently double-charged for a payment. We tried to issue you a refund automatically
but f [...]
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sendgrid.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[f.morgan12[at]yahoo.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ibanking%40ib.rbc.com;ip=52.249.196.180;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=ib.rbc.com;ip=52.249.196.180;r=doctor.nl2k.ab.ca]
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in
phishing mails
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
Subject: {SPAM?} Your Attention is Required
w3.org/1999/xhtml">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
=3D"font-size:14px; font-family:arial,helvetica,sans-serif; color:#000000; =
background-color:#FFFFFF;">
font-size: 14px" class=3D"webkit">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%" cellpadding=3D"0" cellspacing=3D"0" borde=
r=3D"0" width=3D"100%" class=3D"wrapper" bgcolor=3D"#FFFFFF">
uter" align=3D"center" cellpadding=3D"0" cellspacing=3D"0" border=3D"0">
=3D"0" border=3D"0">
cellspacing=3D"0" border=3D"0" style=3D"width:100%; max-width:600px;" alig=
n=3D"center">
e=3D"padding:0px 0px 0px 0px; color:#000000; text-align:left;" bgcolor=3D"#=
FFFFFF" width=3D"100%" align=3D"left">
eader-hide" role=3D"module" data-type=3D"preheader" border=3D"0" cellpaddin=
g=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"display: none !important;=
mso-hide: all; visibility: hidden; opacity: 0; color: transparent; height:=
0; width: 0;">
font-size: 14px; margin: 0; padding: 0">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%; table-layout: fixed;" class=3D"wrapper" r=
ole=3D"module" data-type=3D"image" border=3D"0" cellpadding=3D"0" cellspaci=
ng=3D"0" width=3D"100%" data-muid=3D"6ad0916d-aa5c-4e0a-93cd-c02baca8ea84">=
px;" valign=3D"top" align=3D"center">
00000; text-decoration:none; font-family:Helvetica, arial, sans-serif; font=
-size:16px; max-width:20% !important; width:20%; height:auto !important;" c=
lass=3D"max-width" border=3D"0" width=3D"120" alt=3D"" data-proportionally-=
constrained=3D"true" data-responsive=3D"true" src=3D"http://cdn.mcauto-imag=
es-production.sendgrid.net/32724a092ad701f7/8968ea1b-5ec0-4277-8288-eba63a9=
41316/512x512.png" height=3D"120">
=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-la=
yout: fixed;" data-muid=3D"87a492b9-b53c-4895-ae63-fa9b6f456d56" data-mc-mo=
dule-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"color: #0d5cca; font-size: 24px; font-family: "lucida sans unicod=
e", "lucida grande", sans-serif">More Information Re=
quired
family: "lucida sans unicode", "lucida grande", sans-se=
rif">
if;
font-size: 14px">
der=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table=
-layout: fixed;" data-muid=3D"e34902f9-fa0b-44a8-9d6c-7c3c7cbc7bae">
ight=3D"100%" valign=3D"top" bgcolor=3D"">
center" width=3D"100%" height=3D"1px" style=3D"line-height:1px; font-size:1=
px;">
=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-la=
yout: fixed;" data-muid=3D"31cfc55c-f773-4f23-8098-33b3e19d0441" data-mc-mo=
dule-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"font-family: "trebuchet ms", helvetica, sans-serif">Your acc=
ount needs more information to keep
your account secure.
We regret to inform you that your account was recently double-charged for a=
payment. We tried to issue you a refund automatically but failed due to an=
error in your billing information.validate your bank account for security =
purposes.
;
font-size: 14px">
module" data-role=3D"module-button" data-type=3D"button" role=3D"module" st=
yle=3D"table-layout:fixed;" width=3D"100%" data-muid=3D"a2a0ab10-bd40-4b7b-=
97dd-faec554e1512">
ding:0px 0px 0px 0px;">
=3D"wrapper-mobile" style=3D"text-align:center;">
style=3D"border-radius:6px; font-size:16px; text-align:center; background-=
color:inherit;">
tyle=3D"background-color:#0D5CCA; border:1px solid #333333; border-color:#3=
33333; border-radius:6px; border-width:1px; color:#ffffff; display:inline-b=
lock; font-size:14px; font-weight:normal; letter-spacing:0px; line-height:n=
ormal; padding:12px 18px 12px 18px; text-align:center; text-decoration:none=
; border-style:solid;" target=3D"_blank">Validate Your Account
er=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" style=3D"table-=
layout: fixed;" data-muid=3D"884e1b5d-4c32-4fc5-b356-8054f6f5c47f" data-mc-=
module-version=3D"2019-10-22">
n:inherit;" height=3D"100%" valign=3D"top" bgcolor=3D"" role=3D"module-cont=
ent">
font-size: 14px">
f;
font-size: 14px; font-family: inherit; text-align: center">
e=3D"font-size: 11px; font-family: "trebuchet ms", helvetica, san=
s-serif">Royal Bank of Canada Website, =A9 1995-2020
Legal | Accessibility | Privacy & Security
nt-family: arial,helvetica,sans-serif;
font-size: 14px">