Netflix Phish from Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 28 Jul 2022 08:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oH4ne-0007lp-5J

for dave@doctor.nl2k.ab.ca;

Thu, 28 Jul 2022 08:47:42 -0600

Resent-From: The Doctor

Resent-Date: Thu, 28 Jul 2022 08:47:42 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [104.193.255.97] (port=39793 helo=peelregion.ca)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1oH4Lo-0002MO-9N

for sales@nk.ca;

Thu, 28 Jul 2022 08:19:00 -0600

Received: from 10.217.147.138

by atlas104.aol.mail.ne1.yahoo.com with HTTPS; Tue, 26 Jul 2023 14:26:23 +0000

X-Originating-Ip: [209.85.128.43]

Received-SPF: pass (domain of gmail.com designates 209.85.128.43 as permitted sender)

Authentication-Results: atlas104.aol.mail.ne1.yahoo.com;

dkim=pass header.i=@gmail.com header.s=20210112;

spf=pass smtp.mailfrom=gmail.com;

dmarc=pass(p=NONE,sp=QUARANTINE) header.from=gmail.com;

X-Apparently-To: sales@nk.ca; Tue, 26 Jul 2023 14:26:23 +0000

X-YMailISG: cYNlrlQWLDuhA_rM6FS8BuODa.csU8UsIfp.uMQZ8AXKPK2O

aF6P.TROuqcCRrbkfHRgM7_tJOqxKBCJtEsbLKdM4kpQTBgDfMJtzOCt7djJ

A0IUEqwq03UbMgKPtP.uWSylN5392v7j85hvb5sk.SgfsPh.cwX2oYqxugRU

EBQNak7SwBtIOvxyLChZBikBKWR_uoaP59GUe5pVJ7Z5oXPceYahSQ8VXFwF

YYU6_TlIY6b_W3UEXKoWG5p3Va6G7TtDNJz74e_WHmFLoQKoTNWWU84hVNZX

E3Pr5OKgolziqhbThC3s7q1Wv2P1hHhouWeC3iNvo2UcUQ9NrXOuGabHRBip

hGYVhiDH3iaN9d7JzMZhZGt7.yn0s2GpFWnqUBnGTzGX9Y_Nrwle7.dUy.kc

bQJyqs.abdF4Dd7vxX4OvoBiiMFpZGtKyHfQupK7vQ.nBbSVPvEV.9BLH_kU

iHSDIPaC93vUpdDhLkD5Ut7zY2RrbYB9IUc5rZoiK0xjHCrsRYC68lxKV6_t

.qvDr15.wC87CtUYg81U_aq2Kt.BwVR4SKF0k79hjQvXXSEsJEzM7.FBOOte

rfuINR5ZnvbCGz4nIdrS5rG6ch1vEhakNKaDPH_jr.kkFixZVSyGF3F3dLMc

.T29hfNstdoIUzdzyeiQtoQUQy5_PYqcLFXioM2j0x2p.pKmHlZ3jBrG8FAf

Tryb0ddb5UgP7ho61w1YY.xjcnrjCEn_w8EmIUCXNEMe.7Df0A7gtddNo.P8

QNcyYK.u8oe8jry7XodfTwV_Iqr4qRpic5toeV4bMs_oRwB8kgjz0I_XdKcu

Vfx7wigXwouSq_Pu6v_O1CgBlFyS4uOUlohF8bkoIDCe7Pz_j9oGrc9SF1nv

TbktMCDR_DXuBnNtWLAPpFnn9WfwzaNCxgcNmkeUpFGz3_TSFKh5f3_iwMfO

DR29.sIYlAywHlID7fFyey7xjV_8QkmWKMXduKnsKWmh9uQ8P.cuLWJy0POu

FXt.8VcZb.uJJmbnBqeIB8hGmZ5xxRZIOd8_sOA00TkDeCj24hZYPFZ78nz2

rspjrud5Vrw1ZvbaSNg3D9J4

Received: from 209.85.128.43 (EHLO mail-wm1-f43.google.com)

by 10.217.147.138 with SMTPs

(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);

Tue, 26 Jul 2023 14:26:23 +0000

Received: by mail-wm1-f43.google.com with SMTP id c187-20020a1c35c4000000b003a30d88fe8eso11434908wma.2

for ; Tue, 26 Jul 2023 07:26:23 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:from:date:message-id:subject:to;

bh=bDHtZ3G4IzGd5CSMBILtOxUEfNmBtCOakG/EOYw5Jaw=;

b=KgvS3WwE2W4V0DeFyxih9MLZ9iSjQcH3jbjp90pVhfuCt9efpO/rClWAapYMHOpIEf

uRJf5J5jm+xoGRTYmiVS033ZeiIFzKzO6Oj3p3v74QLmJMIRB7oPkUEexLut8HqYrt+o

tV6HpnYTNvEmQjehXc6YiZXu3oMN63KrckTduuU7tpsnzl2p8tbqQ0h4Nvh/k+SrYNEN

g6XXOhNIP5pDbWiPzYLgpzJiHC4xLQikDolE3Wm/tit62nTqmOi/s+5a0Sb9Re5+jnfs

VsrbBLnBV5B+QVP3wWISBnD31Q9IgRa5/tEWx1Pu9pimV88j9zQyZSRE/gX1nbuGwuKB

0k+Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:from:date:message-id:subject:to;

bh=bDHtZ3G4IzGd5CSMBILtOxUEfNmBtCOakG/EOYw5Jaw=;

b=hlc2HZ01E+CLwvwrblr1G4JQ7f8wBc8ofPXtp0HK9QN6Jv6gQgBYYFVQOs1WH8YTXw

6ZtsqUev4qOB9A3rsnySPwo6oeT9Nv2m/Oan1PWSUorUgtVYYe6jE1DfAKOX9UvbbEE6

XpMmQGwlbUGdvxCsMBRydqm7vxoUvPOKLjjjhcr82N/xkVOSyNbAZ1p9V69DEwJyMtvY

MTgP5GLO7B9EDASXj7kC+OydHAWHeREnHLCw0DDZD34u/VGM3yb6+n+fym1/Yovb6ukj

MRBCo2zVKJpNvDeFQdC+rKNPCIZ3s0v5td9FuTXYVKoE3JVotqy7Rb0Vv6OOxCZef3ec

PGhA==

X-Gm-Message-State: AJIora8Gx1y3HibfVm/Y1dWR39G8xe1gP52XtYmENs2a85pMlmG/8pJQ

oax3+WMcKyj+v3qoKdLEUwYMDobXZpkR7ue4V0nS8LCI0+PXlg==

X-Google-Smtp-Source: AGRyM1s7MHEtpRrctOHsQbiiEYjPe0zW+MgR40ncnCoLWi7HoAFcaZ4TgjSvkHQP+g+u1N6l1uMe/7gjwGHLSubSmB0=

X-Received: by 2002:a05:600c:4e92:b0:3a3:2a1c:d005 with SMTP id

f18-20020a05600c4e9200b003a32a1cd005mr24149541wmq.170.1658845582746; Tue, 26

Jul 2023 07:26:22 -0700 (PDT)

MIME-Version: 1.0

From: "Netflix Survey"

Date: Tue, 26 Jul 2023 07:26:12 -0700

Message-ID:

Subject: You have been selected to get an exclusive reward!

To: sales

Content-Type: text/html;













































Achieving success is not easy, you will need a lot of hard work, learning from failure and persistence in life






































Netflix














































Dear Netflix user,
You have been selected to get an exclusive reward!
To qualify for this special offer, simply complete our 30-second marketing survey about your experiences with Netflix.
Click the OK to start.




























OK ✔














To stop these please go here or write to:
616 Corporate Way Ste.2-9092
Valley Cottage, NY 10989










click here to remove yourself from our emails list



Urgency spam from Google

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 28 Jul 2022 00:23:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oGwuk-000MH2-Ts

for dave@doctor.nl2k.ab.ca;

Thu, 28 Jul 2022 00:22:30 -0600

Resent-From: The Doctor

Resent-Date: Thu, 28 Jul 2022 00:22:30 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f48.google.com ([209.85.222.48]:40933)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oGsbw-000DIn-Uw

for doctor@netknow.ca;

Wed, 27 Jul 2022 19:46:53 -0600

Received: by mail-ua1-f48.google.com with SMTP id r12so223506uaf.7

for ; Wed, 27 Jul 2022 18:46:31 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=+gETPVq1/31XSt8TCJEtNNAvfeaHtQl6QlHGr7nBtW8=;

b=RGSckbdWQzgpsmZuZCrbdrVIT+KsDeVI8eUH/q067R7N4ICWltXnsHX6LuiE8xt6Y2

PwNG3vNrcylqcAxChrHCz8O2BAQkmUFbvLGAytKb76wwEGBP0rayIn5qXEboXPDuYNZr

mmYzj7kmkys+xnR225nyLWygDegSOarLB7r2SG8ZkScM1eZxCtgNbRPHQIXQiiRYhSf7

Ruz2nCZ60OPehILuYL5LkjA/InucYDv7Zgjw7YuZEqUZU7+MzBZWFn+ATmyYNeBrzRVh

DVA/sfWLB9n08lKFUf1fHUqyMD3BUXd+UUiPC32VjC9PABoqT2tnd176wueRvDilyOxZ

gBtA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=+gETPVq1/31XSt8TCJEtNNAvfeaHtQl6QlHGr7nBtW8=;

b=onZZP/VMsF1qWkIXHBN6/neZmhs3zE8F5fduB1eNdaA9QlLnn6jU9AU25fEbxP4+KW

Lydx2fsvAbgKEyIrBy7n2E3N5L2zg+MthHRFZL1kGr0Cvr7I4Qnvo2OeTLkA0PkxPjvs

X2drSeU2J8dyM01z2OfZ6VxrxiSAp2cyTmW6B9DilENbqV2ZTm902WvoGx0T4WdKDs7s

/JJ0ZZ7H7zLM6Qojrl3k1WCOjgWgMZ8crQbQTZ4V+6lHArKVl9NC7E4jWY3YceHxZTDI

oyx3ZANRZtFd6ypAgdQG78z9AQY/OS6nDACSKu3kmaepV+j0ESkQYDbBkAPE6Yb3xJAG

dlpA==

X-Gm-Message-State: AJIora8fLPDM+bkW42TxmFDhLkYiebVsSyb5vbWcBKVP6rStRNTLmyTe

n5jWqI95ynRE1yEj6SPQxgIQUTRRuygkAySP9A0=

X-Google-Smtp-Source: AGRyM1uIg70uQY7kthFDjhfN2P8SHhinasFseA5WMzr65XmYeUCR7SEkXa9L1hleaieyXdGZ/0c/BIOOYCxRvGfELHc=

X-Received: by 2002:ab0:16de:0:b0:382:9f1e:af88 with SMTP id

g30-20020ab016de000000b003829f1eaf88mr7563563uaf.39.1658972785172; Wed, 27

Jul 2022 18:46:25 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a59:1506:0:b0:2d7:11bd:316b with HTTP; Wed, 27 Jul 2022

18:46:24 -0700 (PDT)

Reply-To: fotisangelos3@gmail.com

From: "Fotis Angelos (GCP.)"

Date: Thu, 28 Jul 2022 02:46:24 +0100

Message-ID:

Subject: VERY URGENT.

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@netknow.ca

X-Spam_score: 25.3

X-Spam_score_int: 253

X-Spam_bar: +++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day to you. I am Mr. Fotis Angelos and a personal Accountant

Director of National bank of Greece. It is with a good spirit of heart that

I opened up this great opportunity to you. A deceased client of mine that

s [...]



Content analysis details: (25.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: bbc.com]

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

DNSWL was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[209.85.222.48 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.48 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[fotisangelos3[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[edwardjimmychambers[at]gmail.com]

2.5 HK_SCAM_N2 BODY: No description available.

0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

2.5 MILLION_USD BODY: Talks about millions of dollars

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

2.0 HK_SCAM No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} VERY URGENT.



Good day to you.



I am Mr. Fotis Angelos and a personal Accountant Director of National

bank of Greece. It is with a good spirit of heart that I opened up

this great opportunity to you. A deceased client of mine that shares

almost the same name as yours died as a result of heart-related

condition on march 2015, He died due to the death of the members of

his family in the plane crash disaster on the 8th of March 2014 in

Malaysia where they all lost their lives. You can read the website

below.



https://www.bbc.com/news/business-59517821



There is a draft account opened in my bank in 1999 by the deceased. He

was a CEO/a textile company owner, business man, a miner at Halkidiki

Peninsula mining company here in Greece. He was a geologist and

consultant to several other mining conglomerates operating in Greece,

China, Taiwan, Japan, Indonesia, Pakistan, Vietnam all in Asia.

Before he passed away on 12th march 2015 he had nobody as the next of

kin to his Bank account.



The amount in this account is currently $19,500,000 (Nineteen Million

Five Hundred Thousand United States Dollars) I want to present you as

his beneficiary/next of kin, I will use my position and influence in

our bank to make them release this money to you for us to share.



Let me know if you are interested in working with me by sending your

full name, Mobile telephone and fax number. As soon as I hear from

you, I will direct you on what to do next.



Best Regards,

Mr. Fotis Angelos.