Phish | Entries from Thursday, August 25. 2022

WELCOME = TO COSTCO SHOPPING SURVEY!

WELCOME =

TO COSTCO SHOPPING SURVEY!

UPS phish from Qualtrics LLC Utah

Posted by Dave Yadallee on Thursday, August 25. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 25 Aug 2022 12:42:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRHnL-0000uV-K1

for dave@doctor.nl2k.ab.ca;

Thu, 25 Aug 2022 12:41:35 -0600

Resent-From: The Doctor

Resent-Date: Thu, 25 Aug 2022 12:41:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp8.iad1.qemailserver.com ([162.247.216.57]:30546)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oREwS-0007BA-R0

for root@nk.ca;

Thu, 25 Aug 2022 09:38:56 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/relaxed; t=1661441900;

s=qualtrics_e60519; d=ups.com;

h=Date:From:Sender:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe;

l=24035; bh=PUfpdaBph3u+bWKHgN6+vx0w38djNOnsN95ctMbMXNI=;

b=eCeOC4etQTs5NKLcJGVicHWRf+9VpsWhQ8vZMDWMjsHfmkA42HydN9K5/daZeiSk

nJtg1eziJjshX65BR3OXoLOCn9LqPIMpNVd9TaMna5CKCgqtyQ9gQ7rlM8DVC1Pf4KV

uGMWjdkqd6bswyllpmNZC79AE1HHYei5vogF5XSE=

Date: Thu, 25 Aug 2022 09:38:20 -0600 (MDT)

From: Greg Kane

Sender: Greg Kane

Reply-To: Greg Kane

To: Dave Yadallee

Message-ID: <2036187397.25414813.1661441900691@jwm9-app.iad1.qprod.net>

Subject: UPS And I Would Like Your Opinion

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_25414810_479863320.1661441900681"

X-QUMID: UR_57O4FTykC6btlop-EMD_vi0a4BxuJFar0n5-CTR_3faB95BI2LeT9SS-SV_5pe7qC7lyj23Hfw

List-Unsubscribe: ,

------=_Part_25414810_479863320.1661441900681

Content-Type: multipart/alternative;

boundary="----=_Part_25414811_1381060667.1661441900681"

------=_Part_25414811_1381060667.1661441900681

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

Dear Valued Customer,

We'd like to hear about your experience with UPS as a recipient of an

international shipment(package originating from outside of Canada). Please =

take

2 minutes to complete this survey.

Based on your experience receiving international shipments via UPS, how

likely are you to recommend UPS to a friend or colleague? Not at all likely

Extremely likely 0

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%220%22%7D&Q_PopulateValidate=3D1>

1

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=3D1>

2

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%222%22%7D&Q_PopulateValidate=3D1>

3

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%223%22%7D&Q_PopulateValidate=3D1>

4

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%224%22%7D&Q_PopulateValidate=3D1>

5

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%225%22%7D&Q_PopulateValidate=3D1>

6

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%226%22%7D&Q_PopulateValidate=3D1>

7

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%227%22%7D&Q_PopulateValidate=3D1>

8

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%228%22%7D&Q_PopulateValidate=3D1>

9

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%229%22%7D&Q_PopulateValidate=3D1>

10

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateRespo=

nse=3D%7B%22QID1%22:%2210%22%7D&Q_PopulateValidate=3D1>

You can also access directly <>here

xuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail>

.

Thank you for your participation.

Greg Kane

VP of Marketing, UPS Canada

This message was sent to you by United Parcel Service Canada Ltd.

1930 Derry Road East, Mississauga, ON L5S 1E2, ups.com.

You can update your email preferences

ss=3Droot@nk.ca>

orunsubscribe*

@nk.ca>

from UPS marketing email at any time. For information on UPS's privacy

practices refer to theUPS Privacy Notice

.page>

.

Note: If you unsubscribe from UPS marketing emails you may continue to

receive other email from UPS such as UPS Quantum View=C2=AE Notify shipment=

alerts,

details about your account(s) and operational information regarding existin=

g

products,

services and systems.

=C2=A92022 United Parcel Service of America, Inc. UPS, the UPS brandmark, a=

nd the

color brown are trademarks of United Parcel Service of America, Inc. All ri=

ghts

reserved.

faB95BI2LeT9SS&LID=3DUR_57O4FTykC6btlop&DID=3DEMD_vi0a4BxuJFar0n5&BT=3DdXBz=

Y3g&_=3D1>

------=_Part_25414811_1381060667.1661441900681

Content-Type: multipart/related;

boundary="----=_Part_25414812_1072820933.1661441900681"

------=_Part_25414812_1072820933.1661441900681

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

=3Dutf-8">
name=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0 ">
eta name=3D"format-detection" content=3D"telephone=3Dno">

adding=3D"0" cellspacing=3D"0" width=3D"100%">

=09

=09=09

=09=09=09

=09=09

=09

=09=09=09
=3D"0" class=3D"em_main_table" style=3D"width: 600px;" width=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

10px 10px;" valign=3D"top">

=09=09=09=09=09=09

dent: 0in; vertical-align: baseline; unicode-bidi: embed; direction: ltr; -=

ms-word-break: normal;">

=09=09=09=09=09=09

=09=09=09=09=09=09

dent: 0in; vertical-align: baseline; unicode-bidi: embed; direction: ltr; -=

ms-word-break: normal;">
.ups.com/CP/Graphic.php?IM=3DIM_do5cUjGPXD1tt8G" style=3D"width: 600px; hei=

ght: 150px;" width=3D"600">

=09=09=09=09=09=09

=09=09=09=09=09=09
y:Verdana,Geneva,sans-serif;">Dear Valued Customer,

=09=09=09=09=09=09

=09=09=09=09=09=09
y:Verdana,Geneva,sans-serif;">We'd like to hear about your experience with =

UPS as a recipient of an international shipment (package origi=

nating from outside of Canada). Please take 2 minutes to com=

plete this survey.

=09=09=09=09=09=09

=09=09=09=09=09=09
yle=3D"background-color:rgb(217,212,216);border:1px solid #BEBBBE;border-ra=

dius:3px;font-family:arial,sans-serif;max-width:600px;">

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

px 16px;">
a,Geneva,sans-serif;">Based on your experience receiving international ship=

ments via UPS, how likely are you to recommend UPS to a friend or colleague=

?

=09=09=09=09=09=09=09=09=09
g=3D"0" style=3D"color:#A5A5A5;font-size:13px;" width=3D"100%">

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

k">
a,sans-serif;">Not at all likely
ck">
va,sans-serif;">Extremely likely

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09
g=3D"0" style=3D"text-align:center;" width=3D"100%">

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

border-radius:3px;background:#fff;border:1px solid #fff;">
nt-family:Verdana,Geneva,sans-serif;">
ps.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dvi0a4BxuJFar0n5_5pe7qC7lyj23Hfw_C=

TR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_PopulateResponse=3D%7B%22QID1%22=

:%220%22%7D&Q_PopulateValidate=3D1" style=3D"display:block;text-decorat=

ion:none;color:#000000;background:#fff;line-height:40px;border-radius:3px;w=

hite-space:nowrap;">0
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">1
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%222%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">2
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%223%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">3
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%224%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">4
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%225%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">5
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%226%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">6
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%227%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">7
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%228%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">8
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%229%22%7D&Q_PopulateValidate=3D1" sty=

le=3D"display:block;text-decoration:none;color:#000000;background:#fff;line=

-height:40px;border-radius:3px;white-space:nowrap;">9
>

=09=09=09=09=09=09=09=09=09=09=09=09 &nb=

sp;
border-radius:3px;background:#fff;border:1px solid #fff;">
nt-size:16px;">
ef=3D"https://customerfeedback.ups.com/jfe/form/SV_5pe7qC7lyj23Hfw?Q_DL=3Dv=

i0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3Demail&Q_=

PopulateResponse=3D%7B%22QID1%22:%2210%22%7D&Q_PopulateValidate=3D1" st=

yle=3D"display:block;text-decoration:none;color:#000000;background:#fff;lin=

e-height:40px;border-radius:3px;white-space:nowrap;">10
td>

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09=09

dent: 0in; vertical-align: baseline; unicode-bidi: embed; direction: ltr; -=

ms-word-break: normal;">
-family:Verdana,Geneva,sans-serif;">You can also access directly
ef=3D"
fw?Q_DL=3Dvi0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS&Q_CHL=3De=

mail'>here">
_5pe7qC7lyj23Hfw?Q_DL=3Dvi0a4BxuJFar0n5_5pe7qC7lyj23Hfw_CTR_3faB95BI2LeT9SS=

&Q_CHL=3Demail">here.

=09=09=09=09=09=09

=09=09=09=09=09=09
y:Verdana,Geneva,sans-serif;">Thank you for your participation.
n>

=09=09=09=09=09=09

=09=09=09=09=09=09

dent: 0in; vertical-align: baseline; unicode-bidi: embed; direction: ltr; -=

ms-word-break: normal;">
-family:Verdana,Geneva,sans-serif;">Greg Kane

=09=09=09=09=09=09VP of Marketing, UPS Canada

=09=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09=09

1px solid rgb(217,212,216); border-image: none; text-align: center; line-he=

ight: normal; text-indent: 0in; vertical-align: baseline; unicode-bidi: emb=

ed; direction: ltr; -ms-word-break: normal; background-color: rgb(217,212,2=

16);">This message w=

as sent to you by United Parcel Service Canada Ltd.

=09=09=09=09=09=091930 Derry Road East, Mississauga, ON L5S 1E2, ups.com.
r>

=09=09=09=09=09=09

=09=09=09=09=09=09You can
es/enteremail?loc=3Den_CA&emailAddress=3Droot@nk.ca">update your email =

preferences or
bscribe?loc=3Den_CA&id=3Droot@nk.ca">unsubscribe* from UPS marketin=

g email at any time. For information on UPS's privacy practices refer to th=

e
ivacy-notice.page">UPS Privacy Notice.

=09=09=09=09=09=09

=09=09=09=09=09=09*Note: If you unsubscribe from UPS marketing emails you m=

ay continue to receive other email from UPS such as UPS Quantum View=C2=AE =

Notify shipment alerts, details about your account(s) and operational infor=

mation regarding existing products,

=09=09=09=09=09=09services and systems.

=09=09=09=09=09=09

=09=09=09=09=09=09=C2=A92022 United Parcel Service of America, Inc. UP=

S, the UPS brandmark, and the color brown are trademarks of United Parcel S=

ervice of America, Inc. All rights reserved.

=09=09=09=09=09=09

=09=09=09=09=09=09

>
amp;RID=3DCTR_3faB95BI2LeT9SS&LID=3DUR_57O4FTykC6btlop&DID=3DEMD_vi=

0a4BxuJFar0n5&BT=3DdXBzY3g&_=3D1">

=09=09=09=09=09=09

=09=09=09

ack.ups.com/WRQualtricsContacts/Watermark.php?UID=3DUR_57O4FTykC6btlop&=

EMD=3DEMD_vi0a4BxuJFar0n5&CGC=3DCTR_3faB95BI2LeT9SS&SV=3DSV_5pe7qC7=

lyj23Hfw">

------=_Part_25414812_1072820933.1661441900681--

------=_Part_25414811_1381060667.1661441900681--

------=_Part_25414810_479863320.1661441900681--

Categories: Phish

0 Comments

More Sexual Blackmail phishing scam from Greece
Posted by Dave Yadallee on Thursday, August 25. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 25 Aug 2022 07:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRCcD-000Mhr-85

for dave@doctor.nl2k.ab.ca;

Thu, 25 Aug 2022 07:09:45 -0600

Resent-From: The Doctor

Resent-Date: Thu, 25 Aug 2022 07:09:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [62.74.84.54] (port=23624 helo=ppp062074084054.access.hol.gr.84.74.62.in-addr.arpa)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRA3d-0005Zu-5p

for sales@nk.ca;

Thu, 25 Aug 2022 04:25:58 -0600

Date: 25 Aug 2022 15:09:28 +0200

From:

X-Priority: 3

Message-ID: <119754601.202208251525@nk.ca>

To:

Subject: Waiting for the payment.

MIME-Version: 1.0

Content-Type: text/plain; charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Spam_score: 5.0

X-Spam_score_int: 50

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello! Have you recently noticed that I have e-mailed you

from your account? Yes, this simply means that I have total access to your

device. For the last couple of months, I have been watching you. Still wondering

how is that possible? Well, you have been infected with malware originating

from an adult website that you visited. You may not [...]

Content analysis details: (5.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=62.74.84.54;r=doctor.nl2k.ab.ca]

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 BITCOIN_XPRIO Bitcoin + priority

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.9 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Waiting for the payment.

Hello!

Have you recently noticed that I have e-mailed you from your account?

Yes, this simply means that I have total access to your device.

For the last couple of months, I have been watching you.

Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.

With help of the Trojan Virus, I have complete access to a PC or any other device.

This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.

You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.

I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.

Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.

I can also share access to all your e-mail correspondence and messengers that you use.

All you have to do to prevent this from happening is - transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 17wkbqoaUCUUxw3N1QocutFJTH47Zb8jPQ

After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.

You have 2 days (48 hours) to complete this transaction.

Once you open this e-mail, I will receive a notification, and my timer will start ticking.

Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.

I have been working on this for a very long time by now; I do not give any chance for a mistake.

If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.

Categories: Phish

0 Comments

Dating phish from China
Posted by Dave Yadallee on Thursday, August 25. 2022

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Thu, 25 Aug 2022 00:45:00 -0600

Received: from [179.51.119.51] (port=64247 helo=hvtelevision.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oR6ao-000DNP-4W

for dave@nk.ca;

Thu, 25 Aug 2022 00:44:00 -0600

Message-ID:

List-Unsubscribe:

Date: Thu, 25 Aug 2022 01:45:13 -0500

From: Mrs. Isabeau Strzelecki

MIME-Version: 1.0

To: Dave

Subject: Do you want me again? I love you madly I want .

Content-Type: multipart/alternative;

boundary="------------14819887588916101496"

X-Spam_score: 35.5

X-Spam_score_int: 355

X-Spam_bar: +++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: It is oblique, in the evening Above physician.Good afternoon

my body explorer.My name is Isabeau. I am from Russia. I saw you on instagramI

am interested in chatting with you, what do you think about [...]

Content analysis details: (35.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: day.my]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL

blocklist

[URIs: freebeautygirls.cn]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URIs: freebeautygirls.cn]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[179.51.119.51 listed in bb.barracudacentral.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of

words

1.0 J_WEEDS_V FULL: Dec/Hex char Enc [Vv]

1.0 J_WEEDS_O FULL: Dec/Hex char Enc [Oo]

1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]

1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]

1.0 J_WEEDS_M FULL: Dec/Hex char Enc [Mm]

1.0 J_WEEDS_K FULL: Dec/Hex char Enc [Kk]

1.0 J_WEEDS_P FULL: Dec/Hex char Enc [Pp]

1.0 J_WEEDS_C FULL: Dec/Hex char Enc [Cc]

1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]

1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]

1.0 J_WEEDS_H FULL: Dec/Hex char Enc [Hh]

1.0 J_WEEDS_I FULL: Dec/Hex char Enc [Ii]

1.0 J_WEEDS_U FULL: Dec/Hex char Enc [Uu]

1.0 J_WEEDS_A FULL: Dec/Hex char Enc [Aa]

1.0 J_WEEDS_G FULL: Dec/Hex char Enc [Gg]

1.0 J_WEEDS_F FULL: Dec/Hex char Enc [Ff]

1.0 J_WEEDS_W FULL: Dec/Hex char Enc [Ww]

1.0 J_WEEDS_N FULL: Dec/Hex char Enc [Nn]

1.0 J_WEEDS_S FULL: Dec/Hex char Enc [Ss]

1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]

1.0 J_WEEDS_L FULL: Dec/Hex char Enc [Ll]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 HK_NAME_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Do you want me again? I love you madly I want .

This is a multi-part message in MIME format.

--------------14819887588916101496

Content-Type: text/plain; charset="Windows-1252"; format=flowed

Content-Transfer-Encoding: quoted-printable

It is oblique, in the evening Above physician.Good afternoon my body =

explorer.My name is Isabeau. I am from Russia. I saw you on instagramI =

am interested in chatting with you, what do you think about it? Are you =

often visit this site if not, we can talk in other social networks. I =

will be waiting to you answer with hurry. Have a wonderful day.My page =

is - http://Isabeau83.freebeautygirls.cnIt's my photo:I hope you will =

find me there and we will become friends I'm ready for chat!

--------------14819887588916101496

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

"text/html; charset=3DWindows-1252">It is oblique, in the evening =<br /><br /> Above physician.

Good =

afternoon my body =

explorer.

My =

name is Is͜abea͠u. I =

am f͇rom Russia. I saw you =

on instagram

I am =

interested in chatting =

with you, what do =

you think about it? =

Ar̨e you o̢ften visit =

this site if not, we =

caͤn talk in other =

socia͇l =

networks. I will =

be waiting to you =

answer with hurry. Have =

a wonderful day.

My page =

is -
style=3D"text-decoration:underline; color:#0508F5; =

font-size:21pt">http://Isabeau83.freebeautygirls.cn

It's mֵy =

phot̢o:

"http://Isabeau83.freebeautygirls.cn">
"http://Isabeau83.freebeautygirls.cn/f/115.jpg">

I hope =

yoͭu will find me =

there and we will become =

friends :-D I'm =

reaٔdy for chat!

--------------14819887588916101496--

Categories: Phish

0 Comments

More Costco Phish from India
Posted by Dave Yadallee on Thursday, August 25. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 25 Aug 2022 07:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRCYk-000IEm-7V

for dave@doctor.nl2k.ab.ca;

Thu, 25 Aug 2022 07:06:10 -0600

Resent-From: The Doctor

Resent-Date: Thu, 25 Aug 2022 07:06:10 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from round-robin23.z3mq.in ([212.129.1.248]:57808)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oR5Uk-00084c-08

for doctor@netknow.ca;

Wed, 24 Aug 2022 23:33:40 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=default; d=z3mq.in;

h=Subject:From:To:Sender:Reply-To:Date:List-Unsubscribe:Message-ID:MIME-Version:Content-Type; i=info@z3mq.in;

bh=Hq/KTHcz5NQ5JDOnUqmrp6yhZ2KeEW6vvcIvIu5ImSk=;

b=KQml6BbGEKwh71Wz10Oq9QsXooOjPk1RVgw2Wxe8OZQ1lboPp0mGDn0Va1q9oUmZiiz2gJ7dvsE3

Dpab8b0xCvVH7hipashbvV+zfMF+ZUEXDeKn8sAPfm10Trwc3m+tvJUirpXn4vZI81ruPy0MFLPo

Jtaiq63OMZtnSdzHjeE=

Subject: doctor@netknow.ca, Very good news for you!

From: "Costco"

To: doctor@netknow.ca

Sender: info@z3mq.in

Reply-To: info@z3mq.in

Date: 25 Aug 2022 02:42:56 -0000

List-Unsubscribe: ,

X-CampaignID: s4:38569-6285b3fbfd980b31

Message-ID:

X-Mailer-Info: 8.QY2UDO.MDO1YTO.Q2bjR3byBkblR3au92duMWY.QO1AzN4MTN.MDO1czM

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="==d023a7591ebda4689890cfb16bfe59b9"

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Â Â COSTCO Â Â Â Â WHOLESALEÂ WELCOME TO COSTCO SHOPPING

SURVEY! Â UP TO 95% OFF ON ALMOST EVERYTHINGÂ Dear doctor@netknow.ca, Very

good news for you! As an exclusive subscriber of this newsle [...]

Content analysis details: (8.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: z3mq.in]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URIs: z3mq.in]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL

blocklist

[URIs: z3mq.in]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 TO_IN_SUBJ To address is in Subject

Subject: {SPAM?} doctor@netknow.ca, Very good news for you!

This is a multi-part message in MIME format.

--==d023a7591ebda4689890cfb16bfe59b9

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

=C2=A0

=C2=A0

COSTCO

=C2=A0 =C2=A0 =C2=A0 =C2=A0 WHOLESALE=C2=A0

WELCOME TO COSTCO SHOPPING SURVEY!

=C2=A0UP TO 95% OFF ON ALMOST EVERYTHING=C2=A0

Dear doctor@netknow.ca,

Very good news for you! As an exclusive subscriber of this newsletter,

we give you the chance to win an optional reward from your favorite

store.

ALL YOU HAVE TO DO IS ANSWER OUR SHORT QUESTIONNAIRE ABOUT YOUR

SHOPPING HABITS.

=C2=A0

START [/%%Offer Link%%]

=C2=A0

=C2=A0

*ACT FAST, PRODUCT AVAILABILITY IS RUNNING LOW!

=C2=A0

=C2=A0

2022 All Rights Reserved.

Unsubscribe from this mailing list=

--==d023a7591ebda4689890cfb16bfe59b9

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

ft-com:office:office" xmlns:v=3D"urn:schemas-microsoft-com:vml">

idth=3D"500" align=3D"center">

=3D"center" bgcolor=3D"#ffffff" width=3D"100%">

adding=3D"0" align=3D"center">

0" cellspacing=3D"0" cellpadding=3D"0">

#6c6c6c; width: 676px;" align=3D"center" valign=3D"top">

amily: georgia, palatino, serif; color: #ed1c24;">COSTCO

atino, serif; color: #ed1c24;"> =

; WHOLESALE
n>

x;" align=3D"center" bgcolor=3D"#ffffff">

"0" cellpadding=3D"0">

WELCOME =

TO COSTCO SHOPPING SURVEY!

=3D"0" cellpadding=3D"0">

lor: #333333; padding-top: 30px; width: 100%;" align=3D"center">
an style=3D"color: #333333;">
000000;">UP TO 95% OFF ON ALMOST EVERYTHING
d>

line-height: 25px; font-family: Helvetica, Arial, sans-serif; color: #6666=

66; width: 100%;" align=3D"center">

Dear do=

ctor@netknow.ca,

Very good news for you! As an exclusive =

subscriber of this newsletter, we give you the chance to win an optional re=

ward from your favorite store.

All you have to do is answer our=

short questionnaire about your shopping habits.

line-height: 25px; font-family: Helvetica, Arial, sans-serif; color: #6666=

66; width: 100%;" align=3D"center">

=3D"0" cellpadding=3D"0" align=3D"center">

cellpadding=3D"0">

#666666; font-size: 14px; line-height: 20px;" align=3D"center" bgcolor=3D"=

#0060bb">
family: Helvetica, Arial, sans-serif; font-weight: normal; color: #ffffff; =

text-decoration: none; background-color: #ed1c24; border-top: 15px solid #e=

d1c24; border-bottom: 15px solid #ed1c24; border-left: 25px solid #ed1c24; =

border-right: 25px solid #ed1c24; border-radius: 3px; -webkit-border-radius=

: 3px; -moz-border-radius: 3px; display: inline-block;" href=3D"https://sig=

n-trk.z3mq.in/ga/click/2-9507835-658-19443-38573-20924-e731115e0a-723f49cf2=

4" target=3D"_blank" rel=3D"noopener">STAR=

T

*=

Act fast, product availability is running low!

font-size: 8pt;">2022 All Rights Reserved.

font-size: 8pt;">
35-658-19443-38573-19530bff25ee8cb-723f49cf24">

ze: 8pt;">Unsubscribe from this mailing list

49cf24" height=3D"2" width=3D"3" alt=3D"">

=

--==d023a7591ebda4689890cfb16bfe59b9--

Categories: Phish

0 Comments

Security phish from Outlook
Posted by Dave Yadallee on Thursday, August 25. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 25 Aug 2022 07:06:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRCYX-000I9w-Qr

for dave@doctor.nl2k.ab.ca;

Thu, 25 Aug 2022 07:05:57 -0600

Resent-From: The Doctor

Resent-Date: Thu, 25 Aug 2022 07:05:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-bn7nam10rlhn2178.outbound.protection.outlook.com ([40.95.31.178]:37665 helo=NAM10-BN7-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oR4rP-0004a0-J1

for root@nk.ca;

Wed, 24 Aug 2022 22:53:01 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Hx8YxpgT8eh+DXeugeB5HFLFrH17Yu2/fjd3b0Y/mU7isYdYteDPA/0AJfX8CKlXRB5Vw6WjZeHxHQzipSRoUHgSvnm77mRfEHdln9bNcqhRw7BtzH/aX4bdgvGUlsBgo+AbrUzY7wiu6Lf08w0n86GUNFfy2Kq32fSXjoLAb8SEm50HoBig/Lk2X8bfKu1+qIi3MKsvY56cariEEjZQjOIoVb7GS3de5d3+evo75SwU7qOcIldiFMiM9s7nT9+ZWWz9Lc4/meNAhucFa7xw+FeyYMXXl4DCARCUf2Dj7268JTV9oQEifCDT4fyygBO/3EQbbpQknskfBxUS6CRbtQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=TrHoAxzKhVP9NKYB/hUH++5oIqMWKV5h9eSU6lhxBoQ=;

b=H2C7POgxPWa/DCppOCLbJnXBd1yfLenaue5abJTfdt67RWilbL4Ob7d74//6ITkfzAweUM9PdLzOGfGxWZ9dOF1HT4xL3b5m5VgnKoOJ9XQBe6Qh6Vj9CHQ5Sj8Y63//c04GAuL/jkjQFFfpkq7FWmkMagYxQmXLfyTHcl3X3eWVwRLMqi0OFLZNq7y9xoq3iNWuOFMzetfacVOsEnofkTck7/od8fK0V0xnjLayCuUDC2ivu54TGeqcO5HFw5T4oVoqUd4P4QCSMT4jaHeZfHzTaXhc9BZLEyh0MVRp5zNatrIx2wYkPekIWjfmjjQr9nnYdM6lUHsvKDm8kYeVsw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

209.184.167.3) smtp.rcpttodomain=lsyuan.com

smtp.mailfrom=renoarearealestate.com; dmarc=none action=none

header.from=renoarearealestate.com; dkim=none (message not signed); arc=none

Received: from BN9PR03CA0514.namprd03.prod.outlook.com (2603:10b6:408:131::9)

by PH0PR15MB4479.namprd15.prod.outlook.com (2603:10b6:510:85::6) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15; Thu, 25 Aug

2022 04:52:31 +0000

Received: from BN8NAM12FT045.eop-nam12.prod.protection.outlook.com

(2603:10b6:408:131:cafe::6f) by BN9PR03CA0514.outlook.office365.com

(2603:10b6:408:131::9) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15 via Frontend

Transport; Thu, 25 Aug 2022 04:52:30 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 209.184.167.3)

smtp.mailfrom=renoarearealestate.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=renoarearealestate.com;

Received-SPF: Fail (protection.outlook.com: domain of renoarearealestate.com

does not designate 209.184.167.3 as permitted sender)

receiver=protection.outlook.com; client-ip=209.184.167.3;

helo=mail.sheldonisd.com;

Received: from mail.sheldonisd.com (209.184.167.3) by

BN8NAM12FT045.mail.protection.outlook.com (10.13.183.51) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5588.3 via Frontend Transport; Thu, 25 Aug 2022 04:52:30 +0000

Received: from MAIL-365.ad.sheldonisd.com (10.1.16.82) by

MAIL-365.ad.sheldonisd.com (10.1.16.82) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2106.2; Wed, 24 Aug 2022 14:16:08 -0500

Received: from User (23.175.48.221) by MAIL-365.ad.sheldonisd.com (10.1.16.82)

with Microsoft SMTP Server id 15.1.2106.2 via Frontend Transport; Wed, 24 Aug

2022 14:16:05 -0500

Reply-To:

From: Technical Team

Subject: [EXTERNAL] [EXTERNAL EMAIL - USE CAUTION] ATTENTION

Date: Wed, 24 Aug 2022 15:16:05 -0700

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: quoted-printable

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <46f9b47b-0185-435f-82f5-d44612850b4f@MAIL-365.ad.sheldonisd.com>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 90aa21f9-8aef-4d5d-72f4-08da86559d9f

X-MS-TrafficTypeDiagnostic: PH0PR15MB4479:EE_

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?2k5nkPcCN3BXRLf5LWNvSBXEfnUaDQtKNed7U/wKMek/4TIyS3Gqc4q8?=

=?windows-1251?Q?ul743Gzhs705AXRwDXLkNQ4HfeOa4ktJxYFVZl+rThDwbA25OSW0+mcf?=

=?windows-1251?Q?l1A9Zf6mMaJJOcwX+ggDwgTjtBohRP7ioqUG0L2V+uHrFb2x7i188Rru?=

=?windows-1251?Q?v1wsZES4cRfPIkzPt6tf5/A+TalyyX1C2N8mNXGkGdXDMFWYGnzj+IZO?=

=?windows-1251?Q?LQO0QZBR+jIo6Rw9QKlVDmXeTNQMJp2PYgmVeEe0fB7UGsP8ccJUl6a0?=

=?windows-1251?Q?vAmvz0TZTAEI6I+HtajBll02UYwjuBtAu/dlcXKic2JsmsA1ava7XHDL?=

=?windows-1251?Q?LgCC6v98zaoVac7asz2YKyQ0ajx1QrvoZCe782xbpXNXeKrI543cHZkW?=

=?windows-1251?Q?jdq73nlI4fq25g+q3y7q1mVcByZiqDuTVlFz6wUK6sQbVEeXkoLRqtzj?=

=?windows-1251?Q?7d6I3t46C/DXsrNDjx8RkJpCTKr3A3WUt4wivlfzFlFVRI3S1qJYyhK0?=

=?windows-1251?Q?ZK+/Fhy/d4BJAv+Wr6X7MfDfutdiM77RTgfTqFqOZf7m0CKJANKvq8+C?=

=?windows-1251?Q?LDaj/yJ7KbkUYNjDrfISKDhO5QvPN9MIiKRZe57LAwfNz3DVJlzXVi/6?=

=?windows-1251?Q?YQqyzXqixPRsssaZqNUhiIliRtfYwxABOZyW860fYRpoXM264Bt3OJ1c?=

=?windows-1251?Q?rgSpNiD8Y906NRg0sdO6RoaDMu0hEvl1IW7jg8lzEee2FWTPpSjsPx2n?=

=?windows-1251?Q?p0Ol0KL39NC3ZaUW18eCH7aNyeu191CswxrU6ppjVwAqjlD+DO2wJWXC?=

=?windows-1251?Q?xMccJrN50b/AwLNrcOp3dfpiE/VIg8XbWXk68sH0ir3uuiECuDQhWE6a?=

=?windows-1251?Q?PrFV25ZezLQjgBTW9VNMUgWY3S66GG/pufVzkICmJt5WK6aMn+qpkMoD?=

=?windows-1251?Q?h69XP6bukDU2IvRH0JbMnu+2Dohw2gX6CWbdD7v0zFYlUNq9YnhdBYOd?=

=?windows-1251?Q?TwmzhMhGnsgChow+2Yt20OQRfS3t9SdPVFKDInHu/nus73O7VTppe8xC?=

=?windows-1251?Q?I/BI+abfYhYxer+ITQ5nZWcQhTMwjeKAAKXhbbLj7S+Wxo3nAEM1Go9L?=

=?windows-1251?Q?MvkRqoTCiTfBOHFpP7FDDHDQ46m5z3k4DH3ZUjqQsTBuWxC/7drW1Rz6?=

=?windows-1251?Q?hr18bHyPEODwJ3jczEB4L5KXiDSPPrd6RsgHNBzCShSNUxbe9nRqVqZb?=

=?windows-1251?Q?9lokcVTyzVsdzjrvb7QBjxqY512cAn+HNO9nlPVqzfIlUOyCbYZoW2Br?=

=?windows-1251?Q?GUl212EE8RIExubONTA5yWgNwCyInIglX2JxXKWxIme3eKxlk+cgpvjY?=

=?windows-1251?Q?SXW0/aJ4z+pgAuQIQdYFqKzTyPY8X8E8kziy5mXW+I0fao32mlXNr3xM?=

=?windows-1251?Q?UfwuHm/SdAs4xuZrTna7/O8c5Uh70Nl7VsDjNb67uYyqWjgq7hrQwskq?=

=?windows-1251?Q?csZbQylZRtppwrcDNRHzLkHL8gDY+D+BWzbVmXBwgxHYy6NIylHCGdlk?=

=?windows-1251?Q?HzJ0DBWexTAqGiuftFMBC/37jJPwiTXNJR12y4l86qB2EbHLBA1VrcRC?=

=?windows-1251?Q?Zs4qHqiEBSv/6XAK0miYT635LwHcZVqW7PITFos5TFBMvyJX9UgOW7EH?=

=?windows-1251?Q?a448HcUXbzvAfx34jFjUxjtriQE/r8hQEnrAxnZAdFinaA+qmgqo455y?=

=?windows-1251?Q?5o+zs3qyVbdPhk4R/rJO14wUq0GNl2v9YBOhQyqn7/EdibwBf2Gw3z6A?=

=?windows-1251?Q?jHAVZEJyk5Nh7/xowTtuMtCO3kFoZDpNmY3tV5jdauJ+Fjy7?=

X-Forefront-Antispam-Report:

CIP:209.184.167.3;CTRY:US;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:mail.sheldonisd.com;PTR:mail.sheldonisd.com;CAT:OSPM;SFS:(13230016)(39860400002)(376002)(346002)(136003)(396003)(46966006)(40470700004)(356005)(7596003)(82310400005)(7636003)(166002)(86362001)(70206006)(70586007)(40480700001)(8676002)(31696002)(316002)(786003)(7066003)(47076005)(11050500013)(83380400001)(956004)(35950700001)(336012)(82740400003)(26005)(8936002)(40460700003)(9686003)(498600001)(41300700001)(41320700001)(7416002)(109986005)(5660300002)(4744005)(2906002)(7406005)(7366002)(31686004)(23876008);DIR:OUT;SFP:1023;

X-OriginatorOrg: sheldonisd.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Aug 2022 04:52:30.0067

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 90aa21f9-8aef-4d5d-72f4-08da86559d9f

X-MS-Exchange-CrossTenant-Id: 3237ab13-a154-4aab-bc15-73e6206d6acc

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3237ab13-a154-4aab-bc15-73e6206d6acc;Ip=[209.184.167.3];Helo=[mail.sheldonisd.com]

X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT045.eop-nam12.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR15MB4479

X-Spam_score: 14.0

X-Spam_score_int: 140

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: [Caution: This email originated outside Sheldon ISD. DO NOT

click links, provide credentials or open attachments unless you validate

the sender and know the content is safe.] CAUTION: This email originated from

outside of the organization. DO NOT click links, provide credentials or open

attachments unless you validate the sender and know the content is safe.

Content analysis details: (14.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: jigsy.com]

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=tony%40renoarearealestate.com;ip=40.95.31.178;r=doctor.nl2k.ab.ca]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM10-BN7-obe.outbound.protection.outlook.com;ip=40.95.31.178;r=doctor.nl2k.ab.ca]

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as

"accounts suspended", "account credited",

"account verification"

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

Subject: {SPAM?} [EXTERNAL] [EXTERNAL EMAIL - USE CAUTION] ATTENTION

251">

" bottommargin=3D"5">

[Caution:=

This email origi=

nated outside Sheldon ISD. DO NOT click links, provide credentials or open =

attachments unless you validate the

sender and know the content is safe.]

<=

span style=3D"font-size:14.0pt;color:#ff0000">CAUTION:
e=3D"font-size:14.0pt;color:#FFFFFF"> This email originated from outside of=

the organization. DO NOT click links, provide

credentials or open attachments unless you validate the sender and know th=

e content is safe.

LAST WARNING!!
nt>

Attention
ont size=3D"5" color=3D"#212121" face=3D"Calibri">,

Your email account=

has as exceeded its limit and needs to be verified, if not verified now, w=

e shall suspend your account from receiving or sending mails. To make sure =

you are protected by the latest security

updates.
color=3D"#212121" face=3D"Calibri">You are required to
"5" color=3D"#212121">

lor=3D"#0000FF" face=3D"Calibri">verify
microxxxhlpdskxxxx.jigsy.com/">

your mai=

lbox to keep your account safe and continue using our services.
size=3D"5" color=3D"#222222">

Click on the butto=

n below to verify your Email Account
1">

#4F81BD" face=3D"Calibri">Verify My Account

Note: Failure to V=

erify will lead to final termination of your email account. Please move to =

inbox for verification when seen in junk or spam

Technical Team

Email Administrator
div>

All Right Reversed 2022.(c)<=

/font>

Categories: Microsoft Outlook Hotmail Spam, Phish

0 Comments

Page 1 of 1, totaling 5 entries

August '22