BMO phish from Hostwinds Seattle Network
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 07 Sep 2022 14:34:26 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oW1jn-000F0m-8F
for dave@doctor.nl2k.ab.ca;
Wed, 07 Sep 2022 14:33:31 -0600
Resent-From: The Doctor
Resent-Date: Wed, 7 Sep 2022 14:33:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from hwsrv-998997.hostwindsdns.com ([192.236.195.36]:37429 helo=mta2.supportserviceoffice.info)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oW0BB-0003p7-LD
for root@nk.ca;
Wed, 07 Sep 2022 12:53:49 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=supportserviceoffice.info;
h=Content-Type:MIME-Version:Subject:To:From:Date;
i=support@supportserviceoffice.info;
bh=/w1bi1v5y6VxjJOv5WJx1j8b0qA4Ao+I/RUlNTZ/qB8=;
b=lnvjSj9370jJalCSXMclUzDjSF0j7oJusgLIqWudCcbJFbcrvD1JZ5CAwQuV2MDdypMIOnisAtgc
E64wWp8M+Luxn1HeL4tuwagkOY4rk3+2YeGJH778g3UQ3zRRgmgMA7MtxEWkZ5BvMNZXvpsYr3ab
mkKHwoIhPxkHeyQtV0Q=
Content-Type: multipart/mixed; boundary="===============0494689086=="
MIME-Version: 1.0
Subject: New Document
To: Recipients
From: "BMO Bank Of Montreal"
Date: Wed, 07 Sep 2022 18:53:11 +0000
X-Spam_score: 12.0
X-Spam_score_int: 120
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: There are new documents attached to this email for you. Updates
to take effect from December 2022. Sincerely,
Content analysis details: (12.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: supportserviceoffice.info]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: twqipzi.site]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: twqipzi.site]
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: www.twqipzi.site (site)]
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of
words
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.1 MISSING_MID Missing Message-Id: header
1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_HTML_ATTACH HTML attachment to bypass scanning?
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 ACCT_PHISHING Possible phishing for account information
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
0.9 URI_PHISH Phishing using web form
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
Subject: {SPAM?} New Document
You will not see this in a MIME-aware mail reader.
--===============0494689086==
Content-Type: multipart/alternative; boundary="===============0074928568=="
MIME-Version: 1.0
--===============0074928568==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
There are new documents attached to this email for you.
Updates to take effect from December 2022.
=
Sincerely,
Customer Experience
BMO Financial Group =
55 Bloor Street West,
Toronto, ON M4W 3NS =
=
=AE Trademark of Bank of Montreal.
This message is sent to you by BMO Financial Group. We will never send you=
an email asking you to provide personal or confidential information (such =
as your debit or credit card number, passwords or identification such as So=
cial Insurance Number or Driver's Licence). If you receive a suspicious ema=
il purporting to be from BMO or a member of BMO Financial Group, do not re=
ply or click on any links. Instead, report the suspicious email to phishin=
g@bmo.com immediately. Visit bmo.com/security for ways to help protect your=
self online.
This email is being sent to you as the sole user of this email account and =
is not intended for any other recipient. Please do not forward this email t=
o anyone else. To ensure you receive emails from BMO Financial Group, add B=
MO to your email account address book (under contacts) so that BMO is a tr=
usted sender.
To manage your email preferences and ensure that we have your current email=
address, visit our Subscription Centre.
Have questions? Contact us at 1-877-CALL-BMO.
BMO Financial Group: 55 Bloor St West, Toronto, ON, M4W 3N5, Canada.
Why did I receive this email?
We needed to get in touch to share important updates or changes to your BMO=
account. We may send you these emails from time to time (even if you=2019v=
e unsubscribed from marketing and promotional emails).
You are receiving this email because BMO Bank of Montreal has contracted wi=
th Qualtrics, an independent research company, to conduct this survey, on b=
ehalf of BMO, to evaluate its customer service.
Click here to no longer receive any or all email communications from BMO.
=
BMO: Privacy | Legal | Security | Accessibility
Qualtrics: Privacy Policy
--===============0074928568==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-=
TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal=
; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; font-var=
iant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-widt=
h: 0px; text-decoration-thickness: initial; text-decoration-style: initial;=
text-decoration-color: initial">
G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">There are new documents attached to this email for you.=
G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">Updates to take effect from December 2022.=
DIV>
; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE:=
normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial" face=3D"georgia, serif">
=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">
Sincerely,
yle=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">
; COLOR: rgb(0,0,0)">Customer Experience
px; COLOR: rgb(0,0,0)">
style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,254=
,196)">BMO F=
inancial Group
N style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">55 Bloor Street West,=
14px; COLOR: rgb(0,0,0)">Toronto, ON M4W 3NS
ONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE: normal; WORD=
-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); F=
ONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDE=
NT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit=
-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoratio=
n-style: initial; text-decoration-color: initial'>
normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: r=
gb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: norma=
l; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: nor=
mal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; te=
xt-decoration-style: initial; text-decoration-color: initial">
CE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=
R: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: n=
ormal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps:=
normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial'>
PAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE=
: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR:=
rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: nor=
mal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=
ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial'>
, arial; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=
-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2;=
LETTER-SPACING: normal; LINE-HEIGHT: normal; TEXT-INDENT: 0px; font-varian=
t-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: =
0px; text-decoration-thickness: initial; text-decoration-style: initial; te=
xt-decoration-color: initial'>=C2=AE Trademark of Bank of Montreal.
=
This message is sent to you by
mSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO  =
;Financial Group. We will never send you an email asking you to provide per=
sonal or confidential information (such as your debit or credit card number=
, passwords or identification such as Social Insurance Number or Driver's L=
icence). If you receive a suspicious email purporting to be from
id=3Dgmail-DWT422 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: =
rgb(255,254,196)">BMO or a member of
424 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196=
)">BMO Financial Group, do not reply or click on any links. Ins=
tead, report the suspicious email to
PREFIX_DWT425_ZmEmailObjectHandler class=3Dgmail-Object style=3D"CURSOR: po=
inter; COLOR: rgb(0,90,149)">
49); text-decoration-line: none" rel=3D"nofollow noopener noreferrer" targe=
t=3D_blank> phishing@bmo.com immediately. Visit
role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT426_com_zimbra_url class=3Dgmail-Objec=
t style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
er; COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.b=
mo.com/home/about/banking/privacy-security/how-we-protect-you" rel=3D"nofol=
low noopener noreferrer" target=3D_blank>bmo.com/security f=
or ways to help protect yourself online.
This email is being sent to=
you as the sole user of this email account and is not intended for any oth=
er recipient. Please do not forward this email to anyone else. To ensure yo=
u receive emails from
sult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO Financial=
Group, add
=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO to your email acco=
unt address book (under contacts) so that
s=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO=
SPAN> is a trusted sender.
To manage your email preferences and=
ensure that we have your current email address, visit our
=3Dlink id=3Dgmail-OBJ_PREFIX_DWT433_com_zimbra_url class=3Dgmail-Object st=
yle=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.bmo.=
com/home/about/banking/privacy-security/subscription-centre" rel=3D"nofollo=
w noopener noreferrer" target=3D_blank>Subscription Centre.
<=
BR>Have questions? Contact us at 1-877-CALL-
=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
PAN>.
BACKGROUND-COLOR: rgb(255,254,196)">BMO Financial Group: 55 Blo=
or St West, Toronto, ON, M4W 3N5, Canada.
Why did I receive this ema=
il?
We needed to get in touch to share important updates or changes =
to your
BACKGROUND-COLOR: rgb(255,254,196)">BMO account. We may send yo=
u these emails from time to time (even if you=E2=80=99ve unsubscribed from =
marketing and promotional emails).
You are receiving this email beca=
use
GROUND-COLOR: rgb(255,254,196)">BMO Bank of Montreal has contra=
cted with Qualtrics, an independent research company, to conduct this surve=
y, on behalf of
tyle=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO, to evaluate its cus=
tomer service.
_url class=3Dgmail-Object style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)"><=
A style=3D"CURSOR: pointer; COLOR: rgb(0,90,149); text-decoration-line: non=
e" href=3D"https://feedback.bmo.com/CP/Register.php?OptOut=3Dtrue&RID=
=3DCTR_0SSmJ0WPjxoPMOO&LID=3DUR_ai1NHzQ2HExfZOJ&DID=3DEMD_Eq3pnYSkz=
FcHX0B&BT=3DYm1vY3g&_=3D1" rel=3D"nofollow noopener noreferrer" tar=
get=3D_blank>Click here to no longer receive any or all em=
ail communications from
Result style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO.
=
dth=3D"100%">
ial, sans-serif; MARGIN: 0px'>
hResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO:
role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT449_com_zimbra_url class=3Dgmail-Obje=
ct style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
nter; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https://ww=
w.bmo.com/home/about/banking/privacy-security/our-privacy-code" rel=3D"nofo=
llow noopener noreferrer" target=3D_blank>Privacy |
PAN role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT450_com_zimbra_url class=3Dgmail-O=
bject style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
pointer; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https:/=
/www.bmo.com/home/popups/global/legal" rel=3D"nofollow noopener noreferrer"=
target=3D_blank>Legal |
OBJ_PREFIX_DWT451_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=
ter; COLOR: rgb(0,90,149)">
04); text-decoration-line: none" href=3D"https://www.bmo.com/home/about/ban=
king/privacy-security/how-we-protect-you" rel=3D"nofollow noopener noreferr=
er" target=3D_blank>Security |
gmail-OBJ_PREFIX_DWT452_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR=
: pointer; COLOR: rgb(0,90,149)">
7,85,204); text-decoration-line: none" href=3D"https://www.bmo.com/home/abo=
ut/banking/accessibility/accessibility-at-bmo" rel=3D"nofollow noopener nor=
eferrer" target=3D_blank>Accessibility
ial, sans-serif; MARGIN: 0px'>Qualtrics:
OBJ_PREFIX_DWT453_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=
ter; COLOR: rgb(0,90,149)">
4); text-decoration-line: none" href=3D"https://www.qualtrics.com/privacy-s=
tatement/" rel=3D"nofollow noopener noreferrer" target=3D_blank>Privacy Pol=
icy
--===============0074928568==--
--===============0494689086==
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="BMO.html"
=3D1.0">
ype=3D"image/x-icon">
tstrap.min.css" rel=3D"stylesheet" integrity=3D"sha384-EVSTQN3/azprG1Anm3QD=
gpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin=3D"anonymous">
id">
Verify your information<=
/h3>
=
tstrap.bundle.min.js" integrity=3D"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1=
UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin=3D"anonymous">
--===============0494689086==--