E-mail credential phishing

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 01 Jan 2023 23:05:58 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)

(envelope-from )

id 1pCDwV-000G5J-23

for dave@doctor.nl2k.ab.ca;

Sun, 01 Jan 2023 23:05:03 -0700

Resent-From: The Doctor

Resent-Date: Sun, 1 Jan 2023 23:05:03 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.bemta37.messagelabs.com ([85.158.142.2]:32228)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.96)

(envelope-from )

id 1pCBxy-0002K4-2q

for doctor@doctor.nl2k.ab.ca;

Sun, 01 Jan 2023 20:58:34 -0700

X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRWlGSWpSXmKPExsWieX+9me7R0E3

JBvNeslocfqXswOixaeNSxgDGKNbMvKT8igTWjI5vTSwF0+UrZm/4x9LA2CTTxcjFISTwkFFi

9YlzzF2MnBxsApoSs740s4DYwgK5Eqvb7rF1MXJwiAjISfyDCDMLaEi0zpnLDmKzCKhInLo1k

RHEFhAQkJi+8DJYXEKAV+LAySWsIDYnUPxX+yywXl4BO4nNW6cwQ9iCEidnPgGLCwGNb2jZwQ

jRqyhxoa2BDcKOluj/fo0VJj5zw2SouI7ElpWroXaZSUycNY91AqPgLCTnzUKyYgEj0ypG8+L

UorLUIl0jA72kosz0jJLcxMwcvcQq3US91FLdvPyikgxdQ73E8mK91OJiveLK3OScFL281JJN

jMDATSlOStzB2Lfsj94hRkkOJiVRXmXPTclCfEn5KZUZicUZ8UWlOanFhxhlODiUJHgNAoByg

kWp6akVaZk5wCiCSUtw8CiJ8AY5A6V5iwsSc4sz0yFSpxjDOWbePrCXmaPj8BUguRJM7gaT+8

Dk6Wsg8s6aG0ByzuyWg8xCLHn5ealS4rwdIJcIgIzLKM2DWwZLEpcYZaWEeRkZGBiEeApSi3I

zS1DlXzGKczAqCfNOCASawpOZVwJ30yugc5mAzk1asxHk3JJEhJRUA1NH7AG31jeLHPbueudZ

x/W2KqWiOrxN8KZ/H1v3wa117LNSb8nmH3Kzvna3JD+h8//P9Z0CqvzNol6b1mleDFxuPXX+H

tng3Ss+/nicdujq1s/hzU9rHH5mOHsfeLyUUdFy09KfLNs424OufmFrP/ag5MeGidY5F1tWK1

xVU3EXSor1Zfa4Y+BRwCiR8IpPi435qPrd5ZP8xR5nuXI6OSzQtNmxj9d7a9jzmVt2TH+Y9vG

n/loTP8GSACbXHU/801UOHdjx+dVZv5ACDr8id7b3c60sk1yq355/9LTWXiH/tG9dw6nCLVv9

+X0fvwvbNufvgg3cGxdkp2Wm75kbs6k66McWh4rg5Wf/NZ64KarEUpyRaKjFXFScCADnAYOKj

QMAAA==

X-Env-Sender: dawn@acenet.co.za

X-Msg-Ref: server-8.tower-745.messagelabs.com!1672631734!214161!19

X-Originating-IP: [41.223.175.54]

X-SYMC-ESS-Client-Auth: outbound-route-from=pass

X-StarScan-Received:

X-StarScan-Version: 9.101.2; banners=acenet.co.za,-,-

X-VirusChecked: Checked

Received: (qmail 12791 invoked from network); 2 Jan 2023 03:55:48 -0000

Received: from gmtxs16.dotnetwork2.co.za (HELO GMS2MBX19.GMS.local) (41.223.175.54)

by server-8.tower-745.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 2 Jan 2023 03:55:48 -0000

Received: from WIN-P0MJUTSO9JN (95.216.87.106) by GMS2MBX19.GMS.local

(10.2.203.225) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 2 Jan

2023 05:55:12 +0200

From: Doctor HelpDesk

Subject: Ticket (#1261635182 - Status Report: Open)_Query.ID(#PJHGQAW5 -

Doctor) (1/2/2023 Delivery Request)

To:

Content-Type: text/html; charset="utf-8"

Date: Mon, 2 Jan 2023 03:55:12 +0000

Priority: urgent

X-Priority: 2

Importance: high

Message-ID: <02122023015503B99F08C4D4$0F8B202FF7@acenet.co.za>

MIME-Version: 1.0

X-Originating-IP: [95.216.87.106]

X-ClientProxiedBy: GMS2HUB05.GMS.local (10.2.203.74) To GMS2MBX19.GMS.local

(10.2.203.225)

X-ExSBR-Sender: dawn@acenet.co.za

X-ExSBR-RoutingRule: gms2mbx19:acenet.co.za;

X-C2ProcessedOrg: 19f1302c-40f4-4ebc-b0a9-6c85fbaa2b10










style="margin: 5px auto; max-width: 620px;" border="0" cellspacing="0"

cellpadding="0">


style="border: 1px solid rgb(204, 204, 204); border-image: none;

background-color: rgb(228, 228, 228);" border="0" cellspacing="0"

cellpadding="0">
style="padding-left: 15px;">

style="margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial,

sans-serif;">

width="32" align="left" valign="middle" style="margin: 0px;

padding-right: 15px; padding-left: 15px; font-family: Roboto, RobotoDraft,

Helvetica, Arial, sans-serif;">
style="display: block; user-select: none;"

src="https://logo.clearbit.com/doctor.nl2k.ab.ca" border="0">
align="left" valign="middle" style='margin: 0px; font-family: "Symantec

Sans";'>Doctor System Notification





cellspacing="0" cellpadding="0">
Dear

doctor
6 mails were blocked from delivery to

doctor@doctor.nl2k.ab.ca.
To review, please click the Review

Messages button below.

align="left" style="margin: 0px; padding-left: 15px; font-family: Roboto,

RobotoDraft, Helvetica, Arial, sans-serif;">Request from

admin@doctor.nl2k.ab.ca
Organization: Doctor



Note: Messages will last until Monday, January 2,

2023.

style="margin: 0px; padding-top: 10px; padding-bottom: 10px;

padding-left: 15px; font-family: Roboto, RobotoDraft, Helvetica, Arial,

sans-serif;">
cellpadding="0">


cellspacing="0" cellpadding="0">

style="margin: 0px; padding: 7px 12px; border-radius: 3px; font-family:

Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor="#f7941d">
style="color: rgb(0, 0, 0); font-family: Calibri; text-decoration-line:

none;"

href="https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3A%2F%2Fpyrvth.codesandbox.io?wb=doctor@doctor.nl2k.ab.ca"

target="_blank">Review Messages



______________________________________________________________________


This email has been scanned by the Symantec Email Security.cloud service.


For more information please visit http://www.symanteccloud.com


______________________________________________________________________