nigerian spam from outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 02 Apr 2023 06:09:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1piwVp-000Jiy-1s
for dave@doctor.nl2k.ab.ca;
Sun, 02 Apr 2023 06:08:45 -0600
Resent-From: The Doctor
Resent-Date: Sun, 2 Apr 2023 06:08:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam10rlhn2171.outbound.protection.outlook.com ([40.95.32.171]:34112 helo=NAM10-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1piwTJ-000JQv-1C
for doctor@nl2k.ab.ca;
Sun, 02 Apr 2023 06:06:13 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=DC+cxIPqxeMm5mgeQVC+P+8Epw2nfeU4aEzFa+iGE/xnusNlPas+ytBmkVN6SBDqJN7mnNc/6BB6R2uXCqTDEd9Zx1jvEZGSnO9/xWLthB0Lc6G6IikxTF03+whWc/oirc2vwfGduCX1ZCAUithIdyCRYeg1Hk2TfhHTP3auETRLOyLEqaS3YNZ0gE4IejewvdHRVnvcjAYJOI4iTeoTwwC7EKPqo1/UaAML27A43liJd2+MtYiu9jdPcfl2GS1sMFq7OK2Z1i3E16ec71l+kSjz5VAnXO9i+fQEpZHdilIjCMkkOiq7jb+/wC0xGb0RdY2CnpLTE1B5MGWdqZAehA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=rk+us9hS6fm1KaZ4x55RAlTb9TrtPjphIFlMDQeM8Wg=;
b=GYto6/5NaHJOzduL5qLP+vZxftxGSs1GJbjMAhW0QxuZHw0DoaNlsTiYU6rPuzkOswf+5W1XNWpfzqd2lhxsr1Byy75wnGoJJXTvfTmV1OiAPkyk3tsKvfdkx6eWgvqpCh/Z60vlfHEJmwUSxs8SiCWk8wFMOjsOyaNiNgedWCRWtiqevlcKEvltv+BjyFztba/qT8ru5zRws0NE1DBp5bEtsnuR6YmQtrHS6B2KYz9V6IL5Uuyp4ss5+VbT6DMgsfvjdqjaFu7oG2eZNxxx5hsrQLXnWFt/Fr03bE2jvsY0NRK2T3p5POPzhYNb9oGrRjbQWa1TZRJvbTnADl65TA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
8.42.207.81) smtp.rcpttodomain=yourdinlied.com smtp.mailfrom=usa.org;
dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=usa.org;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=rk+us9hS6fm1KaZ4x55RAlTb9TrtPjphIFlMDQeM8Wg=;
b=ILinR4ZrgzgpQAX6mKpD6NkHdPiPRsw1luuBOK20U100dZk3xQN23kj+0P1JVHV6vnOoaGPqJgO5VQSJkmT1H4V9AgfCr84/LEVxDMpeDp5VEP3MF7y4TzFCUPmqfGOzE1luSsaF7rTYSfRO7mbg+tb+x+6U/aZf+CCr/iRbmS8=
Received: from BN9PR03CA0601.namprd03.prod.outlook.com (2603:10b6:408:106::6)
by SA1PR01MB7326.prod.exchangelabs.com (2603:10b6:806:1f5::21) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.22; Sun, 2 Apr 2023 12:04:02 +0000
Received: from BN8NAM12FT021.eop-nam12.prod.protection.outlook.com
(2603:10b6:408:106:cafe::4c) by BN9PR03CA0601.outlook.office365.com
(2603:10b6:408:106::6) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.22 via Frontend
Transport; Sun, 2 Apr 2023 12:04:02 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 8.42.207.81)
smtp.mailfrom=usa.org; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=usa.org;
Received-SPF: Fail (protection.outlook.com: domain of usa.org does not
designate 8.42.207.81 as permitted sender) receiver=protection.outlook.com;
client-ip=8.42.207.81; helo=mail1.jas.com;
Received: from mail1.jas.com (8.42.207.81) by
BN8NAM12FT021.mail.protection.outlook.com (10.13.183.135) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.20 via Frontend Transport; Sun, 2 Apr 2023 12:04:02 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Sun, 2 Apr 2023 08:03:41 -0400
Received: from User (194.55.224.158) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Sun, 2 Apr 2023 08:03:35 -0400
Reply-To:
From: "Mr. Nikhil Rathi"
Subject: Re: United States Dollars US$25,000,000.00
Date: Sun, 2 Apr 2023 05:03:41 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT021:EE_|SA1PR01MB7326:EE_
X-MS-Office365-Filtering-Correlation-Id: a01d7e69-b5a1-4459-2aa3-08db3372594e
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?ryKLvKCCUKnZZyzsFLsGRXWJ1dI3o8OhHebjBMoEPrlcU/BHOpkZAyQ4?=
=?windows-1251?Q?NFdV5FJYltWjuBHI8T1aGF8gWXs0ftcyCXE5ma0elNv11y9Li9vrWZza?=
=?windows-1251?Q?fIJRch/KIXeamL5huQtx/HrrKQ8F8JRZKxwgAGCroByAYIF1dC51JRmM?=
=?windows-1251?Q?hbYW+hy7ExDsqJVUo+wTqYz2XHZSUlEEX7UIteEgWnY8zFgicWqKRW9E?=
=?windows-1251?Q?58A245imCiwlIkQ3R8oBI35OkHYHO64ZIzCwMzpeTw71TKbxSFMx21GI?=
=?windows-1251?Q?LoBwkh7FsNjebsah4eDLNCuzEgu/ZB5Tu5++mlcZUeju3MYd54IObQmU?=
=?windows-1251?Q?Lu8Y9+fwPfECVsVaFssbyI0L6TxOOlJESlzU6/BC+3W5pkdpEOuil3dq?=
=?windows-1251?Q?m01b1P6MQCdayqn/y9fzjVZmSPcEBBrSGwBuzI5dzYfpL1uUNjJNscXe?=
=?windows-1251?Q?bjoVV7hOv4Kg2jmrfR0rYBEaXEq0d1ABk33yMDaN7MfvBsFEZerkiLXY?=
=?windows-1251?Q?yatah99HjttxlpBBDmZO4f9ZwKnoNONZJPacXEMUOoB0xExCNyRe5p8h?=
=?windows-1251?Q?17nNmGRiDCYrkAH+v8LhQrl3v5hfPM4oz5MV8ti7wMTolaWn8Iblr/Hq?=
=?windows-1251?Q?lJRkEPhsteifRy/otiX6AEu0C1cJz/Qa8hs/19hAOB+Pu19e10GtK3/j?=
=?windows-1251?Q?Tl5Cfb6T090xOFlgnH0qmCMnMq+X7PCA1LE38lIdvWd4Tlfrg4qAm1ut?=
=?windows-1251?Q?RMjlRNo8W6yYvPTE7EHwfjVYwEVE2xw5wlsfDmdkRy1l94AZMKel8zmq?=
=?windows-1251?Q?rJstQmysX0hbfi3BLlkfQHvB2u22FmK8XRIpsKOlplVb80cBUWw4I62f?=
=?windows-1251?Q?cqKzatQeQbiPLZ+/N4pV3wCpwKJ6CpJWXKEhfNZSJP5Q6ORQznZ7y1g9?=
=?windows-1251?Q?DciMnZiQdX7BtMt29BH4a1Hf46vJOzNnXo4g8lbZr2pCJ3/dxTQalk+1?=
=?windows-1251?Q?564X3U715DjWfERkT6NShbTrNu3KCyNV8LIYy2PV9/fAh8j75drpgoR7?=
=?windows-1251?Q?gilAfHGve9mJzf9W+875V9i3iP07h0xykCM1f6TdGXYGbyaeIzlabirA?=
=?windows-1251?Q?zswzk3m2E86WoDDEgnY6UVY8oni8ZYeiRLqRn0eCW20C1wfQ85xyQK8A?=
=?windows-1251?Q?4nNPpp8PYE7DtZEsLLHoaa1LBWDFCTC8?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(346002)(136003)(376002)(39860400002)(396003)(109986019)(451199021)(46966006)(40470700004)(316002)(8676002)(8936002)(41300700001)(2860700004)(2906002)(5660300002)(70586007)(70206006)(498600001)(31686004)(7416002)(7406005)(7366002)(66899021)(6666004)(83380400001)(356005)(81166007)(9686003)(82202003)(26005)(40460700003)(956004)(40480700001)(336012)(47076005)(35950700001)(82740400003)(82310400005)(86362001)(31696002)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2023 12:04:02.0015
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a01d7e69-b5a1-4459-2aa3-08db3372594e
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT021.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB7326
X-Spam_score: 31.2
X-Spam_score_int: 312
X-Spam_bar: +++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Financial Conduct Authority (FCA) 12 Endeavour Square London
E20 1JN Dear Beneficiary, This is from the office of the "Financial Conduct
Authority" (FCA), a financial regulatory body in the United Kingdom. The
FCA regulates financial firms providing services to consumers and maintains
t [...]
Content analysis details: (31.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=info%40usa.org;ip=40.95.32.171;r=doctor.nl2k.ab.ca]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[194.55.224.158 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[194.55.224.158 listed in zen.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.95.32.171 listed in list.dnswl.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM10-DM6-obe.outbound.protection.outlook.com;ip=40.95.32.171;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[nikhil.rathi02266(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 FAKE_REPLY_C No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_HK_NAME_MR_MRS No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 MONEY_FORM Lots of money if you fill out a form
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
Subject: {SPAM?} Re: United States Dollars US$25,000,000.00
Financial Conduct Authority (FCA)
12 Endeavour Square
London E20 1JN
Dear Beneficiary,
This is from the office of the "Financial Conduct Authority" (FCA), a financial regulatory body in the United Kingdom. The FCA regulates financial firms providing services to consumers and maintains the integrity of the financial markets in the United Kingdom. Though on the line of our services as the financial regulatory body in the United Kingdom, we discovered some irregularities concerning your fund worth's of Twenty-Five Millions United States Dollars (US$25,000,000.00) which was trying to be siphon and diverted into another Bank Account in Japan by some group of people through the "China Construction Bank (London) Limited".
Therefore, in view of this, we are contacting you to verify the authentication of this transaction being masterminded by some group of people through the "China Construction Bank (London) Limited". We stopped this transaction depending on our final verification from you concerning this matter therefore you are advised to respond and get back to us immediately upon receiving this message.
Finally, note to reconfirm and forward to us the following details/information below, ( nikhil.rathi02266@gmail.com )
Your Full Names:=============
Residential Address:=========
Contact Phone Number:========
Valid ID Card:===============
Your Faithfully,
Mr. Nikhil Rathi
Chief Executive Officer
Financial Conduct Authority (FCA)
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 02 Apr 2023 06:09:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1piwVp-000Jiy-1s
for dave@doctor.nl2k.ab.ca;
Sun, 02 Apr 2023 06:08:45 -0600
Resent-From: The Doctor
Resent-Date: Sun, 2 Apr 2023 06:08:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam10rlhn2171.outbound.protection.outlook.com ([40.95.32.171]:34112 helo=NAM10-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1piwTJ-000JQv-1C
for doctor@nl2k.ab.ca;
Sun, 02 Apr 2023 06:06:13 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=DC+cxIPqxeMm5mgeQVC+P+8Epw2nfeU4aEzFa+iGE/xnusNlPas+ytBmkVN6SBDqJN7mnNc/6BB6R2uXCqTDEd9Zx1jvEZGSnO9/xWLthB0Lc6G6IikxTF03+whWc/oirc2vwfGduCX1ZCAUithIdyCRYeg1Hk2TfhHTP3auETRLOyLEqaS3YNZ0gE4IejewvdHRVnvcjAYJOI4iTeoTwwC7EKPqo1/UaAML27A43liJd2+MtYiu9jdPcfl2GS1sMFq7OK2Z1i3E16ec71l+kSjz5VAnXO9i+fQEpZHdilIjCMkkOiq7jb+/wC0xGb0RdY2CnpLTE1B5MGWdqZAehA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=rk+us9hS6fm1KaZ4x55RAlTb9TrtPjphIFlMDQeM8Wg=;
b=GYto6/5NaHJOzduL5qLP+vZxftxGSs1GJbjMAhW0QxuZHw0DoaNlsTiYU6rPuzkOswf+5W1XNWpfzqd2lhxsr1Byy75wnGoJJXTvfTmV1OiAPkyk3tsKvfdkx6eWgvqpCh/Z60vlfHEJmwUSxs8SiCWk8wFMOjsOyaNiNgedWCRWtiqevlcKEvltv+BjyFztba/qT8ru5zRws0NE1DBp5bEtsnuR6YmQtrHS6B2KYz9V6IL5Uuyp4ss5+VbT6DMgsfvjdqjaFu7oG2eZNxxx5hsrQLXnWFt/Fr03bE2jvsY0NRK2T3p5POPzhYNb9oGrRjbQWa1TZRJvbTnADl65TA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
8.42.207.81) smtp.rcpttodomain=yourdinlied.com smtp.mailfrom=usa.org;
dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=usa.org;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=rk+us9hS6fm1KaZ4x55RAlTb9TrtPjphIFlMDQeM8Wg=;
b=ILinR4ZrgzgpQAX6mKpD6NkHdPiPRsw1luuBOK20U100dZk3xQN23kj+0P1JVHV6vnOoaGPqJgO5VQSJkmT1H4V9AgfCr84/LEVxDMpeDp5VEP3MF7y4TzFCUPmqfGOzE1luSsaF7rTYSfRO7mbg+tb+x+6U/aZf+CCr/iRbmS8=
Received: from BN9PR03CA0601.namprd03.prod.outlook.com (2603:10b6:408:106::6)
by SA1PR01MB7326.prod.exchangelabs.com (2603:10b6:806:1f5::21) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.22; Sun, 2 Apr 2023 12:04:02 +0000
Received: from BN8NAM12FT021.eop-nam12.prod.protection.outlook.com
(2603:10b6:408:106:cafe::4c) by BN9PR03CA0601.outlook.office365.com
(2603:10b6:408:106::6) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.22 via Frontend
Transport; Sun, 2 Apr 2023 12:04:02 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 8.42.207.81)
smtp.mailfrom=usa.org; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=usa.org;
Received-SPF: Fail (protection.outlook.com: domain of usa.org does not
designate 8.42.207.81 as permitted sender) receiver=protection.outlook.com;
client-ip=8.42.207.81; helo=mail1.jas.com;
Received: from mail1.jas.com (8.42.207.81) by
BN8NAM12FT021.mail.protection.outlook.com (10.13.183.135) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.20 via Frontend Transport; Sun, 2 Apr 2023 12:04:02 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Sun, 2 Apr 2023 08:03:41 -0400
Received: from User (194.55.224.158) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Sun, 2 Apr 2023 08:03:35 -0400
Reply-To:
From: "Mr. Nikhil Rathi"
Subject: Re: United States Dollars US$25,000,000.00
Date: Sun, 2 Apr 2023 05:03:41 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT021:EE_|SA1PR01MB7326:EE_
X-MS-Office365-Filtering-Correlation-Id: a01d7e69-b5a1-4459-2aa3-08db3372594e
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?ryKLvKCCUKnZZyzsFLsGRXWJ1dI3o8OhHebjBMoEPrlcU/BHOpkZAyQ4?=
=?windows-1251?Q?NFdV5FJYltWjuBHI8T1aGF8gWXs0ftcyCXE5ma0elNv11y9Li9vrWZza?=
=?windows-1251?Q?fIJRch/KIXeamL5huQtx/HrrKQ8F8JRZKxwgAGCroByAYIF1dC51JRmM?=
=?windows-1251?Q?hbYW+hy7ExDsqJVUo+wTqYz2XHZSUlEEX7UIteEgWnY8zFgicWqKRW9E?=
=?windows-1251?Q?58A245imCiwlIkQ3R8oBI35OkHYHO64ZIzCwMzpeTw71TKbxSFMx21GI?=
=?windows-1251?Q?LoBwkh7FsNjebsah4eDLNCuzEgu/ZB5Tu5++mlcZUeju3MYd54IObQmU?=
=?windows-1251?Q?Lu8Y9+fwPfECVsVaFssbyI0L6TxOOlJESlzU6/BC+3W5pkdpEOuil3dq?=
=?windows-1251?Q?m01b1P6MQCdayqn/y9fzjVZmSPcEBBrSGwBuzI5dzYfpL1uUNjJNscXe?=
=?windows-1251?Q?bjoVV7hOv4Kg2jmrfR0rYBEaXEq0d1ABk33yMDaN7MfvBsFEZerkiLXY?=
=?windows-1251?Q?yatah99HjttxlpBBDmZO4f9ZwKnoNONZJPacXEMUOoB0xExCNyRe5p8h?=
=?windows-1251?Q?17nNmGRiDCYrkAH+v8LhQrl3v5hfPM4oz5MV8ti7wMTolaWn8Iblr/Hq?=
=?windows-1251?Q?lJRkEPhsteifRy/otiX6AEu0C1cJz/Qa8hs/19hAOB+Pu19e10GtK3/j?=
=?windows-1251?Q?Tl5Cfb6T090xOFlgnH0qmCMnMq+X7PCA1LE38lIdvWd4Tlfrg4qAm1ut?=
=?windows-1251?Q?RMjlRNo8W6yYvPTE7EHwfjVYwEVE2xw5wlsfDmdkRy1l94AZMKel8zmq?=
=?windows-1251?Q?rJstQmysX0hbfi3BLlkfQHvB2u22FmK8XRIpsKOlplVb80cBUWw4I62f?=
=?windows-1251?Q?cqKzatQeQbiPLZ+/N4pV3wCpwKJ6CpJWXKEhfNZSJP5Q6ORQznZ7y1g9?=
=?windows-1251?Q?DciMnZiQdX7BtMt29BH4a1Hf46vJOzNnXo4g8lbZr2pCJ3/dxTQalk+1?=
=?windows-1251?Q?564X3U715DjWfERkT6NShbTrNu3KCyNV8LIYy2PV9/fAh8j75drpgoR7?=
=?windows-1251?Q?gilAfHGve9mJzf9W+875V9i3iP07h0xykCM1f6TdGXYGbyaeIzlabirA?=
=?windows-1251?Q?zswzk3m2E86WoDDEgnY6UVY8oni8ZYeiRLqRn0eCW20C1wfQ85xyQK8A?=
=?windows-1251?Q?4nNPpp8PYE7DtZEsLLHoaa1LBWDFCTC8?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(346002)(136003)(376002)(39860400002)(396003)(109986019)(451199021)(46966006)(40470700004)(316002)(8676002)(8936002)(41300700001)(2860700004)(2906002)(5660300002)(70586007)(70206006)(498600001)(31686004)(7416002)(7406005)(7366002)(66899021)(6666004)(83380400001)(356005)(81166007)(9686003)(82202003)(26005)(40460700003)(956004)(40480700001)(336012)(47076005)(35950700001)(82740400003)(82310400005)(86362001)(31696002)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2023 12:04:02.0015
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a01d7e69-b5a1-4459-2aa3-08db3372594e
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT021.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB7326
X-Spam_score: 31.2
X-Spam_score_int: 312
X-Spam_bar: +++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Financial Conduct Authority (FCA) 12 Endeavour Square London
E20 1JN Dear Beneficiary, This is from the office of the "Financial Conduct
Authority" (FCA), a financial regulatory body in the United Kingdom. The
FCA regulates financial firms providing services to consumers and maintains
t [...]
Content analysis details: (31.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=info%40usa.org;ip=40.95.32.171;r=doctor.nl2k.ab.ca]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[194.55.224.158 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[194.55.224.158 listed in zen.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.95.32.171 listed in list.dnswl.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM10-DM6-obe.outbound.protection.outlook.com;ip=40.95.32.171;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[nikhil.rathi02266(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 FAKE_REPLY_C No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_HK_NAME_MR_MRS No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 MONEY_FORM Lots of money if you fill out a form
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
Subject: {SPAM?} Re: United States Dollars US$25,000,000.00
Financial Conduct Authority (FCA)
12 Endeavour Square
London E20 1JN
Dear Beneficiary,
This is from the office of the "Financial Conduct Authority" (FCA), a financial regulatory body in the United Kingdom. The FCA regulates financial firms providing services to consumers and maintains the integrity of the financial markets in the United Kingdom. Though on the line of our services as the financial regulatory body in the United Kingdom, we discovered some irregularities concerning your fund worth's of Twenty-Five Millions United States Dollars (US$25,000,000.00) which was trying to be siphon and diverted into another Bank Account in Japan by some group of people through the "China Construction Bank (London) Limited".
Therefore, in view of this, we are contacting you to verify the authentication of this transaction being masterminded by some group of people through the "China Construction Bank (London) Limited". We stopped this transaction depending on our final verification from you concerning this matter therefore you are advised to respond and get back to us immediately upon receiving this message.
Finally, note to reconfirm and forward to us the following details/information below, ( nikhil.rathi02266@gmail.com )
Your Full Names:=============
Residential Address:=========
Contact Phone Number:========
Valid ID Card:===============
Your Faithfully,
Mr. Nikhil Rathi
Chief Executive Officer
Financial Conduct Authority (FCA)