BMO phish from Los Angeles
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Sep 2023 15:02:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qlFBJ-0007Qp-1B
for dave@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 15:01:21 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Sep 2023 15:01:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [191.96.106.82] (port=58456)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qlEpx-000OA0-2E
for doctor@edmontonab.ca;
Tue, 26 Sep 2023 14:39:22 -0600
From: BMO Bank of Montreal
To: doctor@edmontonab.ca
Subject: bmoalert
Date: 26 Sep 2023 16:37:26 -0400
Message-ID: <20230926163726.85366E24E3210E31@edmontonab.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2E8862E3.4B8C2C22"
X-Spam_score: 7.3
X-Spam_score_int: 73
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: messaged encrypted Due to a recent security check on your
BMO bank Account. We require you to view your confirm by Clicking here Failure
to do this within 48hrs will lead to access suspension sorry for the inconvenience
Content analysis details: (7.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[191.96.106.82 listed in zen.spamhaus.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} bmoalert
------=_NextPart_000_0012_2E8862E3.4B8C2C22
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
messaged encrypted
------=_NextPart_000_0012_2E8862E3.4B8C2C22
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=3Diso-8859-1">
------=_NextPart_000_0012_2E8862E3.4B8C2C22--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Sep 2023 15:02:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qlFBJ-0007Qp-1B
for dave@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 15:01:21 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Sep 2023 15:01:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [191.96.106.82] (port=58456)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from
id 1qlEpx-000OA0-2E
for doctor@edmontonab.ca;
Tue, 26 Sep 2023 14:39:22 -0600
From: BMO Bank of Montreal
To: doctor@edmontonab.ca
Subject: bmoalert
Date: 26 Sep 2023 16:37:26 -0400
Message-ID: <20230926163726.85366E24E3210E31@edmontonab.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2E8862E3.4B8C2C22"
X-Spam_score: 7.3
X-Spam_score_int: 73
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: messaged encrypted Due to a recent security check on your
BMO bank Account. We require you to view your confirm by Clicking here Failure
to do this within 48hrs will lead to access suspension sorry for the inconvenience
Content analysis details: (7.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[191.96.106.82 listed in zen.spamhaus.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} bmoalert
------=_NextPart_000_0012_2E8862E3.4B8C2C22
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
messaged encrypted
------=_NextPart_000_0012_2E8862E3.4B8C2C22
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=3Diso-8859-1">
O_Logo.svg/220px-BMO_Logo.svg.png">
Due to a recent security check on your BMO bank Account.
We require y=
ou to=20
view your confirm by
=2Ecom/ipfs/QmYxGFxZw2tkYVjARCtjDRwFBR8bEi7LPJW4U9zmGRfhus">Clicking here=
a>
Failure to do this within 48hrs will lead to access suspension
so=
rry=20
for the inconvenience
Regards
Have questions? Contact us at 1-877-CALL-BMO.
------=_NextPart_000_0012_2E8862E3.4B8C2C22--