Interac PHish from India

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 04 Jan 2024 15:33:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rLWGJ-000000004rx-2V9Q

for dave@doctor.nl2k.ab.ca;

Thu, 04 Jan 2024 15:32:27 -0700

Resent-From: The Doctor

Resent-Date: Thu, 4 Jan 2024 15:32:27 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [114.143.191.50] (port=63022 helo=payments.interac.ca)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rLUvS-0000000018z-35zN

for postmaster@nl2k.ab.ca;

Thu, 04 Jan 2024 14:06:55 -0700

From: DAVE CARRIERE

To: postmaster@nl2k.ab.ca

Subject: INTERAC e-Transfer: Dave Carriere sent you money.

Date: 5 Jan 2024 02:35:22 +0530

Message-ID: <20240105023521.333A4BAB229672DF@payments.interac.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 10.4

X-Spam_score_int: 104

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: View in browser | Français Hi, DAVE CARRIERE sent you $200.00

(CAD). Reference Number: CAHs9y9y



Content analysis details: (10.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[114.143.191.50 listed in psbl.surriel.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=payments.interac.ca;ip=114.143.191.50;r=doctor.nl2k.ab.ca]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ntifysecureauthenctiontify%40payments.interac.ca;ip=114.143.191.50;r=doctor.nl2k.ab.ca]

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

Subject: {SPAM?} INTERAC e-Transfer: Dave Carriere sent you money.

X-Antivirus: AVG (VPS 240104-18, 1/4/2024), Inbound message

X-Antivirus-Status: Clean






ollapse; padding: 0px; vertical-align: top; text-align: inherit; width: 580=

px; margin: 0px auto; background-image: none; background-position: left top=

; background-size: initial; background-repeat: repeat; background-attachmen=

t: scroll; background-origin: initial; background-clip: initial;">












margin: 0px; line-height: 19px; border-collapse: collapse !important;">


spacing: 0px; border-collapse: collapse; padding: 0px; vertical-align: top;=

background: none left top repeat scroll rgb(34, 34, 34); width: 580px; dis=

play: block; height: 60px !important; margin-top: 0px !important; margin-bo=

ttom: 10px !important;">












10px 0px 0px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


collapse: collapse; padding: 0px; vertical-align: top; margin: 0px auto; wi=

dth: 580px;">













=








dding: 0px 10px 10px; vertical-align: top; margin: 0px; line-height: 19px; =

min-width: 0px; width: 221.333px; border-collapse: collapse !important;">
href=3D"http://www.interac.ca/en" style=3D"color: rgb(102, 102, 102); text=

-decoration-line: none;" target=3D"_BLANK">3D"INTERAC"
go" height=3D"40px" src=3D"http://etransfer-notification.interac.ca/images/=

own/etransfer_top_banner.png" style=3D"outline: none; max-width: none; floa=

t: left; clear: both; display: block; border: none; margin-left: 0px; width=

: 100px !important; height: 40px !important;" width=3D"100px" />
le=3D"word-break: break-word; padding: 0px 10px 10px 0px; vertical-align: m=

iddle; color: rgb(238, 238, 238); margin: 0px; line-height: 19px; min-width=

: 0px; width: 134.667px; border-collapse: collapse !important; text-align: =

right !important;">
?tokens=3DeNrVVv9u40QQfhUrXCuQ6mTt5ocdqaKOEwM6KNLd8QdCyNra42R19q7ZXaeNELwPz=

8GLMWsnadI4bdRygquUSp799tuZ2Zlv9veOkGzOONVCzgrK8htaQGfceTu7-WDdBN_83Ll4jMBV=

XmmHeOR6IbSxdBNR7OEitkHK24RxDZImoGWmQC6v0bTecAscMpYwKle7ZyeQg9LQAtguMpqnEmi=

hnNH1fMeFnQ0PPjCeietEUKUTWjJNc0WXjM_Vek8pIQMpIf2e8nlF58YF4LgAS-A6TgT6f6_RWN=

JVgZauhHmVU4kIJSqZQMxUzIVmWYz0iFvt5SLOWJyLucCFhdalGvd6mArKFR5q1-RIuc5RN6E94=

D0Dj8OAmL_LbsnnrYQxOvmvc2byVM5MtnLu3MCrIveIH3sO_u8Pffc490uTcCr9C_PRRr8un7gu=

N-BYN7wqbsEcEAbfKn_lm8JJKqVFATJmab3gTRb-Pf9h7r7dvzD-VJ_WqzHj8QJoClIdB2Kca6Z=

3k9B6J1Y0tyaUf2xFNck-BVinzQAR8lsFDR4Oc7w-OzTNaYVNd1rvm_a0IkDf8TvE3mTa-okzwd=

spGsdezVJ7_WIW_oR6tVxIOw5OkrlabVhCNXoRl9uCwn3E6NZ9CZIZQxpXqi4wLStzkloIqZNKx=

5XM2-p6t55NoBISHUlRvF_v-yAi1k3F1-V306tNzZ7nS33lTEZ-5LsTMhiFWPwRCfzZLPIvnXA6=

Go5cl5CQzAbEHbjhYDjpR2E4dMPLgRN5_mwaeuQ8YzVl0zrnSYVf2_45z1GYr2pJ3g3gSOt_XjG=

068v_OYasHnzAsYzjAgqj7vUQFbc5FChuVAneZmuu69BcZwDNKSQ547DHsG_bMjwybxg22Yu1wN=

ZF2xuHkC4h1pdhMP3qANDQPYOpuRFygZA3WxDeByuZEfOHDChNdaV2DFsmCSiBSscp1aZFb8QSj=

O5brndhucS9PIZtHDwdXvvqehavd0g4QKMwbJyYQrJmHV0cxTUOnAZtDh9Z6d9_JXunF1WuWZlD=

rJIFpFWOorTZ3Rln-BiDHbpEVKbyO2NycBP1Ur2Az62HC6BprKqyxL7Ysu3PI4TWmv1I8-7u7rr=

4EpVmMN3iHDPK2rujK2VrYRtDT1fIgAqseqbabYo_5AK2BLsQHFa9hKLE5saYU1YgwF63rQ32tp=

MXusi_GP85Nm_IKy3OXPLjL2cz98wjZ8HwV70AtGzz8ZTv-3L3-bm_p3St7uMLqhApKDulSQJqH=

QFgBMCXgtmg6whKM_XsFOxM8FT1KOf4Gq9tuFrh6Gs-lqia5r21iaoOBV2kyb1aqW0NxqgkH5_T=

4I3G9l6rr0fOP2GUfXIXnp9EeD-f3AuBJSXNnPmPnSnELUPNOiiO1ishYUSG0Sxwgn7kOf1ZQIb=

kMvAjZxANR6MomDrBwHe90CGuFwXBwOn3_SCYTsmIuMOpO-n88Q8BVTEy&templateCode=

=3D7&productCode=3D0&langCode=3Den" style=3D"color: rgb(238, 238, 2=

38); text-decoration-line: none;" target=3D"_BLANK">View in browser
>


eak: break-word; padding: 0px 10px 10px 0px; vertical-align: middle; text-a=

lign: center; margin: 0px; line-height: 19px; min-width: 0px; width: 14px; =

border-collapse: collapse !important;">
"color: rgb(238, 238, 238);">|
eak: break-word; padding: 0px 10px 10px 0px; vertical-align: middle; color:=

rgb(238, 238, 238); margin: 0px; line-height: 19px; min-width: 0px; width:=

86px; border-collapse: collapse !important;">
interac.ca/ViewInBrowser.do?tokens=3DeNrVVv9u40QQfhUrXCuQ6mTt5ocdqaKOEwM6KN=

Ld8QdCyNra42R19q7ZXaeNELwPz8GLMWsnadI4bdRygquUSp799tuZ2Zlv9veOkGzOONVCzgrK8=

htaQGfceTu7-WDdBN_83Ll4jMBVXmmHeOR6IbSxdBNR7OEitkHK24RxDZImoGWmQC6v0bTecAsc=

MpYwKle7ZyeQg9LQAtguMpqnEmihnNH1fMeFnQ0PPjCeietEUKUTWjJNc0WXjM_Vek8pIQMpIf2=

e8nlF58YF4LgAS-A6TgT6f6_RWNJVgZauhHmVU4kIJSqZQMxUzIVmWYz0iFvt5SLOWJyLucCFhd=

alGvd6mArKFR5q1-RIuc5RN6E94D0Dj8OAmL_LbsnnrYQxOvmvc2byVM5MtnLu3MCrIveIH3sO_=

u8Pffc490uTcCr9C_PRRr8un7guN-BYN7wqbsEcEAbfKn_lm8JJKqVFATJmab3gTRb-Pf9h7r7d=

vzD-VJ_WqzHj8QJoClIdB2Kca6Z3k9B6J1Y0tyaUf2xFNck-BVinzQAR8lsFDR4Oc7w-OzTNaYV=

Nd1rvm_a0IkDf8TvE3mTa-okzwdspGsdezVJ7_WIW_oR6tVxIOw5OkrlabVhCNXoRl9uCwn3E6N=

Z9CZIZQxpXqi4wLStzkloIqZNKx5XM2-p6t55NoBISHUlRvF_v-yAi1k3F1-V306tNzZ7nS33lT=

EZ-5LsTMhiFWPwRCfzZLPIvnXA6Go5cl5CQzAbEHbjhYDjpR2E4dMPLgRN5_mwaeuQ8YzVl0zrn=

SYVf2_45z1GYr2pJ3g3gSOt_XjG068v_OYasHnzAsYzjAgqj7vUQFbc5FChuVAneZmuu69BcZwD=

NKSQ547DHsG_bMjwybxg22Yu1wNZF2xuHkC4h1pdhMP3qANDQPYOpuRFygZA3WxDeByuZEfOHDC=

hNdaV2DFsmCSiBSscp1aZFb8QSjO5brndhucS9PIZtHDwdXvvqehavd0g4QKMwbJyYQrJmHV0cx=

TUOnAZtDh9Z6d9_JXunF1WuWZlDrJIFpFWOorTZ3Rln-BiDHbpEVKbyO2NycBP1Ur2Az62HC6Bp=

rKqyxL7Ysu3PI4TWmv1I8-7u7rr4EpVmMN3iHDPK2rujK2VrYRtDT1fIgAqseqbabYo_5AK2BLs=

QHFa9hKLE5saYU1YgwF63rQ32tpMXusi_GP85Nm_IKy3OXPLjL2cz98wjZ8HwV70AtGzz8ZTv-3=

L3-bm_p3St7uMLqhApKDulSQJqHQFgBMCXgtmg6whKM_XsFOxM8FT1KOf4Gq9tuFrh6Gs-lqia5=

r21iaoOBV2kyb1aqW0NxqgkH5_T4I3G9l6rr0fOP2GUfXIXnp9EeD-f3AuBJSXNnPmPnSnELUPN=

OiiO1ishYUSG0Sxwgn7kOf1ZQIbkMvAjZxANR6MomDrBwHe90CGuFwXBwOn3_SCYTsmIuMOpO-n=

88Q8BVTEy&templateCode=3D7&productCode=3D0&langCode=3Dfr" style=

=3D"color: rgb(238, 238, 238); text-decoration-line: none;" target=3D"_BLAN=

K">Français
eak-word; padding: 0px 0px 10px; vertical-align: middle; margin: 0px; line-=

height: 19px; min-width: 0px; width: 48px; border-collapse: collapse !impor=

tant;">
gb(102, 102, 102); text-decoration-line: none;" target=3D"_BLANK"><br
=3D"?" class=3D"question-mark" height=3D"30px" src=3D"http://etransfer-noti=

fication.interac.ca/images/icons-png/question_mark.png" style=3D"outline: n=

one; width: 30px; max-width: 100%; float: left; clear: both; display: block=

; border: none; height: 30px; min-width: 30px; padding-left: 0px;" width=3D=

"30px" />
lign: top; margin: 0px; line-height: 19px; visibility: hidden; width: 0px; =

border-collapse: collapse !important; padding: 0px !important;"> 







apse; padding: 0px; vertical-align: top; width: 580px; display: block;">












10px 0px 0px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


collapse: collapse; padding: 0px; vertical-align: top; margin: 0px auto; wi=

dth: 580px;">






















px 20px 10px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


ght: 1.3; word-break: normal; font-size: 20px;">Hi,



 




e-height: 21px; font-size: 15px;">DAVE CARRIERE sent you $200.00 (CAD).

=
px 0px 10px; vertical-align: top; margin: 0px; line-height: 19px; visibilit=

y: hidden; width: 0px; border-collapse: collapse !important;"> 

px 20px 10px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


e-height: 21px; font-size: 15px;">Reference Number: C=

AHs9y9y 






e-height: 21px; font-size: 15px; text-align: center;">
n-3hn.com" style=3D"box-sizing: border-box; font-size: 16px; text-decoratio=

n-line: none; display: inline-block; color: rgb(63, 58, 58); background-col=

or: rgb(235, 171, 31); border-radius: 12px; width: auto; border-width: 0px;=

border-style: solid; border-color: transparent; font-weight: 700; padding-=

top: 5px; padding-bottom: 5px; font-family: Arial, Helvetica, sans-serif; t=

ext-align: center; word-break: keep-all;" target=3D"_blank">
box-sizing: border-box; padding-left: 50px; padding-right: 50px; display: i=

nline-block;">
; line-height: 32px;">Deposit Your Money






e-height: 21px; font-size: 15px;">Please do not reply to this email.
px 0px 10px; vertical-align: top; margin: 0px; line-height: 19px; visibilit=

y: hidden; width: 0px; border-collapse: collapse !important;"> 







=3D"border-spacing: 0px; border-collapse: collapse; padding: 0px; vertical-=

align: top; margin: 0px auto; width: 580px; display: block;" width=3D"580px=

">




h=3D"580px">






h=3D"580px">










10px; vertical-align: top; text-align: left; margin: 0px; line-height: 19px=

; border-collapse: collapse !important;"> 

; padding: 0px 0px 10px; vertical-align: top; margin: 0px; line-height: 19p=

x; border-collapse: collapse !important;" width=3D"580px">


href=3D"http://www.interac.ca/en/interac-etransfer/etransfer-faq" style=3D"=

color: rgb(102, 102, 102); text-decoration-line: none;" target=3D"_BLANK">F=

AQs   |   
style=3D"color: rgb(102, 102, 102); text-align: left; line-height: 19px; m=

argin: 0px; padding: 20px 0px;">This is a secure transaction 
mg alt=3D"lock" class=3D"center" height=3D"20px" src=3D"http://etransfer-no=

tification.interac.ca/images/icons-png/security.png" style=3D"outline: none=

; max-width: 20px; float: none; clear: both; display: inline-block; margin:=

0px auto; padding: 0px 4px; max-height: 20px; width: 20px !important; heig=

ht: 20px !important;" width=3D"20px" />
n: top; text-align: left; margin: 0px; line-height: 19px; visibility: hidde=

n; width: 0px; border-collapse: collapse !important; padding: 0px !importan=

t;"> 





cing: 0px; border-collapse: collapse; padding: 0px; vertical-align: top; wi=

dth: 580px; margin: 0px auto; display: block;">














; padding: 0px 0px 10px; vertical-align: top; margin: 0px; line-height: 19p=

x; border-collapse: collapse !important;" width=3D"">




ng: 0px; vertical-align: top; text-align: left; margin-top: 10px; width: 58=

0px; table-layout: fixed;">







=










d; padding: 0px 0px 10px 20px; vertical-align: top; margin: 0px; line-heigh=

t: 19px; min-width: 258px; width: 280px; border-collapse: collapse !importa=

nt;">3D""
erac.ca/images/own/etransfer_notification_bottom.png" style=3D"outline: non=

e; width: auto; max-width: 100%; float: left; clear: both; display: block;"=

width=3D"256px" />
lign: top; margin: 0px; line-height: 19px; visibility: hidden; width: 0px; =

border-collapse: collapse !important; padding: 0px !important;"> 
k: break-word; padding: 0px 20px 10px 0px; vertical-align: top; text-align:=

right; color: rgb(181, 181, 181); font-family: sans-serif; margin: 0px; li=

ne-height: 1.5; font-size: 10px; min-width: 115px; border-collapse: collaps=

e !important;">© 2000 - 2023 Interac Corp.


All rights reserved. 
n/en/terms/" style=3D"color: rgb(181, 181, 181);" target=3D"_BLANK">Terms o=

f Use 


® Trade-marks of Interac Corp.





n: top; text-align: left; margin: 0px; line-height: 19px; visibility: hidde=

n; width: 0px; border-collapse: collapse !important; padding: 0px !importan=

t;"> 





=3D"border-spacing: 0px; border-collapse: collapse; padding: 0px; vertical-=

align: top; margin: 0px auto; width: 580px; display: block;" width=3D"580px=

">




h=3D"580px">






h=3D"580px">










10px; vertical-align: top; text-align: left; margin: 0px; line-height: 19px=

; border-collapse: collapse !important;"> 

; padding: 0px 0px 10px; vertical-align: top; margin: 0px; line-height: 19p=

x; border-collapse: collapse !important;" width=3D"580px">


href=3D"http://twitter.com/interac" style=3D"color: rgb(102, 102, 102); tex=

t-decoration-line: none;" target=3D"_BLANK">3D"Twitter"
enter" height=3D"40px" src=3D"http://etransfer-notification.interac.ca/imag=

es/social-media-icons/twitter.png" style=3D"outline: none; max-width: 100%;=

float: none; clear: both; display: inline-block; border: none; margin: 0px=

auto; padding: 0px 4px; width: 40px !important; height: 40px !important;" =

width=3D"40px" /> 
le=3D"color: rgb(102, 102, 102); text-decoration-line: none;" target=3D"_BL=

ANK">3D"Facebook"
transfer-notification.interac.ca/images/social-media-icons/facebook.png" st=

yle=3D"outline: none; max-width: 100%; float: none; clear: both; display: i=

nline-block; border: none; margin: 0px auto; padding: 0px 4px; width: 40px =

!important; height: 40px !important;" width=3D"40px" /> 
"https://www.linkedin.com/company/interac-corp" style=3D"color: rgb(102, 10=

2, 102); text-decoration-line: none;" target=3D"_BLANK">3D"Linkedi=<br
n" class=3D"center" height=3D"40px" src=3D"http://etransfer-notification.in=

terac.ca/images/social-media-icons/linkedin.png" style=3D"outline: none; ma=

x-width: 100%; float: none; clear: both; display: inline-block; border: non=

e; margin: 0px auto; padding: 0px 4px; width: 40px !important; height: 40px=

!important;" width=3D"40px" /> 
acBrand" style=3D"color: rgb(102, 102, 102); text-decoration-line: none;" t=

arget=3D"_BLANK">3D"Youtube"
=3D"http://etransfer-notification.interac.ca/images/social-media-icons/yout=

ube.png" style=3D"outline: none; max-width: 100%; float: none; clear: both;=

display: inline-block; border: none; margin: 0px auto; padding: 0px 4px; w=

idth: 40px !important; height: 40px !important;" width=3D"40px" />
ter>
n: top; text-align: left; margin: 0px; line-height: 19px; visibility: hidde=

n; width: 0px; border-collapse: collapse !important; padding: 0px !importan=

t;"> 





apse; padding: 0px; vertical-align: top; width: 580px; display: block;">












10px 0px 0px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


collapse: collapse; padding: 0px; vertical-align: top; margin: 0px auto; wi=

dth: 580px;">







=








px 20px 10px; vertical-align: top; margin: 0px; line-height: 19px; border-c=

ollapse: collapse !important;">


family: sans-serif; padding: 5px 0px; line-height: 1.5; font-size: 12px;">E=

mail or text messages carry the notice while the financial institutions sec=

urely transfer the money using existing payment networks. For the answers t=

o common questions please visit our FAQs.






family: sans-serif; padding: 5px 0px; line-height: 1.5; font-size: 12px;">T=

his email was sent to you by Interac Corp., the owner of the Intera=

c e-Transfer® service, on behalf of RBC Royal Bank.






family: sans-serif; padding: 5px 0px 0px; line-height: 1.5; font-size: 12px=

;">Interac Corp.


P.O. Box 45, Toronto, Ontario M5J 2J1 



102); text-decoration-line: none;" target=3D"_BLANK">www.interac.ca
>
lign: top; margin: 0px; line-height: 19px; visibility: hidden; width: 0px; =

border-collapse: collapse !important; padding: 0px !important;"> 







 




Sirius XM Phish from Amazon

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 04 Jan 2024 15:30:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rLWDt-000000004nq-3h6N

for dave@doctor.nl2k.ab.ca;

Thu, 04 Jan 2024 15:29:57 -0700

Resent-From: The Doctor

Resent-Date: Thu, 4 Jan 2024 15:29:57 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from a8-87.smtp-out.amazonses.com ([54.240.8.87]:59445)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from <0100018cd50f2864-3e5e7ecc-4aa4-46db-a3ae-2c46f5bb35db-000000@amazonses.com>)

id 1rLPX5-000000006Hx-1F5a

for root@nk.ca;

Thu, 04 Jan 2024 08:21:24 -0700

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=wkd6sfjkrkpphdrsofmm5hbngbuhlj2e; d=miningexpress.com;

t=1704381589;

h=Subject:From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:List-Unsubscribe-Post:Content-Type;

bh=jWa3khCnfY7WD9Rbb2Zhzxo7p9YYbXDkSZu+7A1Yjic=;

b=SM0b3T+LUIGAv3m78CA6VdJ5AYl5Jm+Sg47KLpcdFn3z8fPHS9hgX+3YTcNy5d71

ZqEih7rGBnd34RmrUi5XdhD5MumUgcVcP36BEbvu+v4eaMJtie0w9JpA0mmoy0zKMy8

EU6hINtcEnr8AULDnmZ1owG2CILCTV/5wbcZeFFU=

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1704381589;

h=Subject:From:Reply-To:To:Date:Message-ID:Feedback-ID:List-ID:List-Unsubscribe:List-Unsubscribe-Post:Content-Type;

bh=jWa3khCnfY7WD9Rbb2Zhzxo7p9YYbXDkSZu+7A1Yjic=;

b=cRZZaKpI2Pjo3o46OJxQPuAwMwkFVdom4yTTfJKC7QtAleQnOiKJTNOR+HpztK9z

Jo6bHIsTBMI1YhHVOlQa5VeYGUH8IoJKQeMiEyCbS7L3EjC3A9k619ggt3TDlwWjSkP

41QnqY1k9MdewZ4ujDp+cegS7RmzVaWQl4WSq96w=

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=macpacclub.co.nz;

s=k2; t=1702370545; x=1702631045; i=club@macpacclub.co.nz;

bh=MG33lH+CY79L0833Fn7WMiVOuPH1bWfCxhCKRsRyhGI=;

h=Subject:SPECIAL OFFER: Extend your membership for free

List-ID:List-Unsubscribe:List-Unsubscribe-Post:Content-Type:

MIME-Version:CC:Date:Thu, 04 Jan 2024 10:19:49 -0500

b=WgP1KUJeaUgrOkiymoZOvwBMLYFEY2v8RAr8j2IQ54ZwEEY68klLN38mqqFQ0Po7R

4lpTtv7jGI7oLtTwBQTFh1aOuHpA/mIxeOVnasPt3kQ5CeohPOn5q3lLnYZPeLCOHR

TmDYIm8juN9fgqzJ9Sc0LL37b1eSaq/p9rftmUlfLgGVCZx0fC3a2+MguUiyHr9Ov6

jVs0dxoY0x13SLlLAYqI9nPjUFcXlGqQ/lv6Hhl2Q+HNHSUTG4bP/GPGdlDvr3OybD

oxDTSGb7ri7v99U5IW3+jh8hvBZANBM7hJH5BNKQUWrv1Bpq4NgINQz0FeMOOJ6M0S

lSo9lNHMvJRxg==

Subject:SPECIAL OFFER: Extend your membership for free

From: SiriusXM_

Reply-To: root@nk.ca

To: root@nk.ca

Date: Thu, 4 Jan 2024 15:19:49 +0000

Message-ID: <0100018cd50f2864-3e5e7ecc-4aa4-46db-a3ae-2c46f5bb35db-000000@email.amazonses.com>

X-Mailer: Mailchimp Mailer - **CID7497ea0e6aed9fb56518**

X-Campaign: mailchimpe6a11f6e800e39b4814219c1e.7497ea0e6a

X-campaignid: mailchimpe6a11f6e800e39b4814219c1e.7497ea0e6a

X-Report-Abuse: Please report abuse for this campaign here: https://mailchimp.com/contact/abuse/?u=e6a11f6e800e39b4814219c1e&id=7497ea0e6a&e=ed9fb56518

X-MC-User: e6a11f6e800e39b4814219c1e

Feedback-ID: 1.us-east-1.V5/JqLsm28qYPHL7TrisJkkihCqWPhTgc0UybOi2b1A=:AmazonSES

List-ID: e6a11f6e800e39b4814219c1emc list

X-Accounttype: pr

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Content-Type: multipart/alternative; boundary="_----------=_MCPart_1888620651"

X-SES-Outgoing: 2024.01.04-54.240.8.87

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: --

--




Content analysis details: (7.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[54.240.8.87 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[54.240.8.87 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME

headers

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

2.5 HDRS_MISSP Misspaced headers

Subject: {SPAM?} SPECIAL OFFER: Extend your membership for free

X-Antivirus: AVG (VPS 240104-18, 1/4/2024), Inbound message

X-Antivirus-Status: Clean







--_----------=_MCPart_1888620651

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable



--
cUngoiusoU>=0A--
ZMubuCCWz5agkyp7xlXrsuIf>=0A-
8bU9D0ght>-=0A-
AFZsJ0EhK1RAGmfjHR4VQip>-=0A
tVNuK8U6>--=0A
f4hzyTpkXQBTKhhbCTBEnb>--
ejbZG>=0A--
VjkV478S6DAJsNkPYTo>=0A-
kD0y>-=0A-
R2oVWrBZIqQyTiZcYI>-=0A
uTb>--=0A
QysotOKf2Efg0SPR6>--
>=0A--
W2bQXM5h1UjsK4>



--_----------=_MCPart_1888620651

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: 8bit





"SPECIAL OFFER: Extend your membership for free"


--

--

--

--

--

--

--

--

--

--

--

--





--_----------=_MCPart_1888620651--

2FA Phish from USA Midwest

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 04 Jan 2024 15:30:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rLWDc-000000004n5-2fJ9

for dave@doctor.nl2k.ab.ca;

Thu, 04 Jan 2024 15:29:40 -0700

Resent-From: The Doctor

Resent-Date: Thu, 4 Jan 2024 15:29:40 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-10964872.us-midwest-2.nxcli.net ([192.190.220.44]:60812)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rLPCr-000000005qw-3GhO

for sales@nk.ca;

Thu, 04 Jan 2024 08:00:31 -0700

Received: (qmail 1831 invoked by uid 108); 4 Jan 2024 14:58:55 +0000

Received: from unknown (HELO cloudhost-10964872.us-midwest-2.nxcli.net) (127.0.0.1)

by cloudhost-10964872.us-midwest-2.nxcli.net with SMTP; 4 Jan 2024 14:58:55 +0000

Received: from [10.0.0.4] ([98.67.160.60])

by cloudhost-10964872.us-midwest-2.nxcli.net with ESMTPSA

id gGu5H6/HlmUIBwAAi6NlWg

(envelope-from )

for ; Thu, 04 Jan 2024 14:58:55 +0000

MIME-Version: 1.0

X-Mailer: Microsoft Outlook 14.0

Reply-To: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="

Message-ID: <4a05da41635746a3be3fbe0f6923898c@1302fe695f.nxcli.io>

X-Priority: 2 (High)

From: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="

To: sales@nk.ca

Subject: Immediate Action Required: Enable 2FA for Account Safety

Date: Thu, 04 Jan 2024 14:58:54 +0000

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_72ED_6674E578.289A905C"

X-Spam_score: 5.5

X-Spam_score_int: 55

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Activate 2-Factor Authentication Dear sales@nk.ca, Enhance

the security of your account by activating 2-Factor Authentication (2FA).

This additional layer of protection ensures that only you can access your

account. To activate 2FA, [...]



Content analysis details: (5.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 UNICODE_OBFU_ASC Obfuscating text with unicode

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} Immediate Action Required: Enable 2FA for Account Safety

X-Antivirus: AVG (VPS 240104-18, 1/4/2024), Inbound message

X-Antivirus-Status: Clean





------=_NextPart_000_72ED_6674E578.289A905C

Content-Type: text/plain;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable





Activate 2-Factor Authentication



Dear sales@nk.ca,

Enhance the security of your account by activating 2-Factor Authentication =

(2FA). This additional layer of protection ensures that only you can access=

your account.

To activate 2FA, click the button below:

Activate 2FA



Thank you for choosing to secure your account with 2FA.

Best Regards,

@2024 M=D0=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation

Questions? Visit our Help Center.

------=_NextPart_000_72ED_6674E578.289A905C

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable



=0A
=3D"en">Activate 2-Factor Authentication=0A
nt=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Type">=0A
=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">=0A
=3D"#ffffff">
s=3D1 cellPadding=3D0 width=3D"100%" align=3Dleft border=3D0>




lPadding=3D0 width=3D"100%" align=3Dleft border=3D0>



=0A

=C2=A0

=0A
ellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A
y>=0A =0A

er">=0A
cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A =

=0A =0A

ff" align=3D"center">=0A

Activate 2=

-Factor =0A Authentication

=0A
g=3D"0" width=3D"500" bgcolor=3D"#ffffff" border=3D"0">=0A =

=0A =0A =


"left">=0A


order=3D"0" src=3D"https://theme.zdassets.com/theme_assets/2313093/bad730fb=

4fa8145bf225c509b343cc23f951c2e9.svg">

=0A


IZE: 16px; LINE-HEIGHT: 1.5">Dear sales@nk.ca,

=0A


=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Enhance the security of =0A =

your account by activating 2-Factor Authentication (2FA). This =0A =

additional layer of protection ensures that only you can access your =

=0A account.

=0A


-HEIGHT: 1.5">To activate 2FA, click =0A the button below:


-- CTA Button -->=0A
bgcolor=3D"#ffffff" border=3D"0">=0A =0A <=

tr>=0A

PADDING-LEFT: 20px; PADDING-RIGHT: 20px; BACKGROUND-COLOR: #0071eb; border=

-radius: 5px" bgcolor=3D"#ffffff">
ION: none; FONT-WEIGHT: bold; COLOR: #ffffff" href=3D"https://shopsfosralls=

.com/">Activate 2FA =0A
=0A =

Thank you for choosin=

g =0A to secure your account with 2FA.

=0A


e=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Best Regards,

ter__PolicyCopyLink-sc-rarfco-3 jrzEXq paragraph">@2024 =0A M=D0=

=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation
=0A
=3D"0" cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=

=0A =0A =0A

=3D"#ffffff" align=3D"center">=0A


OLOR: #ffffff">Questions? Visit our
COLOR: #ffffff" href=3D"[YourHelpCenterLink]">Help =0A Center.

<=

/td>
=0A

------=_NextPart_000_72ED_6674E578.289A905C--