Costco Phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 11:20:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdDev-000000004Zi-48hz

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 11:19:01 -0700

Resent-From: The Doctor

Resent-Date: Thu, 22 Feb 2024 11:19:01 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ct2zaf01on2133.outbound.protection.outlook.com ([40.107.19.133]:5473 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdAon-000000006hY-0TJd

for doctor@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 08:17:06 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=A28I31j2VFUGaWvSwZZzINML2OueB2aIhlUXm8jrjcqYzskKIaBPm08aZP0ijIA/nckMFUkQIsRuiZVNbWgKNP6aHug96/5rvVlC6/tydvPLE41ohbZN5cC3S7L75FGFhO9dhY223LVynYeJG99Mrye1tm3d9Oyirb+QCdqboG3IefF4ezrqn9AwYcHQeskhKqeLTrkh40csACbwWucqg4KSVu4wHMtTqMM8+3woB/dUYCTVuM05hmUB+xDIiBRsmmAJtWf52evad2/NrzRjf65nMZnAiF0w2WMJTPDqrt9ok1BKN8QsG11m7blxLzEjM62o0V6V6v47N7/aIObOLQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=f8G8GIBZiSdoiB2Qm1zWL7DGx1IWKNYUR8rbWVtwCDI=;

b=gJ3U2M4PXM/ba6aKqOrTVPxYtVXVuHzBwtqjxXGhi5Un64YDP+NYSRfvi4SJ6pU8hk/4MVmmzIpr4YqDXJdsdG9nS/vEZfpoHV6Lvcn6eS6LW6+ZOz+CJ40vuDdBBXlPclmZVIbyzF0v5HLfiA0KrsZxz8ApxaRO0m3n2KB2Rx6iCJ4TY5C3WuVlssFY7oPZKw7pg0QdvyOVFBdsbSapFt9Zagda4HCDDZGOuzYAecEa2PeqDc5wiYKsFOBoDQ0FrheSmsdgLeDU/7Fuz65GKXDJM22C4JYfLR8ltRvYUhK06qtnzZJFakQnpTxn9FuGM6K0g/u3O1K0inorljS4Ug==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=maynaroaas.onmicrosoft.com; dmarc=pass action=none

header.from=maynaroaas.onmicrosoft.com; dkim=pass

header.d=maynaroaas.onmicrosoft.com; arc=none

Received: from JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) by

CP7P275MB2390.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:52::10) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7316.24; Thu, 22 Feb 2024 15:14:55 +0000

Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:67::10) by

JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7316.22; Thu, 22 Feb 2024 15:12:39 +0000

Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

([fe80::448e:98a6:1c99:83a0]) by JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

([fe80::448e:98a6:1c99:83a0%7]) with mapi id 15.20.7316.023; Thu, 22 Feb 2024

15:12:39 +0000

From: Curran Juarez

To: lonley

Subject: Win Big: Complete Our Survey, CIaim Your P.rize

Thread-Topic: Win Big: Complete Our Survey, CIaim Your P.rize

Thread-Index: AQHaZaFR8ga7Ncow5kyWdNJHg6zoGw==

Date: Thu, 22 Feb 2024 15:12:38 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

authentication-results: dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=Maynaroaas.onmicrosoft.com;

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic:

JN3P275MB2685:EE_|JN1P275MB2449:EE_|CP7P275MB2390:EE_

x-ms-office365-filtering-correlation-id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563

x-ld-processed: b78d2084-30db-44b7-aac0-828f2660b139,ExtAddr

x-ms-exchange-senderadcheck: 1

x-ms-exchange-antispam-relay: 0

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

5wz10Iz/mqIQ9QHPmfOGGJuKIMKQLQ5kfW705IsDLsupSFpIFdwFToujhlm5MJSstHmqxnsfLThn6ciQdhBvCzCanCnkVeHs5Foxn5BCajvH8xdgcxRc1VKWf+isARUSQRt1z4XfokyYI6mYBPz6/bqywtqYxBeffjrD2fV5KKsnTaDjI74KYL/rnhCtMd5tZB81z1Fa8qRIHb7v4oS7nSs2JxSr6NK8gG863npoaArc8IquLdXucJlExXulgHPilhf1uiAGjd26xcu8PFRFwgscke/rIPHBNT0+JgqZp8+G9NNwe0CvyvnoLYocAoMJWba63u1Mc7Xo1MYihiwNgA==

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(38070700009);DIR:OUT;SFP:1102;

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?/FkMH90SU5dDSvDfoqf6G5XyLA9yMRgk4CAfGHbwvuA2K2fnXK4bbvOr/N?=

=?iso-8859-1?Q?yWWRyKdd0dzHcoAXPjw9fgdZw/EKi97lsrCkLewBor9CARHN6i+uXOT4Lp?=

=?iso-8859-1?Q?HdDhkxCcMNZEPXIvAoi7yawAWyFc1FUL6iA74bP4Ueo0QO0DzVEqLoGUXY?=

=?iso-8859-1?Q?heI+GQTyUq38fEuYdkk001lCMRS4qWuIo8hI+JECgWK2NtNr8xBSLO43TN?=

=?iso-8859-1?Q?GnYAnQYA67jZvL6LeKL9KlTBFlO3olLC5mfZQ6nF6jQLirbF51f05TqClA?=

=?iso-8859-1?Q?cKHC60ESIlAcyXdwAkLkAvqelpG7XJoE0g61dOPfici6EoJ1VDPFPr9obB?=

=?iso-8859-1?Q?JCGfccteqvO0JSHw52Zx7XdJTiSsT9/3Wfuz3L7wePXRn7ls99mU1nt4f9?=

=?iso-8859-1?Q?mw9dXf31cqVLbTxpYUaKpN95JL2L00eW+URRmbewzoJJFQn4pDM23wbs6K?=

=?iso-8859-1?Q?NJhdzqoZwuquVk6Ft/REN0P9Mb54/y3ekOeo0yjLe/gu4/8ny5nmjeSCcW?=

=?iso-8859-1?Q?Jmr72MITNHh20aGFIoS6Iv0aRFXew04L4U6A8iDWOzDBEhEltGT2Qnv72F?=

=?iso-8859-1?Q?KXL0QwDjaRqI2kBPxefXWNvYfrTkpmdUQqQPCyHwCAgOT3nsyms4bRmQCN?=

=?iso-8859-1?Q?zp01YsR6md5LVG5NqILqGi65vVM0HdS/m+VQRbrhZy0pUPtc33eMEFF9jB?=

=?iso-8859-1?Q?bRTmqlo+NRlabenMvTgT6MiKtqkVR4jk2ysam2n+LrH9Ib0dXko5hHd9+i?=

=?iso-8859-1?Q?yAqA8saLMvTjh1BaZJ08e0D0Eam5C2Tw4cwDnvHbZLX20vFQLKJCPfPG3F?=

=?iso-8859-1?Q?eL7d4AsV2zBMtu0VtmSOf5objuSfscRFlf8Ny6bIXEjXZ9KpCeYE/RtTIQ?=

=?iso-8859-1?Q?NGoUxvK+LmJPFPwi6luVS0Z0/30XiDi1MGhDhbqWbP9QDk2UfWER3zDu9m?=

=?iso-8859-1?Q?tBHtPID6OZNaE47nzVUl6Qg9cpwa0RsU5GIDGH4Dbw4vQczyBO4n/G5kMA?=

=?iso-8859-1?Q?evosYqqT7LY7LM6pzYLdhPRHZMQEQB4OlkM1VXstEFxd+vLNdapjTOQm9E?=

=?iso-8859-1?Q?Ae1Yz8mUgxAQtBZ1ZGPARK3LNSAQUyvVB6BJuQg6hVM+VLw8myptmfvF76?=

=?iso-8859-1?Q?W5/OD+Db8Y0YXapB+Imjraqx47wsFkIYANktFeBbvPWz1y+l4kN1nUCIAz?=

=?iso-8859-1?Q?+1qbKzywxorGMQYuILKuJDwllPshhkzl7EGXdW5IuGiQq/HUn+ORALyXag?=

=?iso-8859-1?Q?s/jY4RBXIW0aKp6UDwV41utA6uUV79AZ8GKB2juXukMttkzR6YM3w80a1H?=

=?iso-8859-1?Q?pdBSdA1JATIkgYk7NQeIjh78GeykoIHJ9HeFYLhyr/55Mlw/OjNgrYt4Hi?=

=?iso-8859-1?Q?zwTO0vvjSNOZ1HrwScle+VyGUWKfzXk556MFp1xBeAjocw/nthmZhspeGN?=

=?iso-8859-1?Q?qLk4RdbSOHUs4LB57UIIdP7R+kJwk84IjTNEFZSLEtGvGxjNg2Xe6gKAM4?=

=?iso-8859-1?Q?WVtaVC/6f21mfi/CSWWRzLBQBaDb5/Th8VbqZC7vWdwyvF61Vuo5lKRUXt?=

=?iso-8859-1?Q?pj02C2hXBdIp4LIzZWQ6NSSlt7a+wcHxW+VadipKmgBxqs+k/CYU/201vz?=

=?iso-8859-1?Q?tptHNqFtBkqPhuUrD0MgM2TSfQ3oooOItidbRuPCZ6ghGOB6yeDZfTV2NY?=

=?iso-8859-1?Q?MlSCDAy8xGkxsDqC/cU=3D?=

Content-Type: multipart/alternative;

boundary="_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_"

MIME-Version: 1.0

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: Maynaroaas.onmicrosoft.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563

X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2024 15:12:38.9630

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: b78d2084-30db-44b7-aac0-828f2660b139

X-MS-Exchange-CrossTenant-mailboxtype: HOSTED

X-MS-Exchange-CrossTenant-userprincipalname: c8fKJpltarWutvbFPZXISWIhAr7caVyXOq6RHr/45lMybZNckSNv8BeBI3JVOJVF6ipNd6XDhyf+apaojLtS5z088WaADflcq7q0nXtpVfcgOz8GwW58cLiI1IRtYzQ+

X-MS-Exchange-Transport-CrossTenantHeadersStamped: CP7P275MB2390

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: [https://reyna.blob.core.windows.net/reyna/1.png]

[https://reyna.blob.core.windows.net/reyna/2.png]



Content analysis details: (7.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: reyna.blob.core.windows.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.19.133 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.19.133 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[curranjuarez(at)maynaroaas.onmicrosoft.com]

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Win Big: Complete Our Survey, CIaim Your P.rize

X-Antivirus: AVG (VPS 240222-6, 2/22/2024), Inbound message

X-Antivirus-Status: Clean



--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



[https://reyna.blob.core.windows.net/reyna/1.png]

[https://reyna.blob.core.windows.net/reyna/2.png]



--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helve=

tica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
/urlz.fr/pE3z" id=3D"OWA207b1743-d842-9606-6bf4-92435c3c605c" class=3D"OWAA=

utoLink">
yna.blob.core.windows.net/reyna/1.png">



f">
ce, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">=


458" class=3D"OWAAutoLink">
src=3D"https://reyna.blob.core.windows.net/reyna/2.png">








--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_--

French language postal phish from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 06:19:00 -0700

Received: from mail-pj1-f52.google.com ([209.85.216.52]:51682)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd8y0-00000000Prc-3cTn

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 06:18:29 -0700

Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-29a64997159so104190a91.3

for ; Thu, 22 Feb 2024 05:16:29 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1708607783; x=1709212583; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=Re8uldqQpJVs0bCAy8wph3a1wa5Chv4Co6rcoZ/abBs=;

b=ClmbklPMKT2DFoPAvOTM7DA18XZeM8cHA0sSHBz1maYJflB8RnoVyB9CuBOrj3frkm

F2z5aHFPCX1Y3cVqL6rzkOb7OZdh9jM7dNJe6gnZtqGLpsns/15SwJb6x8pluuW2+WAc

zON6C7QeH7bQEitUAQel6YqB+8ZrTWKUbZ/GRpMwzBoGHq/ECf+VTeTXKKLLz50a3b70

96Fl+9gQhc5y9eCJBaWr4QyOT1/myfOaCvU2yHkyJ1TZrjkVdU42IHiq55dtJ7PNEtcy

4vz2cnpNrC6Q1xf2mULAHV3cSY1pkhXpkpmVAtC5PgUaocK6MePNrP/ebsyjlcr54Z6f

RV0w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1708607783; x=1709212583;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=Re8uldqQpJVs0bCAy8wph3a1wa5Chv4Co6rcoZ/abBs=;

b=CvEmId0U4POYZKFkQ59hgEO0pZ/Ff+SAa2kmOJe+EiB3tJBdWE+gJwOEqChUANMq6r

CGbQPLAH81oXvt/yKgl0EGg0TWspmZs484lOYOigxVUrLabomosdqoX97sTEM44aMuTj

csIgtT+6hTawN6V9cJtd+SJnKFSx58ZfC7/+pBfgwZ1iU89ymkgv0/9KDrNIQxzhzn5L

D+E2xgp0v2WpsnaWDKyRf/hX9/f+WIz1THeP95G3JXOWNSb4RTC3/iELwf+OZYJP7d3F

wcWWoW3DlEAn2mIhEKuZ56TCFBMV3V80oCekDV458ZGqLf2lPiOXX/csHT7Cl6Eow2na

PTKQ==

X-Forwarded-Encrypted: i=1; AJvYcCWtR+udlwnJDAL8bKNM9Nz54t5xfC2jzH3emfNQ8gSXERvT64pkB+TPknqbAs8XhskRSSqDuAUBYGts1CIUV4PUzrmWtYfC

X-Gm-Message-State: AOJu0Yx/O8fznPinYU9traoOOYomjUrsULqeFuBde8sxwuA8ncvaHwDo

HrQTyoHpZEUj2IQxTf83VJ2r/qpfwsMLhz7CCYxR0pBrb+KN+/L8R4V7jsIh8UK4D/fHM8UzPN/

UimXcr7nAAmM/nPX90MTot9p/zWo=

X-Google-Smtp-Source: AGHT+IGCiOD79zSvfa+fL8Btj5FaYkoo7UTPenS5TpXTxOjvBuwIaTaqY0HvGx9aj2ZMzORv5RaL/UfzaeQEKXvKbeI=

X-Received: by 2002:a17:90a:c697:b0:299:4269:b8c9 with SMTP id

n23-20020a17090ac69700b002994269b8c9mr14072862pjt.26.1708607783272; Thu, 22

Feb 2024 05:16:23 -0800 (PST)

MIME-Version: 1.0

From: Office Post

Date: Thu, 22 Feb 2024 05:16:12 -0800

Message-ID:

Subject: =?UTF-8?Q?FONDS_MON=C3=89TAIRE_INTERNATIONAL_=28HQ1=29?=

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000fb86b70611f83f4c"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 5.6

X-Spam_score_int: 56

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: FONDS MONÉTAIRE INTERNATIONAL (HQ1) 700 19th Street, N.W.,

Washington, D.C. 20431. FOND MONÉTAIRE INTERNATIONAL.



Content analysis details: (5.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.52 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.52 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[officepost787463(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[officepost787463(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.0 FREEMAIL_REPLY From and body contain different freemails

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} =?UTF-8?Q?FONDS_MON=C3=89TAIRE_INTERNATIONAL_=28HQ1=29?=

X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message

X-Antivirus-Status: Clean



--000000000000fb86b70611f83f4c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



FONDS MON=C3=89TAIRE INTERNATIONAL (HQ1)



700 19th Street, N.W., Washington, D.C. 20431.



FOND MON=C3=89TAIRE INTERNATIONAL.



ATTENTION!! CHER



B=C3=89N=C3=89FICIAIRE



Site Internet : www.imf.org.

C/O Kristalina Georgieva



Bonjour cher b=C3=A9n=C3=A9ficiaire,



ORDRE DE PAIEMENT DU FONDS D=E2=80=99INDEMNISATION

Nous vous avons envoy=C3=A9 cette lettre il y a un mois, mais je n'ai pas e=

u de

vos nouvelles, je ne suis pas s=C3=BBr si vous l'avez re=C3=A7ue, et c'est =

pourquoi

je le r=C3=A9p=C3=A8te, tout d'abord, je suis Mme Kristalina Georgieva, dir=

ectrice

Directrice et Pr=C3=A9sidente du Fonds mon=C3=A9taire international (FMI) V=

ous faites

partie de la liste des personnes dont les fonds impay=C3=A9s ont =C3=A9t=C3=

=A9 approuv=C3=A9s

par les Nations Unies.



Le pr=C3=A9sident et l'organe directeur de l'unit=C3=A9 mon=C3=A9taire des =

Nations Unies

nous ont demand=C3=A9 d'enqu=C3=AAter sur les fonds non recouvr=C3=A9s qui =

=C3=A9taient depuis

longtemps =C3=A0 payer dans le panier du gouvernement de l'ONU, ce qui a la=

iss=C3=A9

les propri=C3=A9taires perplexes quant au fait que les fraudeurs utilisant =

le

nom des Nations Unies ont =C3=A9t=C3=A9 tromp=C3=A9s. Au cours de notre enq=

u=C3=AAte D'apr=C3=A8s

l'enregistrement des donn=C3=A9es de stockage de notre syst=C3=A8me avec vo=

tre

adresse e-mail, votre paiement figure parmi une liste de 150 destinataires

cat=C3=A9goris=C3=A9s comme : Fonds de loterie non livr=C3=A9s / fonds impa=

y=C3=A9s / Transfert

incomplet des fonds de succession / contrats.



Nous sommes constern=C3=A9s de constater que votre paiement a =C3=A9t=C3=A9=

inutilement

retard=C3=A9 par des agents bancaires corrompus dans le but de tromper votr=

e

fonds, entra=C3=AEnant de nombreuses pertes de votre part et des retards

inutiles dans la r=C3=A9ception de votre paiement. Les Nations Unies et le =

Fonds

mon=C3=A9taire international (FMI) ont d=C3=A9cid=C3=A9 de verser l'int=C3=

=A9gralit=C3=A9 des

compensations =C3=A0 150 b=C3=A9n=C3=A9ficiaires d'Am=C3=A9rique du Nord, d=

'Am=C3=A9rique du Sud,

des =C3=89tats-Unis, d'Europe et d'Asie,

Si ce message arrive =C3=A0 votre bureau, notez que votre adresse e-mail fa=

it

partie de la liste qui a =C3=A9t=C3=A9 s=C3=A9lectionn=C3=A9e dans le syst=

=C3=A8me de vote des

Nations Unies.



Le montant de l'approbation est de 2 500 000,00 USD (deux millions cinq

cent mille dollars am=C3=A9ricains).



La totalit=C3=A9 du Fonds a =C3=A9t=C3=A9 d=C3=A9pos=C3=A9e aupr=C3=A8s de =

la BANQUE EUROP=C3=89ENNE

D'INVESTISSEMENT. Contactez le gestionnaire Dr Wilson Taylor pour plus de

pr=C3=A9cisions sur la fa=C3=A7on de recevoir vos fonds sans d=C3=A9lai.



N'oubliez pas qu'=C3=A0 la banque, le seul paiement requis est les frais de

certificat de d=C3=A9charge (FMI), sans frais suppl=C3=A9mentaires.



Contactez l'email bancaire ci-dessous =F0=9F=91=87

(europeaninvestmentbank819@gmail.com) une fois que vous aurez contact=C3=

=A9 la

banque, la transaction commencera imm=C3=A9diatement.



Montants approuv=C3=A9s : (2 500 000,00 USD)

Site Internet : www.imf.org.

Utilisez ce code (R=C3=A9f : CLIENT-601) comme sujet de votre adresse e-mai=

l

pour vous identifier



Pour =C3=A9viter de nouveaux retards, nous avons demand=C3=A9 votre r=C3=A9=

ponse urgente =C3=A0

cet e-mail conform=C3=A9ment aux instructions.





Salutations

MME KRISTALINA GEORGIEVA, , RESPONSABLE DE L'INFORMATION PUBLIQUE. FONDS

MON=C3=89TAIRE INTERNATIONAL.



--000000000000fb86b70611f83f4c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



FONDS MON=C3=89TAIRE INTERNATIONAL (HQ1)

700 19th S=

treet, N.W., Washington, D.C. 20431.

=C2=A0 FOND MON=C3=89TAIRE INTE=

RNATIONAL.

ATTENTION!! CHER

B=C3=89N=C3=89FICIAIRE

=C2=

=A0 Site Internet : www.imf.org.
C/O =

Kristalina Georgieva

Bonjour cher b=C3=A9n=C3=A9ficiaire,

ORD=

RE DE PAIEMENT DU FONDS D=E2=80=99INDEMNISATION
Nous vous avons envoy=C3=

=A9 cette lettre il y a un mois, mais je n'ai pas eu de vos nouvelles, =

je ne suis pas s=C3=BBr si vous l'avez re=C3=A7ue, et c'est pourquo=

i je le r=C3=A9p=C3=A8te, tout d'abord, je suis Mme Kristalina Georgiev=

a, directrice Directrice et Pr=C3=A9sidente du Fonds mon=C3=A9taire interna=

tional (FMI) Vous faites partie de la liste des personnes dont les fonds im=

pay=C3=A9s ont =C3=A9t=C3=A9 approuv=C3=A9s par les Nations Unies.

L=

e pr=C3=A9sident et l'organe directeur de l'unit=C3=A9 mon=C3=A9tai=

re des Nations Unies nous ont demand=C3=A9 d'enqu=C3=AAter sur les fond=

s non recouvr=C3=A9s qui =C3=A9taient depuis longtemps =C3=A0 payer dans le=

panier du gouvernement de l'ONU, ce qui a laiss=C3=A9 les propri=C3=A9=

taires perplexes quant au fait que les fraudeurs utilisant le nom des Natio=

ns Unies ont =C3=A9t=C3=A9 tromp=C3=A9s. Au cours de notre enqu=C3=AAte D&#=

39;apr=C3=A8s l'enregistrement des donn=C3=A9es de stockage de notre sy=

st=C3=A8me avec votre adresse e-mail, votre paiement figure parmi une liste=

de 150 destinataires cat=C3=A9goris=C3=A9s comme : Fonds de loterie non li=

vr=C3=A9s / fonds impay=C3=A9s / Transfert incomplet des fonds de successio=

n / contrats.

Nous sommes constern=C3=A9s de constater que votre pai=

ement a =C3=A9t=C3=A9 inutilement retard=C3=A9 par des agents bancaires cor=

rompus dans le but de tromper votre fonds, entra=C3=AEnant de nombreuses pe=

rtes de votre part et des retards inutiles dans la r=C3=A9ception de votre =

paiement. Les Nations Unies et le Fonds mon=C3=A9taire international (FMI) =

ont d=C3=A9cid=C3=A9 de verser l'int=C3=A9gralit=C3=A9 des compensation=

s =C3=A0 150 b=C3=A9n=C3=A9ficiaires d'Am=C3=A9rique du Nord, d'Am=

=C3=A9rique du Sud, des =C3=89tats-Unis, d'Europe et d'Asie,
Si =

ce message arrive =C3=A0 votre bureau, notez que votre adresse e-mail fait =

partie de la liste qui a =C3=A9t=C3=A9 s=C3=A9lectionn=C3=A9e dans le syst=

=C3=A8me de vote des Nations Unies.

Le montant de l'approbation =

est de 2 500 000,00=C2=A0USD (deux millions cinq cent mille dollars am=C3=

=A9ricains).

La totalit=C3=A9 du Fonds a =C3=A9t=C3=A9 d=C3=A9pos=C3=

=A9e aupr=C3=A8s de la BANQUE EUROP=C3=89ENNE D'INVESTISSEMENT. Contact=

ez le gestionnaire Dr Wilson Taylor pour plus de pr=C3=A9cisions sur la fa=

=C3=A7on de recevoir vos fonds sans d=C3=A9lai.

N'oubliez pas qu=

'=C3=A0 la banque, le seul paiement requis est les frais de certificat =

de d=C3=A9charge (FMI), sans frais suppl=C3=A9mentaires.

Contactez l=

'email bancaire ci-dessous =F0=9F=91=87
=C2=A0 (
ropeaninvestmentbank819@gmail.com">europeaninvestmentbank819@gmail.com)=

une fois que vous aurez contact=C3=A9 la banque, la transaction commencera=

imm=C3=A9diatement.

Montants approuv=C3=A9s=C2=A0:=C2=A0(2=C2=A0500=

=C2=A0000,00=C2=A0USD)
Site Internet : ww=

w.imf.org.
Utilisez ce code (R=C3=A9f : CLIENT-601) comme sujet de v=

otre adresse e-mail pour vous identifier

Pour =C3=A9viter de nouveau=

x retards, nous avons demand=C3=A9 votre r=C3=A9ponse urgente =C3=A0 cet e-=

mail conform=C3=A9ment aux instructions.


Salutations
MME KRIS=

TALINA GEORGIEVA, , RESPONSABLE DE L'INFORMATION PUBLIQUE. FONDS MON=C3=

=89TAIRE INTERNATIONAL.




--000000000000fb86b70611f83f4c--

Spanish Language phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 05:10:18 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd7tp-00000000AzG-2rko

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 05:10:01 -0700

Resent-From: The Doctor

Resent-Date: Thu, 22 Feb 2024 05:10:01 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [159.89.118.86] (port=51885 helo=cp.torontotechsupport.ca)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd62Y-000000007Zy-48R9

for doctor@nl2k.ab.ca;

Thu, 22 Feb 2024 03:11:02 -0700

Received: by cp.torontotechsupport.ca (Postfix, from userid 33)

id 451A537D469; Thu, 22 Feb 2024 06:03:50 -0300 (-03)

To: doctor@nl2k.ab.ca

Subject: Estimado(a) Ciudadano(a): doctor@nl2k.ab.ca , le notificamos acerca del proceso laboral. ID 27435

X-PHP-Originating-Script: 33:wp-login.php

From: Justicia del Trabajo

MIME-Version: 1.0

Content-type: text/html; charset=iso-8859-1

X-Mailer: PHP/5.5.9-1ubuntu4.29

Message-Id: <20240222093211.451A537D469@cp.torontotechsupport.ca>

Date: Thu, 22 Feb 2024 06:03:50 -0300 (-03)

X-Spam_score: 9.8

X-Spam_score_int: 98

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: doctor@nl2k.ab.ca - Por medio de la presente, y en cumplimiento

de las disposiciones legales correspondientes, le notificamos acerca del

proceso laboral identificado con los siguientes datos: Numero del proceso:

14962 Clase judicial: solicitud de pago Organo competente: Ministerio de

la Justicia del Trabajo Fecha de actuacion: 21 de Febrero de 2024 Tipo de

distribucion: email



Content analysis details: (9.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.89.118.86 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 HDRS_LCASE_IMGONLY Odd capitalization of message headers + image-only

HTML

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Estimado(a) Ciudadano(a): doctor@nl2k.ab.ca , le notificamos acerca del proceso laboral. ID 27435

X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message

X-Antivirus-Status: Clean















Imagen relacionada

doctor@nl2k.ab.ca

- Por medio de la presente, y en cumplimiento de las disposiciones legales correspondientes,


le notificamos acerca del proceso laboral identificado con los siguientes datos:





  • Numero del proceso: 14962


  • Clase judicial: solicitud de pago


  • Organo competente: Ministerio de la Justicia del Trabajo


  • Fecha de actuacion: 21 de Febrero de 2024


  • Tipo de distribucion: email




Para descargar el proceso en formato PDF, haga clic en el siguiente enlace: Descargar Proceso Laboral



Le solicitamos que tome conocimiento de la presente notificacion en el plazo establecido por la ley.



Quedamos a su disposicion para cualquier consulta o aclaracion adicional que puedan necesitar.



Para confirmar o recebimento deste e-mail, pedimos que responda a esta mensagem mencionando o seu nome.