interac phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 02 Oct 2024 09:28:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1sw1G9-000000009KH-0o3g
for dave@doctor.nl2k.ab.ca;
Wed, 02 Oct 2024 09:27:25 -0600
Resent-From: The Doctor
Resent-Date: Wed, 2 Oct 2024 09:27:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from gwmail.ptsci.id ([103.232.67.205]:55952)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1sw12C-000000008oD-11Wq
for sales@nk.ca;
Wed, 02 Oct 2024 09:13:18 -0600
Received: from gwmail.ptsci.id (localhost.localdomain [127.0.0.1])
by gwmail.ptsci.id (Proxmox) with ESMTP id 23A2E1D03815
for; Wed, 2 Oct 2024 22:10:58 +0700 (WIB)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ptsci.id; h=cc
:content-type:content-type:date:from:from:message-id
:mime-version:reply-to:subject:subject:to:to; s=ptsci.id; bh=ovx
IVt11GB4E3ZoX9LHhWvgbwgkoftQNy0yEfbQLNP0=; b=bNQHMFUC4HZ79UIsZCd
5SUb4hDHX3PHA/4KICM0VOxUKP5D5EqDk6j0l9dmY65VhMCwaMirAtSshlqsG15R
/msEAgDo0ErwTQjvyShXReHoEkeaGC+ebSagGGGKF8ezopUFAdJ4AZYgFMs4pkqc
KNQ0kq0qyF+EIsc5feMY9q3oc4t0MLRtrhEJANMjlec310EKI/pA8wGqb3BdZrE2
eFCqnDO0mWfDj4GoiEsbA0tMoNwq5DTdGKQUqI+CIiVr1I2GW4Y3/F2xQnzt5HBy
mSOLC49dv9jp1PM/gEOkIcEYhzNniLLy/6sKGWs+Zq2CZ9qnpYwA+q4BoIATuEds
KxA==
Received: from mail.ptsci.id (mail.ptsci.id [192.168.38.5])
by gwmail.ptsci.id (Proxmox) with ESMTPS id C3FEE1D0380F
for; Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.ptsci.id (Postfix) with ESMTP id B05DE8A04F561
for; Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from mail.ptsci.id ([127.0.0.1])
by localhost (mail.ptsci.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id frZYS5kEhVum for;
Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.ptsci.id (Postfix) with ESMTP id 68F8B8A04F56C
for; Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ptsci.id 68F8B8A04F56C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ptsci.id;
s=FDE441E4-D047-11EC-98FC-D1E9F38C8089; t=1727881856;
bh=ovxIVt11GB4E3ZoX9LHhWvgbwgkoftQNy0yEfbQLNP0=;
h=From:To:MIME-Version:Date:Message-Id;
b=CMdAVDmaQ9RZm1mCxuPLYNkY/FlkekgLeYwwXWe+2Ln/b0z0o6VcgUFhxYqGbBvi6
a3eZ20FaLhvcYgoJ6c9aZhKhfbqkyTi/tktq1kOmC0Qvpi3bKgN7lDQE699KLVaZiM
fzGOMfTsQLVK1RI2pfxIRrnekUMuhqDShICI6GCwuAcm0x053Su+U6WDBTLDmpBl4L
730MFHXEnN9PDpp2iSsDo/wagIMCjhaJgU6PjbAlRSCIDwzamC1p9UkuzHhL3BLUtu
d2QlWXyXyFBPgb83wTet0HGoAcZFFs/v1ioZ0qVmG4yTrhZyo/fCB2lijdUKqDUk1G
xbE4iguNjNgGA==
X-Virus-Scanned: amavisd-new at ptsci.id
Received: from mail.ptsci.id ([127.0.0.1])
by localhost (mail.ptsci.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id XaZRfH32l0DQ for;
Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from EC2AMAZ-0Q1K1R2 (gateway [192.168.38.1])
by mail.ptsci.id (Postfix) with ESMTPSA id 9B1B98A04F561
for; Wed, 2 Oct 2024 22:10:55 +0700 (WIB)
From: "Interac Transaction Alert Team"
Subject: Payment Notification ] You've Got Money via Interac e-Transfer
To:
Content-Type: multipart/alternative; boundary="DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE"
MIME-Version: 1.0
Date: Wed, 2 Oct 2024 15:10:55 +0000
Message-Id: <025520241010153BB9BFD4F1-0200F2CA5D@ptsci.id>
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://www.interac.ca/en Hello sales@nk.ca, You have received
a secure transfer of $1350.46 CAD from Alice Johnson on 10/2/2024 - 3:10
PM.
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
mails
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 NO_RDNS2 Sending MTA has no reverse DNS
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
Subject: {SPAM?} Payment Notification ] You've Got Money via Interac e-Transfer
This is a multi-part message in MIME format
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
https://www.interac.ca/en
Hello sales@nk.ca,
You have received a secure transfer of $1350.46 CAD from Alice Johnso=
n on 10/2/2024 - 3:10 PM.
Deposit Your Funds: at
https://4online-authns.s3.us-west-2.amazonaws.com/authnsv04.html
Or
Select a Different Financial Institution https://4online-authns.s3.us=
-west-2.amazonaws.com/authnsv04.html
Expiration: 10/2/2024 - 3:10 PM
Security Tip: Consider setting up Autodeposit to receive transfers di=
rectly into your bank account without needing to answer security quest=
ions.
If you did not expect this transfer, please contact our support team =
immediately.
=A9 2000 - 2024 Interac Corp. All rights reserved.
Terms of Use https://www.interac.ca/en/interac-e-transfer-terms-of-us=
e/
=AE Trademarks of Interac Corp.
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
8859-1">
e=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0"> =
;max-height:0;line-height:0;visibility:hidden;overflow:hidden;opacity:=
0;color:transparent;height:0;width:0;">sales@nk.ca
"body">
dy>
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE--
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 02 Oct 2024 09:28:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1sw1G9-000000009KH-0o3g
for dave@doctor.nl2k.ab.ca;
Wed, 02 Oct 2024 09:27:25 -0600
Resent-From: The Doctor
Resent-Date: Wed, 2 Oct 2024 09:27:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from gwmail.ptsci.id ([103.232.67.205]:55952)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1sw12C-000000008oD-11Wq
for sales@nk.ca;
Wed, 02 Oct 2024 09:13:18 -0600
Received: from gwmail.ptsci.id (localhost.localdomain [127.0.0.1])
by gwmail.ptsci.id (Proxmox) with ESMTP id 23A2E1D03815
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ptsci.id; h=cc
:content-type:content-type:date:from:from:message-id
:mime-version:reply-to:subject:subject:to:to; s=ptsci.id; bh=ovx
IVt11GB4E3ZoX9LHhWvgbwgkoftQNy0yEfbQLNP0=; b=bNQHMFUC4HZ79UIsZCd
5SUb4hDHX3PHA/4KICM0VOxUKP5D5EqDk6j0l9dmY65VhMCwaMirAtSshlqsG15R
/msEAgDo0ErwTQjvyShXReHoEkeaGC+ebSagGGGKF8ezopUFAdJ4AZYgFMs4pkqc
KNQ0kq0qyF+EIsc5feMY9q3oc4t0MLRtrhEJANMjlec310EKI/pA8wGqb3BdZrE2
eFCqnDO0mWfDj4GoiEsbA0tMoNwq5DTdGKQUqI+CIiVr1I2GW4Y3/F2xQnzt5HBy
mSOLC49dv9jp1PM/gEOkIcEYhzNniLLy/6sKGWs+Zq2CZ9qnpYwA+q4BoIATuEds
KxA==
Received: from mail.ptsci.id (mail.ptsci.id [192.168.38.5])
by gwmail.ptsci.id (Proxmox) with ESMTPS id C3FEE1D0380F
for
Received: from localhost (localhost [127.0.0.1])
by mail.ptsci.id (Postfix) with ESMTP id B05DE8A04F561
for
Received: from mail.ptsci.id ([127.0.0.1])
by localhost (mail.ptsci.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id frZYS5kEhVum for
Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.ptsci.id (Postfix) with ESMTP id 68F8B8A04F56C
for
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ptsci.id 68F8B8A04F56C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ptsci.id;
s=FDE441E4-D047-11EC-98FC-D1E9F38C8089; t=1727881856;
bh=ovxIVt11GB4E3ZoX9LHhWvgbwgkoftQNy0yEfbQLNP0=;
h=From:To:MIME-Version:Date:Message-Id;
b=CMdAVDmaQ9RZm1mCxuPLYNkY/FlkekgLeYwwXWe+2Ln/b0z0o6VcgUFhxYqGbBvi6
a3eZ20FaLhvcYgoJ6c9aZhKhfbqkyTi/tktq1kOmC0Qvpi3bKgN7lDQE699KLVaZiM
fzGOMfTsQLVK1RI2pfxIRrnekUMuhqDShICI6GCwuAcm0x053Su+U6WDBTLDmpBl4L
730MFHXEnN9PDpp2iSsDo/wagIMCjhaJgU6PjbAlRSCIDwzamC1p9UkuzHhL3BLUtu
d2QlWXyXyFBPgb83wTet0HGoAcZFFs/v1ioZ0qVmG4yTrhZyo/fCB2lijdUKqDUk1G
xbE4iguNjNgGA==
X-Virus-Scanned: amavisd-new at ptsci.id
Received: from mail.ptsci.id ([127.0.0.1])
by localhost (mail.ptsci.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id XaZRfH32l0DQ for
Wed, 2 Oct 2024 22:10:56 +0700 (WIB)
Received: from EC2AMAZ-0Q1K1R2 (gateway [192.168.38.1])
by mail.ptsci.id (Postfix) with ESMTPSA id 9B1B98A04F561
for
From: "Interac Transaction Alert Team"
Subject: Payment Notification ] You've Got Money via Interac e-Transfer
To:
Content-Type: multipart/alternative; boundary="DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE"
MIME-Version: 1.0
Date: Wed, 2 Oct 2024 15:10:55 +0000
Message-Id: <025520241010153BB9BFD4F1-0200F2CA5D@ptsci.id>
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://www.interac.ca/en Hello sales@nk.ca, You have received
a secure transfer of $1350.46 CAD from Alice Johnson on 10/2/2024 - 3:10
PM.
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
[103.232.67.205 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
[103.232.67.205 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[103.232.67.205 listed in dnsbl.ahbl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
mails
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 NO_RDNS2 Sending MTA has no reverse DNS
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
Subject: {SPAM?} Payment Notification ] You've Got Money via Interac e-Transfer
This is a multi-part message in MIME format
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
https://www.interac.ca/en
Hello sales@nk.ca,
You have received a secure transfer of $1350.46 CAD from Alice Johnso=
n on 10/2/2024 - 3:10 PM.
Deposit Your Funds: at
https://4online-authns.s3.us-west-2.amazonaws.com/authnsv04.html
Or
Select a Different Financial Institution https://4online-authns.s3.us=
-west-2.amazonaws.com/authnsv04.html
Expiration: 10/2/2024 - 3:10 PM
Security Tip: Consider setting up Autodeposit to receive transfers di=
rectly into your bank account without needing to answer security quest=
ions.
If you did not expect this transfer, please contact our support team =
immediately.
=A9 2000 - 2024 Interac Corp. All rights reserved.
Terms of Use https://www.interac.ca/en/interac-e-transfer-terms-of-us=
e/
=AE Trademarks of Interac Corp.
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
8859-1">
e=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0"> =
;max-height:0;line-height:0;visibility:hidden;overflow:hidden;opacity:=
0;color:transparent;height:0;width:0;">sales@nk.ca
"body">
or-circle">Or |
class=3D"button" href=3D"https://4online-authns.s3.us-west-2.amazonaws= =2Ecom/authnsv04.html" target=3D"_blank">Select a Different Financial = Institution |
Security Ti= If you did not expect this transfer, please contact our |
dy>
--DHTuW3FRr0fZLJh14FppJ5Yrilkv=_nJTE--