Indian phish on TSB
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 10 May 2022 17:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1noZEB-000PPj-Hd
for dave@doctor.nl2k.ab.ca;
Tue, 10 May 2022 17:25:15 -0600
Resent-From: The Doctor
Resent-Date: Tue, 10 May 2022 17:25:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [103.145.51.239] (port=41166 helo=vps.visionplusindia.in)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1noR83-000Cet-2S
for doctor@doctor.nl2k.ab.ca;
Tue, 10 May 2022 08:46:30 -0600
Received: by vps.visionplusindia.in (Postfix, from userid 48)
id DFC803014696; Tue, 10 May 2022 20:05:45 +0530 (IST)
To: doctor@doctor.nl2k.ab.ca
Subject: Something went wrong
X-PHP-Originating-Script: 48:wp-cmsgloballlc.php
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
From: TSB
Message-Id: <20220510143545.DFC803014696@vps.visionplusindia.in>
Date: Tue, 10 May 2022 20:05:45 +0530 (IST)
X-Spam_score: 14.0
X-Spam_score_int: 140
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Valued Customer, For your security, TSB has safeguard
your account when there is a possibility that someone other than you, attempted
to log in to your account from an unidentified device. At the moment. you
can't log in to Internet Banking or our mobile banking app, as we need to
verify few things on your account, to verify your identity kindly follow
the reference below and re-activat [...]
Content analysis details: (14.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[103.145.51.239 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
1.0 ACCT_PHISHING Possible phishing for account information
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
3.0 URI_WP_HACKED URI for compromised WordPress site, possible
malware
0.9 URI_PHISH Phishing using web form
Subject: {SPAM?} Something went wrong
|
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments