Urgency phish from Google
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 19 May 2022 15:00:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nrnFP-0009Xm-A0
for dave@doctor.nl2k.ab.ca;
Thu, 19 May 2022 14:59:51 -0600
Resent-From: The Doctor
Resent-Date: Thu, 19 May 2022 14:59:51 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f54.google.com ([209.85.160.54]:42371)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nreks-0007te-Ag
for doctor@nl2k.ab.ca;
Thu, 19 May 2022 05:55:50 -0600
Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-edf3b6b0f2so6428985fac.9
for; Thu, 19 May 2022 04:55:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=M3+NGpwZtmKSZ/DtW0BBRCwIZe9cDI8Ne+yd1C5Nsb0=;
b=TEfB4VyvFYlpTgM9AMR7ZPCZ3lhL4HKx7QM29NnoJB7mAwLzKPYFD7JoKu2jEi9Xsr
JWTYWSPkwbCGCImx5Sb0qsD3pAexpAnV9cd8uYHJcLYne1qM3raTRA9uMrLbrLG4uS1H
pe3MgJEAxuuwkjqmZ9fy1hW3KO3bFj+lMgi1i7zf/6m2+9y89fA/qAebB0IxU8cq6dJN
DObEGHhJUnLVVUu3NbxvTlR8UCqvUDMeRNhQsm6o0kbgZtUvt6gOaCG74u7TnSLJBepq
V1Rec+/LR1/T9tmrkRySclHkE5FXbuL02ryQ1DC3qrqjRgDBrqybVpOJXwRJVq5KJijg
sqrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=M3+NGpwZtmKSZ/DtW0BBRCwIZe9cDI8Ne+yd1C5Nsb0=;
b=HteBUJmaPr7xLXxmOQAMNN3lMlTPDbfCeEDBIAaMl2zEwwKGucwu04pL7q5xTiinUD
BkABWOMVKODmMwaSbUlGJX5ow+70jpAnsg0KTkXzZIg3+GeKnf/vcaOLjSbTwijAfeZG
5uXkDgViq7i6QFsuK+QZtVAV5qXLMLsGG34slftCij4rMeJpf7LHFiiRMN4Ln5IbF4ZH
97WiViXGaZazQ7aTJD+WTROZi7urPFpYbY6yr3azCus6wIkXMCmvlvRD99cYxpTTGKTY
ON6e2IlNsrMJrCAddnj9+k8j2veKlE8ijLr7viJVD87pw+h2jHCLLMioXVWxY0J2nVq6
VJSw==
X-Gm-Message-State: AOAM530QN4e85TNP9eouBuRo9XtOk/SHiLhbEW38PXVqejC4u1IVRZIA
9+gtUN0umvp5b2CSS3D1BNe/LC+b3M10pseT2QHbnPd3iQaulvMK
X-Google-Smtp-Source: ABdhPJzp5ea1rrbaIsiD3H6i5mO9xYZVFQPrqtNvJkzJj0Rr89b3ErMJGC/3dRyHCMFCZs+AQefdueed2LvmV2yd964=
X-Received: by 2002:a05:6808:11c3:b0:2f9:62e0:ebe with SMTP id
p3-20020a05680811c300b002f962e00ebemr2300024oiv.22.1652960980977; Thu, 19 May
2022 04:49:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:7dc3:0:0:0:0:0 with HTTP; Thu, 19 May 2022 04:49:40
-0700 (PDT)
Reply-To: baileym53@yahoo.com
From: Moor
Date: Thu, 19 May 2022 04:49:40 -0700
Message-ID:
Subject: New development
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@nl2k.ab.ca
X-Spam_score: 15.8
X-Spam_score_int: 158
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION : , This is to inform you that you are now going
to receive your fund in their affiliate office in France payment center or,
any other of their affiliate office. hence presently, i have gotten an a
sponso [...]
Content analysis details: (15.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[helmssusan712[at]gmail.com]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.54 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[helmssusan712[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[baileym53[at]yahoo.com]
1.1 HK_SCAM_N3 BODY: No description available.
2.5 MILLION_USD BODY: Talks about millions of dollars
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 HK_SCAM No description available.
1.2 UPPERCASE_75_100 message body is 75-100% uppercase
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 XFER_LOTSA_MONEY Transfer a lot of money
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
Subject: {SPAM?} New development
ATTENTION : ,
This is to inform you that you are now going to receive your fund in
their affiliate office in France payment center or, any other of their
affiliate office. hence presently, i have gotten an a sponsor from
France who is willing to carter for the expenses on your behalf since
you are unable. note, the sponsor will be taking 10% out of the total
sum $40 million USD after your fund must have transferred into your
account.
The conditions mentioned in the payment arrangement are short listed below.
1. YOU WILL HAVE TO TRAVEL TO FRENCH GUIANA FIRST TO MEET WITH THE
SPONSOR FOR THE SIGNING OF YOUR SECURE PAYMENT DOCUMENT AND PRESENT TO
FRANCE PAYMENT CENTER WITH THE GIFT WHERE YOU WILL RECEIVE YOUR FUND
AS THE BENEFICIARY AS SOON AS YOU ARRIVE IN FRANCE OR ANY OTHER OF
THEIR AFFILIATE OFFICE.
2. NO MORE UPFRONT PAYMENT REQUIRED FROM YOU AS THE BENEFICIARY.
3.YOUR FLIGHT TICKETS WILL BE CATERED BY THE SPONSOR.
4. YOUR HOTEL RESERVATION / ACCOMMODATION WILL BE PROVIDED BY THE SPONSOR.
5. YOUR JOURNEY /TRIP TO FRANCE YOUR PAYMENT CENTER WILL NOT TAKE MORE
THAN SIX DAYS TO FINALIZE YOUR PAYMENT.
6. YOUR DUTY IS TO PROVIDE YOUR VALID PASSPORT AND READINESS TO FLY TO
THE PAYING CENTER AT NO EXPENSES FROM YOU AS YOU NEED NO VISA. NOTE,
YOU ARE TRAVELING TO FRENCH GUIANA FIRST TO MEET WITH THE SPONSOR FOR
THE DOCUMENT AND THEN PROCEED TO THEIR AFFILIATE OFFICE IN FRANCE
THEIR PAYMENT CENTER TO MEET WITH THE OFFICIALS FOR THE FINAL RELEASE
OF YOUR FUND.
BE MINDFUL, YOU ARE ALSO TRAVELING TO THE PAYMENT CENTER FRANCE TO
PRESENT ALL YOUR FUNDS SECURE PAYMENT DOCUMENTS THAT BACK UP YOUR
CLAIM AS THE BENEFICIARY. AS SOON AS YOU SIGN ALL THE NECESSARY
DOCUMENTS THAT BACK UP YOUR CLAIM, THE OFFICIALS WILL THEN NOW HAVE
THE FULL OFFICIAL RIGHT TO RELEASE YOUR FUND TO YOU AS THE BENEFICIARY
WITHOUT ANY FURTHER DELAY.
7. SEND YOUR CURRENT AND DIRECT TELEPHONE NUMBER AND YOUR CONTACT ADDRESS.
8. SEND YOUR INTERNATIONAL PASSPORT.
THEREFORE, UPON THE RECEIPT OF YOUR DETAILS, THE INVESTOR WILL SEND
YOUR FLIGHT TICKET TO YOU WITHOUT DELAY. CONGRATULATIONS.
I WILL COME OVER THERE IN YOUR COUNTRY TO MEET WITH YOU FOR MY OWN
PERCENTAGE AS WE HAVE AGREED AFTER YOUR FUND MUST HAVE TRANSFERRED
INTO YOUR ACCOUNT.
THANKS FOR YOUR UNDERSTANDING
BARR. I.M.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 19 May 2022 15:00:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nrnFP-0009Xm-A0
for dave@doctor.nl2k.ab.ca;
Thu, 19 May 2022 14:59:51 -0600
Resent-From: The Doctor
Resent-Date: Thu, 19 May 2022 14:59:51 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f54.google.com ([209.85.160.54]:42371)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nreks-0007te-Ag
for doctor@nl2k.ab.ca;
Thu, 19 May 2022 05:55:50 -0600
Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-edf3b6b0f2so6428985fac.9
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=M3+NGpwZtmKSZ/DtW0BBRCwIZe9cDI8Ne+yd1C5Nsb0=;
b=TEfB4VyvFYlpTgM9AMR7ZPCZ3lhL4HKx7QM29NnoJB7mAwLzKPYFD7JoKu2jEi9Xsr
JWTYWSPkwbCGCImx5Sb0qsD3pAexpAnV9cd8uYHJcLYne1qM3raTRA9uMrLbrLG4uS1H
pe3MgJEAxuuwkjqmZ9fy1hW3KO3bFj+lMgi1i7zf/6m2+9y89fA/qAebB0IxU8cq6dJN
DObEGHhJUnLVVUu3NbxvTlR8UCqvUDMeRNhQsm6o0kbgZtUvt6gOaCG74u7TnSLJBepq
V1Rec+/LR1/T9tmrkRySclHkE5FXbuL02ryQ1DC3qrqjRgDBrqybVpOJXwRJVq5KJijg
sqrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=M3+NGpwZtmKSZ/DtW0BBRCwIZe9cDI8Ne+yd1C5Nsb0=;
b=HteBUJmaPr7xLXxmOQAMNN3lMlTPDbfCeEDBIAaMl2zEwwKGucwu04pL7q5xTiinUD
BkABWOMVKODmMwaSbUlGJX5ow+70jpAnsg0KTkXzZIg3+GeKnf/vcaOLjSbTwijAfeZG
5uXkDgViq7i6QFsuK+QZtVAV5qXLMLsGG34slftCij4rMeJpf7LHFiiRMN4Ln5IbF4ZH
97WiViXGaZazQ7aTJD+WTROZi7urPFpYbY6yr3azCus6wIkXMCmvlvRD99cYxpTTGKTY
ON6e2IlNsrMJrCAddnj9+k8j2veKlE8ijLr7viJVD87pw+h2jHCLLMioXVWxY0J2nVq6
VJSw==
X-Gm-Message-State: AOAM530QN4e85TNP9eouBuRo9XtOk/SHiLhbEW38PXVqejC4u1IVRZIA
9+gtUN0umvp5b2CSS3D1BNe/LC+b3M10pseT2QHbnPd3iQaulvMK
X-Google-Smtp-Source: ABdhPJzp5ea1rrbaIsiD3H6i5mO9xYZVFQPrqtNvJkzJj0Rr89b3ErMJGC/3dRyHCMFCZs+AQefdueed2LvmV2yd964=
X-Received: by 2002:a05:6808:11c3:b0:2f9:62e0:ebe with SMTP id
p3-20020a05680811c300b002f962e00ebemr2300024oiv.22.1652960980977; Thu, 19 May
2022 04:49:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:7dc3:0:0:0:0:0 with HTTP; Thu, 19 May 2022 04:49:40
-0700 (PDT)
Reply-To: baileym53@yahoo.com
From: Moor
Date: Thu, 19 May 2022 04:49:40 -0700
Message-ID:
Subject: New development
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@nl2k.ab.ca
X-Spam_score: 15.8
X-Spam_score_int: 158
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION : , This is to inform you that you are now going
to receive your fund in their affiliate office in France payment center or,
any other of their affiliate office. hence presently, i have gotten an a
sponso [...]
Content analysis details: (15.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[helmssusan712[at]gmail.com]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.54 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[helmssusan712[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[baileym53[at]yahoo.com]
1.1 HK_SCAM_N3 BODY: No description available.
2.5 MILLION_USD BODY: Talks about millions of dollars
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 HK_SCAM No description available.
1.2 UPPERCASE_75_100 message body is 75-100% uppercase
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 XFER_LOTSA_MONEY Transfer a lot of money
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
Subject: {SPAM?} New development
ATTENTION : ,
This is to inform you that you are now going to receive your fund in
their affiliate office in France payment center or, any other of their
affiliate office. hence presently, i have gotten an a sponsor from
France who is willing to carter for the expenses on your behalf since
you are unable. note, the sponsor will be taking 10% out of the total
sum $40 million USD after your fund must have transferred into your
account.
The conditions mentioned in the payment arrangement are short listed below.
1. YOU WILL HAVE TO TRAVEL TO FRENCH GUIANA FIRST TO MEET WITH THE
SPONSOR FOR THE SIGNING OF YOUR SECURE PAYMENT DOCUMENT AND PRESENT TO
FRANCE PAYMENT CENTER WITH THE GIFT WHERE YOU WILL RECEIVE YOUR FUND
AS THE BENEFICIARY AS SOON AS YOU ARRIVE IN FRANCE OR ANY OTHER OF
THEIR AFFILIATE OFFICE.
2. NO MORE UPFRONT PAYMENT REQUIRED FROM YOU AS THE BENEFICIARY.
3.YOUR FLIGHT TICKETS WILL BE CATERED BY THE SPONSOR.
4. YOUR HOTEL RESERVATION / ACCOMMODATION WILL BE PROVIDED BY THE SPONSOR.
5. YOUR JOURNEY /TRIP TO FRANCE YOUR PAYMENT CENTER WILL NOT TAKE MORE
THAN SIX DAYS TO FINALIZE YOUR PAYMENT.
6. YOUR DUTY IS TO PROVIDE YOUR VALID PASSPORT AND READINESS TO FLY TO
THE PAYING CENTER AT NO EXPENSES FROM YOU AS YOU NEED NO VISA. NOTE,
YOU ARE TRAVELING TO FRENCH GUIANA FIRST TO MEET WITH THE SPONSOR FOR
THE DOCUMENT AND THEN PROCEED TO THEIR AFFILIATE OFFICE IN FRANCE
THEIR PAYMENT CENTER TO MEET WITH THE OFFICIALS FOR THE FINAL RELEASE
OF YOUR FUND.
BE MINDFUL, YOU ARE ALSO TRAVELING TO THE PAYMENT CENTER FRANCE TO
PRESENT ALL YOUR FUNDS SECURE PAYMENT DOCUMENTS THAT BACK UP YOUR
CLAIM AS THE BENEFICIARY. AS SOON AS YOU SIGN ALL THE NECESSARY
DOCUMENTS THAT BACK UP YOUR CLAIM, THE OFFICIALS WILL THEN NOW HAVE
THE FULL OFFICIAL RIGHT TO RELEASE YOUR FUND TO YOU AS THE BENEFICIARY
WITHOUT ANY FURTHER DELAY.
7. SEND YOUR CURRENT AND DIRECT TELEPHONE NUMBER AND YOUR CONTACT ADDRESS.
8. SEND YOUR INTERNATIONAL PASSPORT.
THEREFORE, UPON THE RECEIPT OF YOUR DETAILS, THE INVESTOR WILL SEND
YOUR FLIGHT TICKET TO YOU WITHOUT DELAY. CONGRATULATIONS.
I WILL COME OVER THERE IN YOUR COUNTRY TO MEET WITH YOU FOR MY OWN
PERCENTAGE AS WE HAVE AGREED AFTER YOUR FUND MUST HAVE TRANSFERRED
INTO YOUR ACCOUNT.
THANKS FOR YOUR UNDERSTANDING
BARR. I.M.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments