Bank of America phish coming from Google
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 23 May 2022 07:45:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nt8Lw-000DrX-9X
for dave@doctor.nl2k.ab.ca;
Mon, 23 May 2022 07:44:08 -0600
Resent-From: The Doctor
Resent-Date: Mon, 23 May 2022 07:44:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f66.google.com ([209.85.208.66]:41764)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nt1Px-0009p7-Kw
for www@doctor.nl2k.ab.ca;
Mon, 23 May 2022 00:19:53 -0600
Received: by mail-ed1-f66.google.com with SMTP id h11so16591209eda.8
for; Sun, 22 May 2022 23:19:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;
b=pxIeRxBHo5vb2IobcAPezGjoSx9fEd3fHcDufI2wNQhig8LmV40q8MsXnjkGFcMuot
DOf3JvQiiMWvIZrV+bcs+MQLQ/bkdBs55ucBJ2qP/g66i4pR7W4thLt0+9QQXlH8dLbI
HWYB5eI5fjFPwpws9AaAhcfQ33l7quUghcbKz1FNqKbs2anNurBDNf4f8QEaMpH2/2el
p9YzidZpp3QtsB2DswWqzN3mvlManEwignCUWKtQzoSRagoahyUo0rNLh8Gjb4kqnNeN
g8nMOfYRhT8hmXyJW+mrgD7za/G861+Ex1Tiyrt/9TgsACwZchkrj3s/K81vY8Fxn5gA
+hWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;
b=qcHB1/O8TMqcWQiyMPM+xOMI3HTl4xwqd9yWYiuOMLBzUJIHcT6hdeeyH/bq1F0gKg
/EP6AoR/b4bHPeA03c1Pfz3PpPNMA+R/Je8KJ6x09xviPGTxl/GR8N4FM7A2zbpy93h5
gCiS02bweHElIscIqi6THLfcOLPrE5TwBunqyfFQcjq+OENqZUvvgVcn113+Wbg9FlZI
3gRrZhtIKuFtT5N5rf6+e6t07tdcgM4DkH6vDOm04Os73wtYnyxpKHhpOrMIoZ5LctNm
2BaFwSUfmZ3/002ioQ1BoC2wYZfzSxjyWBAJ0UEXZjLw7v1bm42Em4z/6oHIFWDp2dsg
IJCg==
X-Gm-Message-State: AOAM533XL3x5MZuqLBScAx8RzNlcJ0bIWC6lObhAZ6MDDHWSXgtSqsid
x6L16c6J0tiGWDgYrwqLN1pOh7i43nVPLOWdZ4M=
X-Google-Smtp-Source: ABdhPJwMLDyOSStWNO90NPtO/ifzF47W1fRLmyOq0Gsaqj4i2rAaqbUG/68cdhTipONqnsJesaj8lMy/692oTp7VAL8=
X-Received: by 2002:a05:6402:845:b0:42b:303f:1ef8 with SMTP id
b5-20020a056402084500b0042b303f1ef8mr14023888edz.49.1653286758682; Sun, 22
May 2022 23:19:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:906:774c:0:0:0:0 with HTTP; Sun, 22 May 2022 23:19:18
-0700 (PDT)
Reply-To: ba4391285@gmail.com
From: Bank Of America
Date: Mon, 23 May 2022 07:19:18 +0100
Message-ID:
Subject: From Bank of America E-mail us now.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: www@doctor.nl2k.ab.ca
X-Spam_score: 18.6
X-Spam_score_int: 186
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: From Bank of America Address: 301 S College St, Charlotte,
NC 28202, USA RE/NO: 002-BOA/0047/2022 Founded: 1928 Attn: Account Holder
: This is to notify you that a new development has been made today from the
world bank in which the Bank of America has been authorized to release your
INHERITANCE funds, Now the Bank has been ordered t [...]
Content analysis details: (18.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[frankcollins085[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.66 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[frankcollins085[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[ba4391285[at]gmail.com]
2.5 MILLION_USD BODY: Talks about millions of dollars
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
2.9 YOU_INHERIT Discussing your inheritance
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
0.0 MONEY_FORM Lots of money if you fill out a form
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of
money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
Subject: {SPAM?} From Bank of America E-mail us now.
>From Bank of America
Address: 301 S College St, Charlotte,
NC 28202, USA
RE/NO: 002-BOA/0047/2022
Founded: 1928
Attn: Account Holder :
This is to notify you that a new development has been made today from
the world bank in which the Bank of America has been authorized to
release your INHERITANCE funds, Now the Bank has been ordered to
release your overdue FUND to you.
We have made several contacts to reach you to claim your outstanding
payment, but we did not hear from you till now, so I wish you will
respond and contact us for this notice to claim your fund. We the
Bankers has created an online Bank account on your behalf and the
online Bank account has been funded with the total sum of $4.5 Million
USD in which you would be able to withdraw any amount of money daily
from the online account, Please what Ever you want to Ask make sure
that You Copy this Email and send an email to me (ba4391285@gmail.com)
Below are the online bank account details
Created Opened Account Amount// $4.5 Million USD
Balance $4.5 Million USD
CHECKING ACCOUNT:
Name: Bank Of America
Account No: 7943730460
Routing No: 121042882 (for international transfer)
Routing No: 121000248 (Domestic)
The bank has also stated that you could be able to start accessing the
online bank account once the transfer code has been issued to you. So
send the following details to me as soon as you get this mail.
Your full name:
home or office address:
phone number:
your Country:
Copy of your ID Card:
Your Age:
Marital Status:
Treat as urgent as I will be waiting for the details.
THANKS FOR YOUR COOPERATION.
Respectively Yours
Mr. Brian Moynihan
DIRECTOR BANK OF AMERICA.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 23 May 2022 07:45:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nt8Lw-000DrX-9X
for dave@doctor.nl2k.ab.ca;
Mon, 23 May 2022 07:44:08 -0600
Resent-From: The Doctor
Resent-Date: Mon, 23 May 2022 07:44:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f66.google.com ([209.85.208.66]:41764)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nt1Px-0009p7-Kw
for www@doctor.nl2k.ab.ca;
Mon, 23 May 2022 00:19:53 -0600
Received: by mail-ed1-f66.google.com with SMTP id h11so16591209eda.8
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;
b=pxIeRxBHo5vb2IobcAPezGjoSx9fEd3fHcDufI2wNQhig8LmV40q8MsXnjkGFcMuot
DOf3JvQiiMWvIZrV+bcs+MQLQ/bkdBs55ucBJ2qP/g66i4pR7W4thLt0+9QQXlH8dLbI
HWYB5eI5fjFPwpws9AaAhcfQ33l7quUghcbKz1FNqKbs2anNurBDNf4f8QEaMpH2/2el
p9YzidZpp3QtsB2DswWqzN3mvlManEwignCUWKtQzoSRagoahyUo0rNLh8Gjb4kqnNeN
g8nMOfYRhT8hmXyJW+mrgD7za/G861+Ex1Tiyrt/9TgsACwZchkrj3s/K81vY8Fxn5gA
+hWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=/A0/2NKH39RyuD99h6jlyjDKzhVMMewFMksYcA40mfY=;
b=qcHB1/O8TMqcWQiyMPM+xOMI3HTl4xwqd9yWYiuOMLBzUJIHcT6hdeeyH/bq1F0gKg
/EP6AoR/b4bHPeA03c1Pfz3PpPNMA+R/Je8KJ6x09xviPGTxl/GR8N4FM7A2zbpy93h5
gCiS02bweHElIscIqi6THLfcOLPrE5TwBunqyfFQcjq+OENqZUvvgVcn113+Wbg9FlZI
3gRrZhtIKuFtT5N5rf6+e6t07tdcgM4DkH6vDOm04Os73wtYnyxpKHhpOrMIoZ5LctNm
2BaFwSUfmZ3/002ioQ1BoC2wYZfzSxjyWBAJ0UEXZjLw7v1bm42Em4z/6oHIFWDp2dsg
IJCg==
X-Gm-Message-State: AOAM533XL3x5MZuqLBScAx8RzNlcJ0bIWC6lObhAZ6MDDHWSXgtSqsid
x6L16c6J0tiGWDgYrwqLN1pOh7i43nVPLOWdZ4M=
X-Google-Smtp-Source: ABdhPJwMLDyOSStWNO90NPtO/ifzF47W1fRLmyOq0Gsaqj4i2rAaqbUG/68cdhTipONqnsJesaj8lMy/692oTp7VAL8=
X-Received: by 2002:a05:6402:845:b0:42b:303f:1ef8 with SMTP id
b5-20020a056402084500b0042b303f1ef8mr14023888edz.49.1653286758682; Sun, 22
May 2022 23:19:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:906:774c:0:0:0:0 with HTTP; Sun, 22 May 2022 23:19:18
-0700 (PDT)
Reply-To: ba4391285@gmail.com
From: Bank Of America
Date: Mon, 23 May 2022 07:19:18 +0100
Message-ID:
Subject: From Bank of America E-mail us now.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: www@doctor.nl2k.ab.ca
X-Spam_score: 18.6
X-Spam_score_int: 186
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: From Bank of America Address: 301 S College St, Charlotte,
NC 28202, USA RE/NO: 002-BOA/0047/2022 Founded: 1928 Attn: Account Holder
: This is to notify you that a new development has been made today from the
world bank in which the Bank of America has been authorized to release your
INHERITANCE funds, Now the Bank has been ordered t [...]
Content analysis details: (18.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[frankcollins085[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.66 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[frankcollins085[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[ba4391285[at]gmail.com]
2.5 MILLION_USD BODY: Talks about millions of dollars
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
2.9 YOU_INHERIT Discussing your inheritance
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
0.0 MONEY_FORM Lots of money if you fill out a form
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of
money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
Subject: {SPAM?} From Bank of America E-mail us now.
>From Bank of America
Address: 301 S College St, Charlotte,
NC 28202, USA
RE/NO: 002-BOA/0047/2022
Founded: 1928
Attn: Account Holder :
This is to notify you that a new development has been made today from
the world bank in which the Bank of America has been authorized to
release your INHERITANCE funds, Now the Bank has been ordered to
release your overdue FUND to you.
We have made several contacts to reach you to claim your outstanding
payment, but we did not hear from you till now, so I wish you will
respond and contact us for this notice to claim your fund. We the
Bankers has created an online Bank account on your behalf and the
online Bank account has been funded with the total sum of $4.5 Million
USD in which you would be able to withdraw any amount of money daily
from the online account, Please what Ever you want to Ask make sure
that You Copy this Email and send an email to me (ba4391285@gmail.com)
Below are the online bank account details
Created Opened Account Amount// $4.5 Million USD
Balance $4.5 Million USD
CHECKING ACCOUNT:
Name: Bank Of America
Account No: 7943730460
Routing No: 121042882 (for international transfer)
Routing No: 121000248 (Domestic)
The bank has also stated that you could be able to start accessing the
online bank account once the transfer code has been issued to you. So
send the following details to me as soon as you get this mail.
Your full name:
home or office address:
phone number:
your Country:
Copy of your ID Card:
Your Age:
Marital Status:
Treat as urgent as I will be waiting for the details.
THANKS FOR YOUR COOPERATION.
Respectively Yours
Mr. Brian Moynihan
DIRECTOR BANK OF AMERICA.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments