Gmail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 23 May 2022 14:15:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1ntERr-00090c-AY
for dave@doctor.nl2k.ab.ca;
Mon, 23 May 2022 14:14:39 -0600
Resent-From: The Doctor
Resent-Date: Mon, 23 May 2022 14:14:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f41.google.com ([209.85.167.41]:39641)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nt9Sl-00056J-Vi
for doctor@doctor.nl2k.ab.ca;
Mon, 23 May 2022 08:55:19 -0600
Received: by mail-lf1-f41.google.com with SMTP id y32so26020091lfa.6
for; Mon, 23 May 2022 07:54:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;
b=aUWYha+vSZwnWREnhyabjvAPViyTbcuxcLgfeWKt+NdH14je4XwyakDo6r/JzIYtXU
xB/jqkxwngtkEv3WR47sQ26rMP0pFvGb0pruo7m0t4gc5sjL9xvtuuQOVUzJtGMmyfzd
1eRRaKyJmHqQuzrAMfcoFh0K9OmsgMKSj3Sp2iX2nfg6mRYqcp5ENL1itRPPT/9r+Wm6
pdWaKTj5UYqfCCBiXZ1YxGWwCqt7gV2Cuv5U37ObQejvSYhjjaOJlWUUFHac92wYdikg
4vdT3ozH+qIYmsu1TtQ6YcnVINjyVVovLSTi5fqujAIoYwtKq8qrcxQWHpd9WERbtM+D
jb1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;
b=BYkZ+F3OOYgydymsUujw4V+4uHPHxcc/DJ9bk6sAC93mcyShmy2FqkMWVEgS5E6yg7
/ZyFFrzqJHx+vN4oExQYJ0pRP2HhVuy6wIIAKuAMcLt7SsnKN88ZcJgsp/D8LIDeEdx5
/ByxYVF8cV9L/u0QKOdUbvb4Sr1m37eWhtlTcXMYjU+evtWI7vB/c0EfzTSfbJ2tZnIA
8ARTan1yNxFCcyYNoRCPVpGhEHj8LrJGk/8+RvUGlrcsCyg2vw0lAKwtxaiZYU+0QUuz
kmfki1pF2P9C6WxRl/YFNb6yMArj4AxP0vjbSs0HTeXt1V2pwLfjRAY0t60lxYG5Q9nr
lmuA==
X-Gm-Message-State: AOAM530R5cQXQR5qsW/ZxUODcp5mzSmR1u6skailpuKMI99WBVwmuYQ7
KAgHxHov4iuMJOAiS+OxO3b5FOTeEu8kXzHArag=
X-Google-Smtp-Source: ABdhPJyj48LmTPbryylDIA+/bYYXklZnvNevN31ipCckrarBO6xyTsmRMiwhf+ZktuytGaUmzgvJOhAmsztG8JxYPp8=
X-Received: by 2002:a05:6512:3183:b0:473:dffc:18ac with SMTP id
i3-20020a056512318300b00473dffc18acmr16039603lfe.217.1653317691838; Mon, 23
May 2022 07:54:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6512:3a95:0:0:0:0 with HTTP; Mon, 23 May 2022 07:54:49
-0700 (PDT)
Reply-To: judgemartinsesq@aol.com
From: office
Date: Mon, 23 May 2022 07:54:49 -0700
Message-ID:
Subject: TO YOUR ATTENTION!
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 10.0
X-Spam_score_int: 100
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Department of the Treasury. Attention! I am Ms. Janet Yellen
secretary to the U.S Department of the Treasury. We just got confirmation
from the Financial Crimes Enforcement Network Finecn Authorities concerned
that your funds' inheritance [...]
Content analysis details: (10.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[unitedbankforafrica214[at]gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.41 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[unitedbankforafrica214[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.5 SUBJ_ATTENTION ATTENTION in Subject
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} TO YOUR ATTENTION!
Department of the Treasury.
Attention!
I am Ms. Janet Yellen secretary to the U.S Department of the Treasury.
We just got confirmation from the Financial Crimes Enforcement Network
Finecn Authorities concerned that your funds' inheritance has been
re-approved for a transfer value amount of USD$5.5Million Dollars by
the new government.
I have solicited proper security and guarantee of these approved
funds, discrepancy and or risk on delivery. Your safety and security
is assured. Therefore, you are advised to contact Barrister Judge
Martins, being the Attorney in charge.
Note, and be advised that your funds have been coded for security
reasons. So contact the Barrister Judge for more information on how to
obtain your remaining proper document and the cost obligations
clearance for hitch-free delivery to you.
Contact him thus:
Attn. Judge Martins,
Director Foreign Operations Department.
Address: 28 Liberty St, New York,
NY 10005, United States.
Email: judgemartinsesq@aol.com
Make sure you resend to him all vital information needed for clearance
via: Your full Name, Address, Drivers License or valid Id, Company=E2=80=99=
s
name and address, telephone etc.
Ask him other things he may require to complete clearance within 72
hours to deliver your funds finally to you.
Ms. Janet Yellen
Treasury Secretary.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 23 May 2022 14:15:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1ntERr-00090c-AY
for dave@doctor.nl2k.ab.ca;
Mon, 23 May 2022 14:14:39 -0600
Resent-From: The Doctor
Resent-Date: Mon, 23 May 2022 14:14:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f41.google.com ([209.85.167.41]:39641)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nt9Sl-00056J-Vi
for doctor@doctor.nl2k.ab.ca;
Mon, 23 May 2022 08:55:19 -0600
Received: by mail-lf1-f41.google.com with SMTP id y32so26020091lfa.6
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;
b=aUWYha+vSZwnWREnhyabjvAPViyTbcuxcLgfeWKt+NdH14je4XwyakDo6r/JzIYtXU
xB/jqkxwngtkEv3WR47sQ26rMP0pFvGb0pruo7m0t4gc5sjL9xvtuuQOVUzJtGMmyfzd
1eRRaKyJmHqQuzrAMfcoFh0K9OmsgMKSj3Sp2iX2nfg6mRYqcp5ENL1itRPPT/9r+Wm6
pdWaKTj5UYqfCCBiXZ1YxGWwCqt7gV2Cuv5U37ObQejvSYhjjaOJlWUUFHac92wYdikg
4vdT3ozH+qIYmsu1TtQ6YcnVINjyVVovLSTi5fqujAIoYwtKq8qrcxQWHpd9WERbtM+D
jb1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=3IP3LapS+WwVNdfsJ7LqEhQLP1EPVrR8kCDbPE6zy9Q=;
b=BYkZ+F3OOYgydymsUujw4V+4uHPHxcc/DJ9bk6sAC93mcyShmy2FqkMWVEgS5E6yg7
/ZyFFrzqJHx+vN4oExQYJ0pRP2HhVuy6wIIAKuAMcLt7SsnKN88ZcJgsp/D8LIDeEdx5
/ByxYVF8cV9L/u0QKOdUbvb4Sr1m37eWhtlTcXMYjU+evtWI7vB/c0EfzTSfbJ2tZnIA
8ARTan1yNxFCcyYNoRCPVpGhEHj8LrJGk/8+RvUGlrcsCyg2vw0lAKwtxaiZYU+0QUuz
kmfki1pF2P9C6WxRl/YFNb6yMArj4AxP0vjbSs0HTeXt1V2pwLfjRAY0t60lxYG5Q9nr
lmuA==
X-Gm-Message-State: AOAM530R5cQXQR5qsW/ZxUODcp5mzSmR1u6skailpuKMI99WBVwmuYQ7
KAgHxHov4iuMJOAiS+OxO3b5FOTeEu8kXzHArag=
X-Google-Smtp-Source: ABdhPJyj48LmTPbryylDIA+/bYYXklZnvNevN31ipCckrarBO6xyTsmRMiwhf+ZktuytGaUmzgvJOhAmsztG8JxYPp8=
X-Received: by 2002:a05:6512:3183:b0:473:dffc:18ac with SMTP id
i3-20020a056512318300b00473dffc18acmr16039603lfe.217.1653317691838; Mon, 23
May 2022 07:54:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6512:3a95:0:0:0:0 with HTTP; Mon, 23 May 2022 07:54:49
-0700 (PDT)
Reply-To: judgemartinsesq@aol.com
From: office
Date: Mon, 23 May 2022 07:54:49 -0700
Message-ID:
Subject: TO YOUR ATTENTION!
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 10.0
X-Spam_score_int: 100
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Department of the Treasury. Attention! I am Ms. Janet Yellen
secretary to the U.S Department of the Treasury. We just got confirmation
from the Financial Crimes Enforcement Network Finecn Authorities concerned
that your funds' inheritance [...]
Content analysis details: (10.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[unitedbankforafrica214[at]gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.41 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[unitedbankforafrica214[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.5 SUBJ_ATTENTION ATTENTION in Subject
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} TO YOUR ATTENTION!
Department of the Treasury.
Attention!
I am Ms. Janet Yellen secretary to the U.S Department of the Treasury.
We just got confirmation from the Financial Crimes Enforcement Network
Finecn Authorities concerned that your funds' inheritance has been
re-approved for a transfer value amount of USD$5.5Million Dollars by
the new government.
I have solicited proper security and guarantee of these approved
funds, discrepancy and or risk on delivery. Your safety and security
is assured. Therefore, you are advised to contact Barrister Judge
Martins, being the Attorney in charge.
Note, and be advised that your funds have been coded for security
reasons. So contact the Barrister Judge for more information on how to
obtain your remaining proper document and the cost obligations
clearance for hitch-free delivery to you.
Contact him thus:
Attn. Judge Martins,
Director Foreign Operations Department.
Address: 28 Liberty St, New York,
NY 10005, United States.
Email: judgemartinsesq@aol.com
Make sure you resend to him all vital information needed for clearance
via: Your full Name, Address, Drivers License or valid Id, Company=E2=80=99=
s
name and address, telephone etc.
Ask him other things he may require to complete clearance within 72
hours to deliver your funds finally to you.
Ms. Janet Yellen
Treasury Secretary.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments