FBI phish from GMail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Jun 2022 08:03:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o3eSM-0000Rx-56
for dave@doctor.nl2k.ab.ca;
Tue, 21 Jun 2022 08:02:14 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 Jun 2022 08:02:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vs1-f48.google.com ([209.85.217.48]:33609)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1o3bW9-000GZh-Jn
for doctor@doctor.nl2k.ab.ca;
Tue, 21 Jun 2022 04:54:02 -0600
Received: by mail-vs1-f48.google.com with SMTP id j6so5044521vsi.0
for; Tue, 21 Jun 2022 03:53:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=cMQBpSyp1yvR2MHIGcuvJSQzJmRwhHlTqTpAIcah2OY=;
b=OjKUCRnwvlEbmQevUXMJrj5fBmdtqNQr6dBXlGmy9ZPjKz5FVZVQsAsHUr0H9USxcT
C13NNpCPxVrMRJbeJblWcUxyd8VFTE7WF45YpLrmQhIyZg55vRAXYon4lUam3EITq1Px
8+DV8+rbc5768H7C3NXSQtx/kBy0OgDMXG4JecWEoEssHjp5O5evghYTf1mk5XT9C1/6
WGaBoYPX9pfXRKtps0KzrqbiIvetdCb0BpnRGULP1++GWkwBa1TIcCcOhh3Lh0Hef3I4
srKuTvG1/z8vKKmVvfsnCdHxXkj3wVntBDUJ0hAc3L/3+Z1e0PSTFKlCSGgErki16vug
lzJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=cMQBpSyp1yvR2MHIGcuvJSQzJmRwhHlTqTpAIcah2OY=;
b=73Tlg6mm+JATKMi5XshtglCXa/QzlT78feUgi+sZbcfScx784ofnwsfoYVxHEQ7niZ
S4NWXbMPY2nzjb8jW6djRGK2NPD4lgX1vS5CKEWKNs0grR6h5buf3gOdDkeiPPXrxZGZ
25fTdUhZWFwFe5IbYwuyLwBWKy+4EY3cBQpJgD+oLBvcMFkpyM3XyGlipXi4LdSZnjyf
Plj4s1OnLZu72g7tWLyevOnewAUe3FOWcNHZ3rMFPeUThwK1VcInvvrQY5qHVvNKPhOf
JifxJ1eM8/3K6bjeZCZE66aCCC7rvVzJjN3sgggYK6l1b9P7B20+xJPUD1EXwdncdhgK
26aQ==
X-Gm-Message-State: AJIora9SMzpvub5jtyLgkGXorowe6rXSue2wapqSHyyINRRL5ZMAD7B/
ltXP82wJTUoBJ11+1kVGuD4lRzCfOD0/NvVZGR0=
X-Google-Smtp-Source: AGRyM1sjwRsfsGH/hYzNkdnZjy8VYA0be+PFyFoI3dHqYtmYhlJBMnOy0VNyzfHzcIFrhOb40q+SuRSUh+SITIZnHfQ=
X-Received: by 2002:a05:6102:50a9:b0:34c:4c74:8d80 with SMTP id
bl41-20020a05610250a900b0034c4c748d80mr10771174vsb.13.1655808809962; Tue, 21
Jun 2022 03:53:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a59:797:0:b0:2cd:288f:de27 with HTTP; Tue, 21 Jun 2022
03:53:29 -0700 (PDT)
Reply-To: christopherwray5050@gmail.com
From: christopher wray
Date: Tue, 21 Jun 2022 03:53:29 -0700
Message-ID:
Subject: FBI OFFICE
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.2
X-Spam_score_int: 142
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: federal bureau of investigation united states department of
justice fbi new york 26 federal plaza 23rd floor new. york 10278-0004 FBI
OFFICE attn:dear atm visa card owner.......read carefully
Content analysis details: (14.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[ejikesunday900[at]gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.217.48 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ejikesunday900[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[christopherwray5050[at]gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 XFER_LOTSA_MONEY Transfer a lot of money
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} FBI OFFICE
federal bureau of investigation united states department of justice
fbi new york 26 federal plaza 23rd floor new. york 10278-0004
FBI OFFICE
attn:dear atm visa card owner.......read carefully
i, Christopher .A. Wray the FBi Director is here by announcing to
you that your atm visa card worth $15.000.000.00usd received at jfk
airport since year 2021 from benin republic government authorities and
every necessary fees/charges has been paid by senders except $350.00
for ccc custom clearance certificate but a lady mrs. jane frederick
came forward and claimed you sent her to claim your $15,000,000.00
because you are dead that you are having kidney problem in a process
of surgery you died .
did you order her to pay for custom clearance certificate (ccc) to
claim your fund atm visa card ? also be informed that we came to an
agreement with the u.s custom authority at (jfk) john f. kennedy int'l
airport nyc that you will send $150.00 latest tomorrow morning.
this is to bring to your notice that we have just been informed
through secrete source that the u.s custom authority at (jfk) john f.
kennedy international airport new york are making arrangement to have
your contract fund wired into the bank account of mrs. jane frederick,
the lady that contacted them, earlier and presented some
documentations evidencing your claim purported to have being signed
personally by you for the release of your contract fund to her, since
you have chose to ignore their messages and refuse to pay the required
$150 for custom clearance certificate charges as imposed, despite the
advise we gave to you.
i want to personally assure you once again that you will have every
course to smile and be happy upon conclusion of this project, as we
will continue monitoring all your services with them at all level as
well as your correspondence, until you have received your atm visa
card accordingly. as a legal owner, we are here to protect your
interest and that is the reason why we are doing all we can to make
sure all goes well, this is a huge amount of money which we don't wish
for you to lose.
we understand that the imposed fee might be too much for you to pay so
to further make things easier for you, we have discussed with the u.s
custom authority at (jfk) john f. kennedy international airport new
york pleaded on your behalf for them to give you the grace of sending
half of the charges $550 for now after which the diplomatic agent
makes the delivery of your atm visa card to you then once you receive
your fund, you can then pay the balance of $150 ,
all we want you to do right now is to send the half of the money with
the name listed below so we can forward it to benin republic customs
authority to help us bobtail the custom clearance certificate and the
diplomat will make the delivery to your home address tomorrow morning
by 9:00 am
contact us right away and let me know when you send half of the
charges as we discussed with them to enable them route your fund to
you with immediate effect. this is a life time opportunity and we will
advise you take advantage of it, before it is too late to do so.
god bless you!
thanks.
yours in service,
best regards,
Christopher .A.Wray FBI DRECTOR
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Jun 2022 08:03:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1o3eSM-0000Rx-56
for dave@doctor.nl2k.ab.ca;
Tue, 21 Jun 2022 08:02:14 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 Jun 2022 08:02:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vs1-f48.google.com ([209.85.217.48]:33609)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1o3bW9-000GZh-Jn
for doctor@doctor.nl2k.ab.ca;
Tue, 21 Jun 2022 04:54:02 -0600
Received: by mail-vs1-f48.google.com with SMTP id j6so5044521vsi.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=cMQBpSyp1yvR2MHIGcuvJSQzJmRwhHlTqTpAIcah2OY=;
b=OjKUCRnwvlEbmQevUXMJrj5fBmdtqNQr6dBXlGmy9ZPjKz5FVZVQsAsHUr0H9USxcT
C13NNpCPxVrMRJbeJblWcUxyd8VFTE7WF45YpLrmQhIyZg55vRAXYon4lUam3EITq1Px
8+DV8+rbc5768H7C3NXSQtx/kBy0OgDMXG4JecWEoEssHjp5O5evghYTf1mk5XT9C1/6
WGaBoYPX9pfXRKtps0KzrqbiIvetdCb0BpnRGULP1++GWkwBa1TIcCcOhh3Lh0Hef3I4
srKuTvG1/z8vKKmVvfsnCdHxXkj3wVntBDUJ0hAc3L/3+Z1e0PSTFKlCSGgErki16vug
lzJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=cMQBpSyp1yvR2MHIGcuvJSQzJmRwhHlTqTpAIcah2OY=;
b=73Tlg6mm+JATKMi5XshtglCXa/QzlT78feUgi+sZbcfScx784ofnwsfoYVxHEQ7niZ
S4NWXbMPY2nzjb8jW6djRGK2NPD4lgX1vS5CKEWKNs0grR6h5buf3gOdDkeiPPXrxZGZ
25fTdUhZWFwFe5IbYwuyLwBWKy+4EY3cBQpJgD+oLBvcMFkpyM3XyGlipXi4LdSZnjyf
Plj4s1OnLZu72g7tWLyevOnewAUe3FOWcNHZ3rMFPeUThwK1VcInvvrQY5qHVvNKPhOf
JifxJ1eM8/3K6bjeZCZE66aCCC7rvVzJjN3sgggYK6l1b9P7B20+xJPUD1EXwdncdhgK
26aQ==
X-Gm-Message-State: AJIora9SMzpvub5jtyLgkGXorowe6rXSue2wapqSHyyINRRL5ZMAD7B/
ltXP82wJTUoBJ11+1kVGuD4lRzCfOD0/NvVZGR0=
X-Google-Smtp-Source: AGRyM1sjwRsfsGH/hYzNkdnZjy8VYA0be+PFyFoI3dHqYtmYhlJBMnOy0VNyzfHzcIFrhOb40q+SuRSUh+SITIZnHfQ=
X-Received: by 2002:a05:6102:50a9:b0:34c:4c74:8d80 with SMTP id
bl41-20020a05610250a900b0034c4c748d80mr10771174vsb.13.1655808809962; Tue, 21
Jun 2022 03:53:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a59:797:0:b0:2cd:288f:de27 with HTTP; Tue, 21 Jun 2022
03:53:29 -0700 (PDT)
Reply-To: christopherwray5050@gmail.com
From: christopher wray
Date: Tue, 21 Jun 2022 03:53:29 -0700
Message-ID:
Subject: FBI OFFICE
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.2
X-Spam_score_int: 142
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: federal bureau of investigation united states department of
justice fbi new york 26 federal plaza 23rd floor new. york 10278-0004 FBI
OFFICE attn:dear atm visa card owner.......read carefully
Content analysis details: (14.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[ejikesunday900[at]gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.217.48 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ejikesunday900[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[christopherwray5050[at]gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.5 XFER_LOTSA_MONEY Transfer a lot of money
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} FBI OFFICE
federal bureau of investigation united states department of justice
fbi new york 26 federal plaza 23rd floor new. york 10278-0004
FBI OFFICE
attn:dear atm visa card owner.......read carefully
i, Christopher .A. Wray the FBi Director is here by announcing to
you that your atm visa card worth $15.000.000.00usd received at jfk
airport since year 2021 from benin republic government authorities and
every necessary fees/charges has been paid by senders except $350.00
for ccc custom clearance certificate but a lady mrs. jane frederick
came forward and claimed you sent her to claim your $15,000,000.00
because you are dead that you are having kidney problem in a process
of surgery you died .
did you order her to pay for custom clearance certificate (ccc) to
claim your fund atm visa card ? also be informed that we came to an
agreement with the u.s custom authority at (jfk) john f. kennedy int'l
airport nyc that you will send $150.00 latest tomorrow morning.
this is to bring to your notice that we have just been informed
through secrete source that the u.s custom authority at (jfk) john f.
kennedy international airport new york are making arrangement to have
your contract fund wired into the bank account of mrs. jane frederick,
the lady that contacted them, earlier and presented some
documentations evidencing your claim purported to have being signed
personally by you for the release of your contract fund to her, since
you have chose to ignore their messages and refuse to pay the required
$150 for custom clearance certificate charges as imposed, despite the
advise we gave to you.
i want to personally assure you once again that you will have every
course to smile and be happy upon conclusion of this project, as we
will continue monitoring all your services with them at all level as
well as your correspondence, until you have received your atm visa
card accordingly. as a legal owner, we are here to protect your
interest and that is the reason why we are doing all we can to make
sure all goes well, this is a huge amount of money which we don't wish
for you to lose.
we understand that the imposed fee might be too much for you to pay so
to further make things easier for you, we have discussed with the u.s
custom authority at (jfk) john f. kennedy international airport new
york pleaded on your behalf for them to give you the grace of sending
half of the charges $550 for now after which the diplomatic agent
makes the delivery of your atm visa card to you then once you receive
your fund, you can then pay the balance of $150 ,
all we want you to do right now is to send the half of the money with
the name listed below so we can forward it to benin republic customs
authority to help us bobtail the custom clearance certificate and the
diplomat will make the delivery to your home address tomorrow morning
by 9:00 am
contact us right away and let me know when you send half of the
charges as we discussed with them to enable them route your fund to
you with immediate effect. this is a life time opportunity and we will
advise you take advantage of it, before it is too late to do so.
god bless you!
thanks.
yours in service,
best regards,
Christopher .A.Wray FBI DRECTOR
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments