Debt collection phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 14 Jul 2022 15:46:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oC6e5-000712-6N
for dave@doctor.nl2k.ab.ca;
Thu, 14 Jul 2022 15:45:17 -0600
Resent-From: The Doctor
Resent-Date: Thu, 14 Jul 2022 15:45:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [202.82.170.82] (port=53851 helo=mail.miniprinthk.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oC6RS-0006M1-VJ
for root@nk.ca;
Thu, 14 Jul 2022 15:32:19 -0600
Received: from [103.167.92.100] (unknown [103.167.92.100])
by mail.miniprinthk.com (Postfix) with ESMTPA id 0F01E2561D77
for; Fri, 4 Feb 2022 23:25:51 +0800 (CST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Be Alert.!
To: root@nk.ca
From: "Admin Emissary"
Date: Fri, 04 Feb 2022 15:25:52 +0000
Reply-To: "Admin Emissary"
X-MailScanner-ID: 0F01E2561D77.A0D3C
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=5.112, required 5,
autolearn=disabled, ADVANCE_FEE_4_NEW 2.70, ALL_TRUSTED -1.00,
FREEMAIL_FORGED_REPLYTO 2.50, HK_LOTTO 0.77, MISSING_MID 0.14)
X-MailScanner-SpamScore: sssss
X-MailScanner-From: temp@test.com
X-Spam-Flag: Yes
X-Spam_score: 11.6
X-Spam_score_int: 116
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I am very sorry I have to reach you through this medium.
I am a member of the debt reconvener (debt collection experts) and I am aware
of your ordeal about your unpaid fund. It may interest you to know that not
long after the Debt Management Office (DMO) completed the merger and acquisition
process of all pending payments occasion through the petition raised by the
intern [...]
Content analysis details: (11.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[202.82.170.82 listed in bb.barracudacentral.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[202.82.170.82 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.1 MISSING_MID Missing Message-Id: header
0.8 HK_LOTTO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.7 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} Be Alert.!
Hello,
I am very sorry I have to reach you through this medium. I am a member of t=
he debt reconvener (debt collection experts) and I am aware of your ordeal =
about your unpaid fund.
It may interest you to know that not long after the Debt Management Office =
(DMO) completed the merger and acquisition process of all pending payments =
occasion through the petition raised by the international community about t=
heir unpaid funds. I discovered that their boss connived with some top offi=
cials to divert funds approve to settle unpaid inheritances, email lottery =
winners, Internet scam victims, unclaimed consignments(concealed funds), an=
d International Contractors.
The DMO has already given the approval to pay your fund but they deliberate=
ly withheld your payment file and continue to demand fees from you through =
their associates from different unassigned affiliates mostly from Africa, t=
he US, Spain, and the Netherlands all in trying to frustrate you into givin=
g up on it so they can finally enrich themselves. I wonder why you haven=E2=
=80=99t noticed all this while.
You may choose to disbelieve this email as inconceivable but my doctrine do=
es not let such an act, the reason I have to open up to you to seek the rig=
ht channel. DMO was authorized to release your fund via their asset managem=
ent firm with claim code numbers, supposedly to have been issued to you.
Upon your response, I shall guide you through and offer you with details to=
contact the assigned affiliate who will immediately ease the release of yo=
ur fund.
Thanks and have a wonderful day.
Be Safe.
Yours Faithfully,
Admin Emissary.
UK.Ref:RDC-82/M2T03Y22/100/A
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 14 Jul 2022 15:46:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oC6e5-000712-6N
for dave@doctor.nl2k.ab.ca;
Thu, 14 Jul 2022 15:45:17 -0600
Resent-From: The Doctor
Resent-Date: Thu, 14 Jul 2022 15:45:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [202.82.170.82] (port=53851 helo=mail.miniprinthk.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oC6RS-0006M1-VJ
for root@nk.ca;
Thu, 14 Jul 2022 15:32:19 -0600
Received: from [103.167.92.100] (unknown [103.167.92.100])
by mail.miniprinthk.com (Postfix) with ESMTPA id 0F01E2561D77
for
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Be Alert.!
To: root@nk.ca
From: "Admin Emissary"
Date: Fri, 04 Feb 2022 15:25:52 +0000
Reply-To: "Admin Emissary"
X-MailScanner-ID: 0F01E2561D77.A0D3C
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=5.112, required 5,
autolearn=disabled, ADVANCE_FEE_4_NEW 2.70, ALL_TRUSTED -1.00,
FREEMAIL_FORGED_REPLYTO 2.50, HK_LOTTO 0.77, MISSING_MID 0.14)
X-MailScanner-SpamScore: sssss
X-MailScanner-From: temp@test.com
X-Spam-Flag: Yes
X-Spam_score: 11.6
X-Spam_score_int: 116
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I am very sorry I have to reach you through this medium.
I am a member of the debt reconvener (debt collection experts) and I am aware
of your ordeal about your unpaid fund. It may interest you to know that not
long after the Debt Management Office (DMO) completed the merger and acquisition
process of all pending payments occasion through the petition raised by the
intern [...]
Content analysis details: (11.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[202.82.170.82 listed in bb.barracudacentral.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[202.82.170.82 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.1 MISSING_MID Missing Message-Id: header
0.8 HK_LOTTO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.7 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} Be Alert.!
Hello,
I am very sorry I have to reach you through this medium. I am a member of t=
he debt reconvener (debt collection experts) and I am aware of your ordeal =
about your unpaid fund.
It may interest you to know that not long after the Debt Management Office =
(DMO) completed the merger and acquisition process of all pending payments =
occasion through the petition raised by the international community about t=
heir unpaid funds. I discovered that their boss connived with some top offi=
cials to divert funds approve to settle unpaid inheritances, email lottery =
winners, Internet scam victims, unclaimed consignments(concealed funds), an=
d International Contractors.
The DMO has already given the approval to pay your fund but they deliberate=
ly withheld your payment file and continue to demand fees from you through =
their associates from different unassigned affiliates mostly from Africa, t=
he US, Spain, and the Netherlands all in trying to frustrate you into givin=
g up on it so they can finally enrich themselves. I wonder why you haven=E2=
=80=99t noticed all this while.
You may choose to disbelieve this email as inconceivable but my doctrine do=
es not let such an act, the reason I have to open up to you to seek the rig=
ht channel. DMO was authorized to release your fund via their asset managem=
ent firm with claim code numbers, supposedly to have been issued to you.
Upon your response, I shall guide you through and offer you with details to=
contact the assigned affiliate who will immediately ease the release of yo=
ur fund.
Thanks and have a wonderful day.
Be Safe.
Yours Faithfully,
Admin Emissary.
UK.Ref:RDC-82/M2T03Y22/100/A
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments