IMF spam from Google
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 15 Jul 2022 18:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oCVcy-0004hN-2x
for dave@doctor.nl2k.ab.ca;
Fri, 15 Jul 2022 18:25:48 -0600
Resent-From: The Doctor
Resent-Date: Fri, 15 Jul 2022 18:25:48 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f47.google.com ([209.85.221.47]:41630)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oCVRW-0004CC-W7
for doctor@doctor.nl2k.ab.ca;
Fri, 15 Jul 2022 18:14:02 -0600
Received: by mail-wr1-f47.google.com with SMTP id q9so8764737wrd.8
for; Fri, 15 Jul 2022 17:13:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=NATxg2YAh8vnnu6HlOgM65ueg+ZvS8EVyGuGblrA4UI=;
b=I9CNJBTzVyRwxR4aZtExbNCUDSHJ+mfPlwV4uYP7ZduE+M2SrDc3AiDZVvI8KRWZr8
iq6sEY1aJDwBaDjW/Zuf9T8YVGIknuUZCAJNsSsiBH38tGMY4HiXCAHKDErKQzuP5c6+
ZyBfRKDsAuYbOn0dqZGedeOoYPRXbQsLWY6o5R9QJocJMUIQy2mDQq7l2uee+Ovtujtj
57XKgTHcL2+ERRMaSh2yP9dn5oB6e4t51iQTGvC5G0HDRvhmd1G9KR2+K++w8/1rGS9/
TGZujm2p+EKsSuTFxQcscU/vMx/EUsaNYG8EtR4jShdS51Kz4TCWZJP9Ts6UK4uBudjz
es6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=NATxg2YAh8vnnu6HlOgM65ueg+ZvS8EVyGuGblrA4UI=;
b=8DI4sr/7BsYRRkfcDt4i44Yg2Bt2o0VJml9Wzjz72K+P15fwOAGMqbvN6rM87fGq0Z
MplcpltL/oGjKRC5AjfQf8h8QoRMaM0afAZQhZyHD5xIXFKSI2oI7FbgZ6PKUXaS8R/h
fd9BVG6BJXQbUjozovG4/D5QtjmoSsX/Z8Wp/XQQ1Bec9gxbE8C4PLJN7GkVhYV6xA3Q
IK/MB0OfcUNfweegCdlialnwTDCusHGNR7MeZzPc/0PDE8U6APihRMXENKVTxxS3Mmr1
9K8sIq/Rd+3H27H9QCNZaVb5QUX6HY8huL/lpcqohG4alnoykCLXL05LRglV/wWVPJ9t
y9Bw==
X-Gm-Message-State: AJIora9V5dW/9m5/Hf4Sa0nFh76EIadEPYf6/YOE7V+tb5SPZlRuW1m4
fdpQVjKHUcgh/hKlwX/YwveLcTZMPy32MZ1b2UU=
X-Google-Smtp-Source: AGRyM1tRj34eV7RlV3WX3aXYrZbp1Zsg6nQVOYlJro3Rw6ghfuOFGvZf884b9JY51cuZFrOTW/DC5xA7/6EXSNbvHDQ=
X-Received: by 2002:a5d:5268:0:b0:21d:6c45:fe6 with SMTP id
l8-20020a5d5268000000b0021d6c450fe6mr14867683wrc.380.1657930415142; Fri, 15
Jul 2022 17:13:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6020:d182:b0:1f1:16b9:3763 with HTTP; Fri, 15 Jul 2022
17:13:34 -0700 (PDT)
Reply-To: wu56645payment@gmail.com
From: "(IMF) SCAM VICTIMS"
Date: Fri, 15 Jul 2022 17:13:34 -0700
Message-ID:
Subject: Dear email owner,
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear email owner, The International Monetary Fund (IMF) compensates
all victims of fraud and your email address was found on the list of victims
of fraud. This Western Union office has been hired by the IMF to transfer
[...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[mriahr9[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[mriahr9[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.47 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
1.5 HK_SCAM_N8 BODY: No description available.
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
2.0 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dear email owner,
Dear email owner,
The International Monetary Fund (IMF) compensates all victims of fraud
and your email address was found on the list of victims of fraud. This
Western Union office has been hired by the IMF to transfer your
compensation to you via Western Union Money Transfer.
However, we have decided to make your own payment through Western
Union Money Transfer, $5,000 per day until the total of $1,500,000.00,
has been transferred to you in full.
We may not be able to send the payment with your email address
alone,so we need your information on where we will send the money to
you,Such as:
Name of the addressee________________
Address________________
Country__________________
Telephone number________________
Attached copy of your ID_____________
Age ________________________
We will start the transfer once we have received your Information:
Contact email (wunion7509@gmail.com)
Thank you
Faithfully,
Mr. Michael Anthony,
Tel/WhatsApp +1 (916) 243-5436
Tell: +1- (916) 243-5436
Director of Western Union Money Transfer
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 15 Jul 2022 18:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oCVcy-0004hN-2x
for dave@doctor.nl2k.ab.ca;
Fri, 15 Jul 2022 18:25:48 -0600
Resent-From: The Doctor
Resent-Date: Fri, 15 Jul 2022 18:25:48 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f47.google.com ([209.85.221.47]:41630)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oCVRW-0004CC-W7
for doctor@doctor.nl2k.ab.ca;
Fri, 15 Jul 2022 18:14:02 -0600
Received: by mail-wr1-f47.google.com with SMTP id q9so8764737wrd.8
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=NATxg2YAh8vnnu6HlOgM65ueg+ZvS8EVyGuGblrA4UI=;
b=I9CNJBTzVyRwxR4aZtExbNCUDSHJ+mfPlwV4uYP7ZduE+M2SrDc3AiDZVvI8KRWZr8
iq6sEY1aJDwBaDjW/Zuf9T8YVGIknuUZCAJNsSsiBH38tGMY4HiXCAHKDErKQzuP5c6+
ZyBfRKDsAuYbOn0dqZGedeOoYPRXbQsLWY6o5R9QJocJMUIQy2mDQq7l2uee+Ovtujtj
57XKgTHcL2+ERRMaSh2yP9dn5oB6e4t51iQTGvC5G0HDRvhmd1G9KR2+K++w8/1rGS9/
TGZujm2p+EKsSuTFxQcscU/vMx/EUsaNYG8EtR4jShdS51Kz4TCWZJP9Ts6UK4uBudjz
es6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=NATxg2YAh8vnnu6HlOgM65ueg+ZvS8EVyGuGblrA4UI=;
b=8DI4sr/7BsYRRkfcDt4i44Yg2Bt2o0VJml9Wzjz72K+P15fwOAGMqbvN6rM87fGq0Z
MplcpltL/oGjKRC5AjfQf8h8QoRMaM0afAZQhZyHD5xIXFKSI2oI7FbgZ6PKUXaS8R/h
fd9BVG6BJXQbUjozovG4/D5QtjmoSsX/Z8Wp/XQQ1Bec9gxbE8C4PLJN7GkVhYV6xA3Q
IK/MB0OfcUNfweegCdlialnwTDCusHGNR7MeZzPc/0PDE8U6APihRMXENKVTxxS3Mmr1
9K8sIq/Rd+3H27H9QCNZaVb5QUX6HY8huL/lpcqohG4alnoykCLXL05LRglV/wWVPJ9t
y9Bw==
X-Gm-Message-State: AJIora9V5dW/9m5/Hf4Sa0nFh76EIadEPYf6/YOE7V+tb5SPZlRuW1m4
fdpQVjKHUcgh/hKlwX/YwveLcTZMPy32MZ1b2UU=
X-Google-Smtp-Source: AGRyM1tRj34eV7RlV3WX3aXYrZbp1Zsg6nQVOYlJro3Rw6ghfuOFGvZf884b9JY51cuZFrOTW/DC5xA7/6EXSNbvHDQ=
X-Received: by 2002:a5d:5268:0:b0:21d:6c45:fe6 with SMTP id
l8-20020a5d5268000000b0021d6c450fe6mr14867683wrc.380.1657930415142; Fri, 15
Jul 2022 17:13:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6020:d182:b0:1f1:16b9:3763 with HTTP; Fri, 15 Jul 2022
17:13:34 -0700 (PDT)
Reply-To: wu56645payment@gmail.com
From: "(IMF) SCAM VICTIMS"
Date: Fri, 15 Jul 2022 17:13:34 -0700
Message-ID:
Subject: Dear email owner,
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear email owner, The International Monetary Fund (IMF) compensates
all victims of fraud and your email address was found on the list of victims
of fraud. This Western Union office has been hired by the IMF to transfer
[...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[mriahr9[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[mriahr9[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.47 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
1.5 HK_SCAM_N8 BODY: No description available.
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
2.0 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dear email owner,
Dear email owner,
The International Monetary Fund (IMF) compensates all victims of fraud
and your email address was found on the list of victims of fraud. This
Western Union office has been hired by the IMF to transfer your
compensation to you via Western Union Money Transfer.
However, we have decided to make your own payment through Western
Union Money Transfer, $5,000 per day until the total of $1,500,000.00,
has been transferred to you in full.
We may not be able to send the payment with your email address
alone,so we need your information on where we will send the money to
you,Such as:
Name of the addressee________________
Address________________
Country__________________
Telephone number________________
Attached copy of your ID_____________
Age ________________________
We will start the transfer once we have received your Information:
Contact email (wunion7509@gmail.com)
Thank you
Faithfully,
Mr. Michael Anthony,
Tel/WhatsApp +1 (916) 243-5436
Tell: +1- (916) 243-5436
Director of Western Union Money Transfer
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments