Bank deposit phish from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 Aug 2022 08:02:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oRZu8-000Btw-Ay
for dave@doctor.nl2k.ab.ca;
Fri, 26 Aug 2022 08:01:48 -0600
Resent-From: The Doctor
Resent-Date: Fri, 26 Aug 2022 08:01:48 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-il1-f169.google.com ([209.85.166.169]:40460)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oRXbc-0004Jt-03
for doctor@nl2k.ab.ca;
Fri, 26 Aug 2022 05:34:36 -0600
Received: by mail-il1-f169.google.com with SMTP id m8so457686ilg.7
for; Fri, 26 Aug 2022 04:34:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:sender:mime-version:from:to:cc;
bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;
b=WHl8RkNZgEGFJFMiLBRTBdo/rowkvdwxJRJqMjroTEsUwAF+mPcCSZMW4yq5nYrQFY
Dlnx08q3KumEZHi/36wymLuTYfc2Hgy5mGetYhaAxIWwrbm3xHF8Dfz9spOlusE2pUHP
ObvlO5Y+9LmxClyaeFrzrxLPoiArfw1EOku9deXJKdyQ1kaR+ScovOvZsBAHIqh56aJ8
zAe9CysZMiFgpWVXIUvFMR6MrCuJPv8MiZeaZ3iAkptb3YivjGOaBQshjI2pYZOd1faG
NWa9XOApEmjO5ZNIRXcmopKpd3d5nu/ts7MKNCTODm0Q2Ic0I3qGP+EtQOayFHMX9C1V
gPdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:sender:mime-version
:x-gm-message-state:from:to:cc;
bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;
b=vTgVvkGWF76jRuBqoQOK67+AD/0PnUy2FndHDXO3nTgxHmPeK77Lrir4qdXJvqV/EZ
l3XI+/8GDkbAphQtqoF1WNqK16MuHrSs128C70RwiKGNYsKlWEdSPL1kAE/O1yqyh43D
296CnxVCAfJhTWhO9TmmuY273kcizP3hHQVu1xXgm5yCOMWeqWIvpni+U8ajcWqz2Q7G
ZiMgMGZCYOd3THbPzTL1rdcMiSQeuinWZS8MrWJpv5yC6d96apfMfhudTA2GRsCUhv3x
8AtTiae+yEK1eTmPR5lUB/y5rpQdikRMKoQ4siye2mgfFDrrVhqc+HBQ9jYEp/tXadjX
Obeg==
X-Gm-Message-State: ACgBeo2cybyWYrTMUaCy5YmuqAf+R4fUqS/Niv1a1Ngtkgy8lX/+TM9h
JaKgnEl6RcDyAaBkh7hi4k4jbfqj13t8VL8wNmU=
X-Google-Smtp-Source: AA6agR4lvJ0cTeEtYcMwjiaWMTAFHN44viHHry81nKSBHzDyCijG/IgEArFKxXExeHqtZra1ARBlN7rUkAUgBYvbG+A=
X-Received: by 2002:a92:c6c2:0:b0:2e9:627c:78bc with SMTP id
v2-20020a92c6c2000000b002e9627c78bcmr3795174ilm.288.1661513643284; Fri, 26
Aug 2022 04:34:03 -0700 (PDT)
MIME-Version: 1.0
Sender: bombirialfred@gmail.com
Received: by 2002:a4f:f186:0:0:0:0:0 with HTTP; Fri, 26 Aug 2022 04:34:02
-0700 (PDT)
From: sofiaoleksander
Date: Fri, 26 Aug 2022 12:34:02 +0100
X-Google-Sender-Auth: KJea-Phrr-9oE243_-kbqZ_lqZs
Message-ID:
Subject: Dearest,
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@nl2k.ab.ca
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dearest, My Name is, sofia oleksander, a 20 years old girl
from Ukraine and am presently in a refugee camp here in Poland. I lost my
parents in the recent war in Ukraine, right now am in a refugee camp in Pol
[...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.169 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[sofiaoleksander2[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 MILLION_USD BODY: Talks about millions of dollars
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 TVD_PH_BODY_META No description available.
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dearest,
Dearest,
My Name is, sofia oleksander, a 20 years old girl from Ukraine and
am presently in a refugee camp here in Poland. I lost my parents in
the recent war in Ukraine, right now am in a refugee camp in Poland.
Please am in great need of your help in transferring my late father
deposited fund, the sum of $3.5 MILLION UNITED STATES DOLLAR, he
deposited in a bank in United State.
the deposited money was from the sale of the company shares death
benefits payment, and entitlements of my deceased father by his
company. I have every necessary document for the fund, I seek for an
honest foreigner who will stand as my foreign partner and investor. I
just need this fund to be transferred to your bank account so that I
will come over to your country and complete my education over there in
your country. as you know, my country has been in a deep crisis due to
the recent war and I cannot go back.
Please I need your urgent,
sofia oleksander,
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 Aug 2022 08:02:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oRZu8-000Btw-Ay
for dave@doctor.nl2k.ab.ca;
Fri, 26 Aug 2022 08:01:48 -0600
Resent-From: The Doctor
Resent-Date: Fri, 26 Aug 2022 08:01:48 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-il1-f169.google.com ([209.85.166.169]:40460)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oRXbc-0004Jt-03
for doctor@nl2k.ab.ca;
Fri, 26 Aug 2022 05:34:36 -0600
Received: by mail-il1-f169.google.com with SMTP id m8so457686ilg.7
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:sender:mime-version:from:to:cc;
bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;
b=WHl8RkNZgEGFJFMiLBRTBdo/rowkvdwxJRJqMjroTEsUwAF+mPcCSZMW4yq5nYrQFY
Dlnx08q3KumEZHi/36wymLuTYfc2Hgy5mGetYhaAxIWwrbm3xHF8Dfz9spOlusE2pUHP
ObvlO5Y+9LmxClyaeFrzrxLPoiArfw1EOku9deXJKdyQ1kaR+ScovOvZsBAHIqh56aJ8
zAe9CysZMiFgpWVXIUvFMR6MrCuJPv8MiZeaZ3iAkptb3YivjGOaBQshjI2pYZOd1faG
NWa9XOApEmjO5ZNIRXcmopKpd3d5nu/ts7MKNCTODm0Q2Ic0I3qGP+EtQOayFHMX9C1V
gPdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:sender:mime-version
:x-gm-message-state:from:to:cc;
bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;
b=vTgVvkGWF76jRuBqoQOK67+AD/0PnUy2FndHDXO3nTgxHmPeK77Lrir4qdXJvqV/EZ
l3XI+/8GDkbAphQtqoF1WNqK16MuHrSs128C70RwiKGNYsKlWEdSPL1kAE/O1yqyh43D
296CnxVCAfJhTWhO9TmmuY273kcizP3hHQVu1xXgm5yCOMWeqWIvpni+U8ajcWqz2Q7G
ZiMgMGZCYOd3THbPzTL1rdcMiSQeuinWZS8MrWJpv5yC6d96apfMfhudTA2GRsCUhv3x
8AtTiae+yEK1eTmPR5lUB/y5rpQdikRMKoQ4siye2mgfFDrrVhqc+HBQ9jYEp/tXadjX
Obeg==
X-Gm-Message-State: ACgBeo2cybyWYrTMUaCy5YmuqAf+R4fUqS/Niv1a1Ngtkgy8lX/+TM9h
JaKgnEl6RcDyAaBkh7hi4k4jbfqj13t8VL8wNmU=
X-Google-Smtp-Source: AA6agR4lvJ0cTeEtYcMwjiaWMTAFHN44viHHry81nKSBHzDyCijG/IgEArFKxXExeHqtZra1ARBlN7rUkAUgBYvbG+A=
X-Received: by 2002:a92:c6c2:0:b0:2e9:627c:78bc with SMTP id
v2-20020a92c6c2000000b002e9627c78bcmr3795174ilm.288.1661513643284; Fri, 26
Aug 2022 04:34:03 -0700 (PDT)
MIME-Version: 1.0
Sender: bombirialfred@gmail.com
Received: by 2002:a4f:f186:0:0:0:0:0 with HTTP; Fri, 26 Aug 2022 04:34:02
-0700 (PDT)
From: sofiaoleksander
Date: Fri, 26 Aug 2022 12:34:02 +0100
X-Google-Sender-Auth: KJea-Phrr-9oE243_-kbqZ_lqZs
Message-ID:
Subject: Dearest,
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@nl2k.ab.ca
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dearest, My Name is, sofia oleksander, a 20 years old girl
from Ukraine and am presently in a refugee camp here in Poland. I lost my
parents in the recent war in Ukraine, right now am in a refugee camp in Pol
[...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.169 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[sofiaoleksander2[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 MILLION_USD BODY: Talks about millions of dollars
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 TVD_PH_BODY_META No description available.
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dearest,
Dearest,
My Name is, sofia oleksander, a 20 years old girl from Ukraine and
am presently in a refugee camp here in Poland. I lost my parents in
the recent war in Ukraine, right now am in a refugee camp in Poland.
Please am in great need of your help in transferring my late father
deposited fund, the sum of $3.5 MILLION UNITED STATES DOLLAR, he
deposited in a bank in United State.
the deposited money was from the sale of the company shares death
benefits payment, and entitlements of my deceased father by his
company. I have every necessary document for the fund, I seek for an
honest foreigner who will stand as my foreign partner and investor. I
just need this fund to be transferred to your bank account so that I
will come over to your country and complete my education over there in
your country. as you know, my country has been in a deep crisis due to
the recent war and I cannot go back.
Please I need your urgent,
sofia oleksander,
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments