Bank deposit phish from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Aug 2022 08:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRZu8-000Btw-Ay

for dave@doctor.nl2k.ab.ca;

Fri, 26 Aug 2022 08:01:48 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Aug 2022 08:01:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-il1-f169.google.com ([209.85.166.169]:40460)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRXbc-0004Jt-03

for doctor@nl2k.ab.ca;

Fri, 26 Aug 2022 05:34:36 -0600

Received: by mail-il1-f169.google.com with SMTP id m8so457686ilg.7

for ; Fri, 26 Aug 2022 04:34:09 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc;

bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;

b=WHl8RkNZgEGFJFMiLBRTBdo/rowkvdwxJRJqMjroTEsUwAF+mPcCSZMW4yq5nYrQFY

Dlnx08q3KumEZHi/36wymLuTYfc2Hgy5mGetYhaAxIWwrbm3xHF8Dfz9spOlusE2pUHP

ObvlO5Y+9LmxClyaeFrzrxLPoiArfw1EOku9deXJKdyQ1kaR+ScovOvZsBAHIqh56aJ8

zAe9CysZMiFgpWVXIUvFMR6MrCuJPv8MiZeaZ3iAkptb3YivjGOaBQshjI2pYZOd1faG

NWa9XOApEmjO5ZNIRXcmopKpd3d5nu/ts7MKNCTODm0Q2Ic0I3qGP+EtQOayFHMX9C1V

gPdA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc;

bh=g+G6KwMGqKTv9KBq+u9XSag1LenF14W0ni2JrKw/1S4=;

b=vTgVvkGWF76jRuBqoQOK67+AD/0PnUy2FndHDXO3nTgxHmPeK77Lrir4qdXJvqV/EZ

l3XI+/8GDkbAphQtqoF1WNqK16MuHrSs128C70RwiKGNYsKlWEdSPL1kAE/O1yqyh43D

296CnxVCAfJhTWhO9TmmuY273kcizP3hHQVu1xXgm5yCOMWeqWIvpni+U8ajcWqz2Q7G

ZiMgMGZCYOd3THbPzTL1rdcMiSQeuinWZS8MrWJpv5yC6d96apfMfhudTA2GRsCUhv3x

8AtTiae+yEK1eTmPR5lUB/y5rpQdikRMKoQ4siye2mgfFDrrVhqc+HBQ9jYEp/tXadjX

Obeg==

X-Gm-Message-State: ACgBeo2cybyWYrTMUaCy5YmuqAf+R4fUqS/Niv1a1Ngtkgy8lX/+TM9h

JaKgnEl6RcDyAaBkh7hi4k4jbfqj13t8VL8wNmU=

X-Google-Smtp-Source: AA6agR4lvJ0cTeEtYcMwjiaWMTAFHN44viHHry81nKSBHzDyCijG/IgEArFKxXExeHqtZra1ARBlN7rUkAUgBYvbG+A=

X-Received: by 2002:a92:c6c2:0:b0:2e9:627c:78bc with SMTP id

v2-20020a92c6c2000000b002e9627c78bcmr3795174ilm.288.1661513643284; Fri, 26

Aug 2022 04:34:03 -0700 (PDT)

MIME-Version: 1.0

Sender: bombirialfred@gmail.com

Received: by 2002:a4f:f186:0:0:0:0:0 with HTTP; Fri, 26 Aug 2022 04:34:02

-0700 (PDT)

From: sofiaoleksander

Date: Fri, 26 Aug 2022 12:34:02 +0100

X-Google-Sender-Auth: KJea-Phrr-9oE243_-kbqZ_lqZs

Message-ID:

Subject: Dearest,

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 7.1

X-Spam_score_int: 71

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dearest, My Name is, sofia oleksander, a 20 years old girl

from Ukraine and am presently in a refugee camp here in Poland. I lost my

parents in the recent war in Ukraine, right now am in a refugee camp in Pol

[...]



Content analysis details: (7.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.166.169 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[sofiaoleksander2[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

2.5 MILLION_USD BODY: Talks about millions of dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 TVD_PH_BODY_META No description available.

2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Dearest,



Dearest,



My Name is, sofia oleksander, a 20 years old girl from Ukraine and

am presently in a refugee camp here in Poland. I lost my parents in

the recent war in Ukraine, right now am in a refugee camp in Poland.

Please am in great need of your help in transferring my late father

deposited fund, the sum of $3.5 MILLION UNITED STATES DOLLAR, he

deposited in a bank in United State.



the deposited money was from the sale of the company shares death

benefits payment, and entitlements of my deceased father by his

company. I have every necessary document for the fund, I seek for an

honest foreigner who will stand as my foreign partner and investor. I

just need this fund to be transferred to your bank account so that I

will come over to your country and complete my education over there in

your country. as you know, my country has been in a deep crisis due to

the recent war and I cannot go back.



Please I need your urgent,

sofia oleksander,

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA