Beneficiary spam from Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 Aug 2022 01:24:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oSXH0-000D5t-MO
for dave@doctor.nl2k.ab.ca;
Sun, 28 Aug 2022 23:25:22 -0600
Resent-From: The Doctor
Resent-Date: Sun, 28 Aug 2022 23:25:22 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sgaapc01rlhn2140.outbound.protection.outlook.com ([40.95.54.140]:26255 helo=APC01-SG2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oSTtJ-000K83-MV
for root@nl2k.ab.ca;
Sun, 28 Aug 2022 19:48:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=LwGYqRQHkUFIhwcmiQdywkMCIv/rszmAb5ORMB2LZ0PRBAAbeEJjPSTEhkoeDOX4SIpT4MNB37aPxhWk5EBT+IZ/sN3u2r7Ds5z+8KBo5PIvkoEMQ/umNa+HKtfhgwTJS9FgF8mG3xOuLaqnZgCKgJJ2HrLc5rijNE5nyUbj5ovrNQfxdcvPvMwyYJdZjCF8z+MVEx004Y7eIUZ+//D5N/+WHMMaPTljHQxHilbq01RSHod7cQsyKnERLBT8JdMppZP1eslnwRDHH50JVbf1BkohPEglAs1KwFr/14gnsZrJgVi7rrEfJt9ntbPcHUeRD/CFNmlP2O3e5Tik2y2Nkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=g2v0lH7IlDiqRi0zRrz2XoYkrDxMr5/d+iWsUIghS+A=;
b=WpaoU6BWGphwbIRafHTxmvarYDQ5faF4zo9ZjgUf5zEPgqOVPhp6nXc3/FmaPrhjn86SSfNW6JjSVR/r+/UphIl7PadLEoqcdJjvat5UsfxoIfIGm0XRPKm8A55g/ayhoIEcuhvkHINCSPdLrwngciXmfRX6m3pJoiuTvceUnqVA8XlJCOw1oFSzREiIF3eNIF2NcpZ3ktHX4eSZVs4pCsh24Zp8dMpfmCrTRNx0g0wd6CNPVMje1WySjY5RdmWCht1UiALRHfqfLF7toeFn2T0zRz0PqZHvFT+V/O4XiagSC0pOMcmd9E5tbw2cSDXXckpfe7FwTO2hOR/hjBWXTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
203.189.69.107) smtp.rcpttodomain=hullnissan.com smtp.mailfrom=acens.com;
dmarc=fail (p=none sp=none pct=100) action=none header.from=acens.com;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=hemascol.onmicrosoft.com; s=selector2-hemascol-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=g2v0lH7IlDiqRi0zRrz2XoYkrDxMr5/d+iWsUIghS+A=;
b=qoOFMY5TWvn1u914TGo8cDvzBMg3I7pjIYUhL5wGivqvPa1i/35xDmvDC/YC8GEXo4OFClndzfIOqadOmIrx3N4RZD0R/gni3z45BXyPhT15aLXLFP2ZshqrDlDgYNH8Ye2n8ML587zvrOS2O9qkTHoA1isA1Mhg4Bbx6c+JJ10=
Received: from TYWPR01CA0045.jpnprd01.prod.outlook.com (2603:1096:400:17f::15)
by SG2PR06MB2219.apcprd06.prod.outlook.com (2603:1096:4:c::11) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5566.15; Mon, 29 Aug 2022 01:48:15 +0000
Received: from TYZAPC01FT021.eop-APC01.prod.protection.outlook.com
(2603:1096:400:17f:cafe::b5) by TYWPR01CA0045.outlook.office365.com
(2603:1096:400:17f::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15 via Frontend
Transport; Mon, 29 Aug 2022 01:48:14 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 203.189.69.107)
smtp.mailfrom=acens.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=acens.com;
Received-SPF: Fail (protection.outlook.com: domain of acens.com does not
designate 203.189.69.107 as permitted sender)
receiver=protection.outlook.com; client-ip=203.189.69.107;
helo=mail.atlas.lk;
Received: from mail.atlas.lk (203.189.69.107) by
TYZAPC01FT021.mail.protection.outlook.com (10.118.152.130) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.5566.15 via Frontend Transport; Mon, 29 Aug 2022 01:48:14 +0000
Received: from cpcex01.cpc.local (192.168.13.16) by cpcex01.cpc.local
(192.168.13.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 29 Aug
2022 05:35:43 +0530
Received: from User (2.56.58.78) by cpcex01.cpc.local (192.168.13.16) with
Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Mon, 29 Aug 2022
05:35:33 +0530
Reply-To:
From: Mrs.Juan Henry
Subject: Attention: Beneficiary
Date: Sun, 28 Aug 2022 17:06:08 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <2bd8768a72c649e2b17157e244655ac4@cpcex01.cpc.local>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 809e56e6-e952-4042-bff4-08da896089b4
X-MS-TrafficTypeDiagnostic: SG2PR06MB2219:EE_
X-Hemas-MessageTracker: #G01
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?/dtgMiAMlQjT0wMjw0iOdtWXlKPUAWR7KyfTtDMCUkQVQoQQs/GLISh4?=
=?windows-1251?Q?Sy7rjQL4mS2wVHpOAErEr+GdyVPebnEdq9yjBjkNP3xitGKmFx0oxU5c?=
=?windows-1251?Q?y4DhffyQi9zy0p1/Q6AgX6A37HRox45SyPUXa+3gg2ljQ4+xrifLhn0V?=
=?windows-1251?Q?ZxTtGr/avPY8TnDDEDp+ZcowMi9XbhILvIw2xFRCXZo8Op8laiPfGjwY?=
=?windows-1251?Q?QmExzY9R3g4PN6yYKckaH+ORGyVAxTNt0MiwW8HVA60ucKXtJFvMQ2IU?=
=?windows-1251?Q?SXWjVo3nHMpi7M9jrOHph8Fw82sEW432szb41dgZh8cmzKz6FQbY2Opg?=
=?windows-1251?Q?WuCE6lcA4NfhcL9yGXAIbHgUgHT1OeGoi/zoQh4LSUqpj5kMwVCuLEZh?=
=?windows-1251?Q?Xev7JHDtkJahfFCAaAkBmAabcXrhTC4wXGQ+R1tyQCtUi5HqJrSKLZt2?=
=?windows-1251?Q?H30XZbNtqztW+qq/ynVTnfa5OkklsL/tSLNDF5Ht1OKO5zXi01GE20sv?=
=?windows-1251?Q?jb67MlOrSV8qBkh788HciFu33JBzBkf6neCkyMck05gyuDRZGp4HrLSO?=
=?windows-1251?Q?uXMOh6XlPoN8SnLtAN+oeYL1VpfTjRda+Lo0OSAlIPIDAbJRbZHu6ETr?=
=?windows-1251?Q?avyi2lX6x781GnBc8ou95MMsEiMGvvyB9PSlkWCqdqe4OzalopbT3sNy?=
=?windows-1251?Q?ZFoS//MdqUNk/cNkjgk8I8CtYDqOSvGEbFwu4Se9rDzGLToMCc2689SB?=
=?windows-1251?Q?ogaJdy0ke8J67QTm4EsMQo6SGqFe/17XT8w2H6dT4rFV3oWAv/KL9orv?=
=?windows-1251?Q?MQ1tkPXRttmnHsjVcbrxNDd5R+1XetlEvNGEIgGrMcZt/b2KHFPYmOLn?=
=?windows-1251?Q?gxQr0wgsbL8l8CbRt13026zt6QcdEe4wB0S2Xwi9JW+uej7yvXLF9bsE?=
=?windows-1251?Q?TZdCU2f4/jLajL1T/78yaKBlOWyaezeAz2LFK4bKXEI/ngBjhFT3vGJB?=
=?windows-1251?Q?hhsGOvbNujQwhIb00ZDkOCTX+r8v2fok94PgYm63huuEfdnoWClW6jIk?=
=?windows-1251?Q?ydvKIUl22VFnXC6+VKEyY/bOMFdScxi08OEG4487Cko/aKwe84/OzqgM?=
=?windows-1251?Q?eAB7eD7H1EHkXpev2cOu8nHSm+ElwHy8U84uKsEkfGs7OFxnlEh9ugXV?=
=?windows-1251?Q?H7q915Resb2sg9eAq1gBxMv5ddb+gI9ZYxYFrE4lB+BqEqcdQMP0c9BX?=
=?windows-1251?Q?IgTQbIHz+4a6HJg4KVhyXq/IF5dZAwAZ03Y5MMY8?=
X-Forefront-Antispam-Report:
CIP:203.189.69.107;CTRY:LK;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.atlas.lk;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(136003)(346002)(396003)(376002)(39860400002)(40470700004)(82740400003)(70586007)(70206006)(8676002)(356005)(86362001)(81166007)(32650700002)(66574015)(109986005)(83380400001)(9686003)(35950700001)(108616005)(24736004)(26005)(41300700001)(498600001)(7366002)(316002)(82310400005)(336012)(2860700004)(40460700003)(40480700001)(6666004)(2906002)(956004)(7406005)(5660300002)(7416002)(8936002)(362954009);DIR:OUT;SFP:1023;
X-OriginatorOrg: hemascol.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Aug 2022 01:48:14.2943
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 809e56e6-e952-4042-bff4-08da896089b4
X-MS-Exchange-CrossTenant-Id: 0b2ad702-c4fe-4319-a94f-4c01f321d5e7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b2ad702-c4fe-4319-a94f-4c01f321d5e7;Ip=[203.189.69.107];Helo=[mail.atlas.lk]
X-MS-Exchange-CrossTenant-AuthSource:
TYZAPC01FT021.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR06MB2219
X-Spam_score: 24.6
X-Spam_score_int: 246
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION: This email came from an external source. Do not
open attachments or click on links from unknown senders or unexpected emails.
Attention: Beneficiary We are not sure you received our previous message
but we wish to us this medium to officially inform you that following the
ongoing review of all unclaimed and delayed funds by the United Nations and
[...]
Content analysis details: (24.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.54.140 listed in psbl.surriel.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[jjjuan429[at]gmail.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=info%40acens.com;ip=40.95.54.140;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.140;r=doctor.nl2k.ab.ca]
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 HK_NAME_MR_MRS No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 XFER_LOTSA_MONEY Transfer a lot of money
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
Subject: {SPAM?} Attention: Beneficiary
ATTENTION: This email came from an external source. Do not open attachments=
or click on links from unknown senders or unexpected emails.
Attention: Beneficiary
We are not sure you received our previous message but we wish to us this me=
dium to officially inform you that following the ongoing review of all uncl=
aimed and delayed funds by the United Nations and the World Bank, your paym=
ent file was forwarded to our office for immediate payment of your long del=
ayed funds starting with a first transfer of US$10,000,000.00 with referenc=
e No. NG/FM14FGN, to your bank account.
However, we are surprised to receive another application this morning from =
your representative, MR.KRAUS MULLER,stating that you authorized him to tra=
nsfer the funds to another bank account in Germany and that you were recent=
ly involved in an auto accident and cannot walk right now.
Could you please confirm immediately, your relationship with MR.KRAUS MULLE=
R and also, confirm if the bank account in Germany as shown below is now yo=
ur new bank account information to receive your funds this week from our pa=
ying bank
ACCOUNT NO: 098-11180933-109
IBAN: CH55 0910 3045 6011 91110 0
SWIFT CODE: AREZCHZZ8OU
Kindly get in touch with us today by email with your telephone number to co=
nfirm this information to avoid wrong transfer of your funds, so that we ca=
n proceed with the transfer of the US$10,000,000.00 to your correct bank ac=
count as scheduled.
Yours sincerely,
MRS.JUAN HENRY
Director,Anti-Fraud Unit.
Financial Services Regulation Committee
Plot 33,ATB Way Cadastral Zone,Abuja,NG
________________________________
CONFIDENTIALITY
This message contains confidential information and is intended only for the=
individual named herein. Any attachment transmitted with this email is con=
fidential and intended solely for the use of the individual or entity to wh=
om this email is addressed. If you are not the named addressee you should n=
ot disseminate, distribute or copy this e-mail. Please notify the sender im=
mediately by e-mail if you have received this e-mail by mistake and delete =
this e-mail from your system or please notify the system manager. If you ar=
e not the intended recipient you are hereby notified that disclosing, copyi=
ng, distributing or taking any action in reliance on the contents of this i=
nformation is strictly prohibited and in the event of any unauthorized disc=
losure, copying and/or distribution of the contents the generating entity a=
nd/or the sender reserves the right to take any action against such unautho=
rized use in law, equity or otherwise.
The recipient should check this email and any attachments for the presence =
of viruses. The sender accepts no liability for any damage caused by any vi=
rus transmitted by this email, delays, data corruption, unauthorized access=
or unauthorized amendments.
________________________________
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 Aug 2022 01:24:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oSXH0-000D5t-MO
for dave@doctor.nl2k.ab.ca;
Sun, 28 Aug 2022 23:25:22 -0600
Resent-From: The Doctor
Resent-Date: Sun, 28 Aug 2022 23:25:22 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sgaapc01rlhn2140.outbound.protection.outlook.com ([40.95.54.140]:26255 helo=APC01-SG2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oSTtJ-000K83-MV
for root@nl2k.ab.ca;
Sun, 28 Aug 2022 19:48:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=LwGYqRQHkUFIhwcmiQdywkMCIv/rszmAb5ORMB2LZ0PRBAAbeEJjPSTEhkoeDOX4SIpT4MNB37aPxhWk5EBT+IZ/sN3u2r7Ds5z+8KBo5PIvkoEMQ/umNa+HKtfhgwTJS9FgF8mG3xOuLaqnZgCKgJJ2HrLc5rijNE5nyUbj5ovrNQfxdcvPvMwyYJdZjCF8z+MVEx004Y7eIUZ+//D5N/+WHMMaPTljHQxHilbq01RSHod7cQsyKnERLBT8JdMppZP1eslnwRDHH50JVbf1BkohPEglAs1KwFr/14gnsZrJgVi7rrEfJt9ntbPcHUeRD/CFNmlP2O3e5Tik2y2Nkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=g2v0lH7IlDiqRi0zRrz2XoYkrDxMr5/d+iWsUIghS+A=;
b=WpaoU6BWGphwbIRafHTxmvarYDQ5faF4zo9ZjgUf5zEPgqOVPhp6nXc3/FmaPrhjn86SSfNW6JjSVR/r+/UphIl7PadLEoqcdJjvat5UsfxoIfIGm0XRPKm8A55g/ayhoIEcuhvkHINCSPdLrwngciXmfRX6m3pJoiuTvceUnqVA8XlJCOw1oFSzREiIF3eNIF2NcpZ3ktHX4eSZVs4pCsh24Zp8dMpfmCrTRNx0g0wd6CNPVMje1WySjY5RdmWCht1UiALRHfqfLF7toeFn2T0zRz0PqZHvFT+V/O4XiagSC0pOMcmd9E5tbw2cSDXXckpfe7FwTO2hOR/hjBWXTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
203.189.69.107) smtp.rcpttodomain=hullnissan.com smtp.mailfrom=acens.com;
dmarc=fail (p=none sp=none pct=100) action=none header.from=acens.com;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=hemascol.onmicrosoft.com; s=selector2-hemascol-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=g2v0lH7IlDiqRi0zRrz2XoYkrDxMr5/d+iWsUIghS+A=;
b=qoOFMY5TWvn1u914TGo8cDvzBMg3I7pjIYUhL5wGivqvPa1i/35xDmvDC/YC8GEXo4OFClndzfIOqadOmIrx3N4RZD0R/gni3z45BXyPhT15aLXLFP2ZshqrDlDgYNH8Ye2n8ML587zvrOS2O9qkTHoA1isA1Mhg4Bbx6c+JJ10=
Received: from TYWPR01CA0045.jpnprd01.prod.outlook.com (2603:1096:400:17f::15)
by SG2PR06MB2219.apcprd06.prod.outlook.com (2603:1096:4:c::11) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5566.15; Mon, 29 Aug 2022 01:48:15 +0000
Received: from TYZAPC01FT021.eop-APC01.prod.protection.outlook.com
(2603:1096:400:17f:cafe::b5) by TYWPR01CA0045.outlook.office365.com
(2603:1096:400:17f::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15 via Frontend
Transport; Mon, 29 Aug 2022 01:48:14 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 203.189.69.107)
smtp.mailfrom=acens.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=acens.com;
Received-SPF: Fail (protection.outlook.com: domain of acens.com does not
designate 203.189.69.107 as permitted sender)
receiver=protection.outlook.com; client-ip=203.189.69.107;
helo=mail.atlas.lk;
Received: from mail.atlas.lk (203.189.69.107) by
TYZAPC01FT021.mail.protection.outlook.com (10.118.152.130) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.5566.15 via Frontend Transport; Mon, 29 Aug 2022 01:48:14 +0000
Received: from cpcex01.cpc.local (192.168.13.16) by cpcex01.cpc.local
(192.168.13.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 29 Aug
2022 05:35:43 +0530
Received: from User (2.56.58.78) by cpcex01.cpc.local (192.168.13.16) with
Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Mon, 29 Aug 2022
05:35:33 +0530
Reply-To:
From: Mrs.Juan Henry
Subject: Attention: Beneficiary
Date: Sun, 28 Aug 2022 17:06:08 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <2bd8768a72c649e2b17157e244655ac4@cpcex01.cpc.local>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 809e56e6-e952-4042-bff4-08da896089b4
X-MS-TrafficTypeDiagnostic: SG2PR06MB2219:EE_
X-Hemas-MessageTracker: #G01
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?/dtgMiAMlQjT0wMjw0iOdtWXlKPUAWR7KyfTtDMCUkQVQoQQs/GLISh4?=
=?windows-1251?Q?Sy7rjQL4mS2wVHpOAErEr+GdyVPebnEdq9yjBjkNP3xitGKmFx0oxU5c?=
=?windows-1251?Q?y4DhffyQi9zy0p1/Q6AgX6A37HRox45SyPUXa+3gg2ljQ4+xrifLhn0V?=
=?windows-1251?Q?ZxTtGr/avPY8TnDDEDp+ZcowMi9XbhILvIw2xFRCXZo8Op8laiPfGjwY?=
=?windows-1251?Q?QmExzY9R3g4PN6yYKckaH+ORGyVAxTNt0MiwW8HVA60ucKXtJFvMQ2IU?=
=?windows-1251?Q?SXWjVo3nHMpi7M9jrOHph8Fw82sEW432szb41dgZh8cmzKz6FQbY2Opg?=
=?windows-1251?Q?WuCE6lcA4NfhcL9yGXAIbHgUgHT1OeGoi/zoQh4LSUqpj5kMwVCuLEZh?=
=?windows-1251?Q?Xev7JHDtkJahfFCAaAkBmAabcXrhTC4wXGQ+R1tyQCtUi5HqJrSKLZt2?=
=?windows-1251?Q?H30XZbNtqztW+qq/ynVTnfa5OkklsL/tSLNDF5Ht1OKO5zXi01GE20sv?=
=?windows-1251?Q?jb67MlOrSV8qBkh788HciFu33JBzBkf6neCkyMck05gyuDRZGp4HrLSO?=
=?windows-1251?Q?uXMOh6XlPoN8SnLtAN+oeYL1VpfTjRda+Lo0OSAlIPIDAbJRbZHu6ETr?=
=?windows-1251?Q?avyi2lX6x781GnBc8ou95MMsEiMGvvyB9PSlkWCqdqe4OzalopbT3sNy?=
=?windows-1251?Q?ZFoS//MdqUNk/cNkjgk8I8CtYDqOSvGEbFwu4Se9rDzGLToMCc2689SB?=
=?windows-1251?Q?ogaJdy0ke8J67QTm4EsMQo6SGqFe/17XT8w2H6dT4rFV3oWAv/KL9orv?=
=?windows-1251?Q?MQ1tkPXRttmnHsjVcbrxNDd5R+1XetlEvNGEIgGrMcZt/b2KHFPYmOLn?=
=?windows-1251?Q?gxQr0wgsbL8l8CbRt13026zt6QcdEe4wB0S2Xwi9JW+uej7yvXLF9bsE?=
=?windows-1251?Q?TZdCU2f4/jLajL1T/78yaKBlOWyaezeAz2LFK4bKXEI/ngBjhFT3vGJB?=
=?windows-1251?Q?hhsGOvbNujQwhIb00ZDkOCTX+r8v2fok94PgYm63huuEfdnoWClW6jIk?=
=?windows-1251?Q?ydvKIUl22VFnXC6+VKEyY/bOMFdScxi08OEG4487Cko/aKwe84/OzqgM?=
=?windows-1251?Q?eAB7eD7H1EHkXpev2cOu8nHSm+ElwHy8U84uKsEkfGs7OFxnlEh9ugXV?=
=?windows-1251?Q?H7q915Resb2sg9eAq1gBxMv5ddb+gI9ZYxYFrE4lB+BqEqcdQMP0c9BX?=
=?windows-1251?Q?IgTQbIHz+4a6HJg4KVhyXq/IF5dZAwAZ03Y5MMY8?=
X-Forefront-Antispam-Report:
CIP:203.189.69.107;CTRY:LK;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.atlas.lk;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(136003)(346002)(396003)(376002)(39860400002)(40470700004)(82740400003)(70586007)(70206006)(8676002)(356005)(86362001)(81166007)(32650700002)(66574015)(109986005)(83380400001)(9686003)(35950700001)(108616005)(24736004)(26005)(41300700001)(498600001)(7366002)(316002)(82310400005)(336012)(2860700004)(40460700003)(40480700001)(6666004)(2906002)(956004)(7406005)(5660300002)(7416002)(8936002)(362954009);DIR:OUT;SFP:1023;
X-OriginatorOrg: hemascol.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Aug 2022 01:48:14.2943
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 809e56e6-e952-4042-bff4-08da896089b4
X-MS-Exchange-CrossTenant-Id: 0b2ad702-c4fe-4319-a94f-4c01f321d5e7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b2ad702-c4fe-4319-a94f-4c01f321d5e7;Ip=[203.189.69.107];Helo=[mail.atlas.lk]
X-MS-Exchange-CrossTenant-AuthSource:
TYZAPC01FT021.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR06MB2219
X-Spam_score: 24.6
X-Spam_score_int: 246
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION: This email came from an external source. Do not
open attachments or click on links from unknown senders or unexpected emails.
Attention: Beneficiary We are not sure you received our previous message
but we wish to us this medium to officially inform you that following the
ongoing review of all unclaimed and delayed funds by the United Nations and
[...]
Content analysis details: (24.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.54.140 listed in psbl.surriel.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[jjjuan429[at]gmail.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=info%40acens.com;ip=40.95.54.140;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.140;r=doctor.nl2k.ab.ca]
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 HK_NAME_MR_MRS No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 XFER_LOTSA_MONEY Transfer a lot of money
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
Subject: {SPAM?} Attention: Beneficiary
ATTENTION: This email came from an external source. Do not open attachments=
or click on links from unknown senders or unexpected emails.
Attention: Beneficiary
We are not sure you received our previous message but we wish to us this me=
dium to officially inform you that following the ongoing review of all uncl=
aimed and delayed funds by the United Nations and the World Bank, your paym=
ent file was forwarded to our office for immediate payment of your long del=
ayed funds starting with a first transfer of US$10,000,000.00 with referenc=
e No. NG/FM14FGN, to your bank account.
However, we are surprised to receive another application this morning from =
your representative, MR.KRAUS MULLER,stating that you authorized him to tra=
nsfer the funds to another bank account in Germany and that you were recent=
ly involved in an auto accident and cannot walk right now.
Could you please confirm immediately, your relationship with MR.KRAUS MULLE=
R and also, confirm if the bank account in Germany as shown below is now yo=
ur new bank account information to receive your funds this week from our pa=
ying bank
ACCOUNT NO: 098-11180933-109
IBAN: CH55 0910 3045 6011 91110 0
SWIFT CODE: AREZCHZZ8OU
Kindly get in touch with us today by email with your telephone number to co=
nfirm this information to avoid wrong transfer of your funds, so that we ca=
n proceed with the transfer of the US$10,000,000.00 to your correct bank ac=
count as scheduled.
Yours sincerely,
MRS.JUAN HENRY
Director,Anti-Fraud Unit.
Financial Services Regulation Committee
Plot 33,ATB Way Cadastral Zone,Abuja,NG
________________________________
CONFIDENTIALITY
This message contains confidential information and is intended only for the=
individual named herein. Any attachment transmitted with this email is con=
fidential and intended solely for the use of the individual or entity to wh=
om this email is addressed. If you are not the named addressee you should n=
ot disseminate, distribute or copy this e-mail. Please notify the sender im=
mediately by e-mail if you have received this e-mail by mistake and delete =
this e-mail from your system or please notify the system manager. If you ar=
e not the intended recipient you are hereby notified that disclosing, copyi=
ng, distributing or taking any action in reliance on the contents of this i=
nformation is strictly prohibited and in the event of any unauthorized disc=
losure, copying and/or distribution of the contents the generating entity a=
nd/or the sender reserves the right to take any action against such unautho=
rized use in law, equity or otherwise.
The recipient should check this email and any attachments for the presence =
of viruses. The sender accepts no liability for any damage caused by any vi=
rus transmitted by this email, delays, data corruption, unauthorized access=
or unauthorized amendments.
________________________________
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments