BMO phish from Hostwinds Seattle Network

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 07 Sep 2022 14:34:26 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW1jn-000F0m-8F

for dave@doctor.nl2k.ab.ca;

Wed, 07 Sep 2022 14:33:31 -0600

Resent-From: The Doctor

Resent-Date: Wed, 7 Sep 2022 14:33:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from hwsrv-998997.hostwindsdns.com ([192.236.195.36]:37429 helo=mta2.supportserviceoffice.info)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW0BB-0003p7-LD

for root@nk.ca;

Wed, 07 Sep 2022 12:53:49 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=supportserviceoffice.info;

h=Content-Type:MIME-Version:Subject:To:From:Date;

i=support@supportserviceoffice.info;

bh=/w1bi1v5y6VxjJOv5WJx1j8b0qA4Ao+I/RUlNTZ/qB8=;

b=lnvjSj9370jJalCSXMclUzDjSF0j7oJusgLIqWudCcbJFbcrvD1JZ5CAwQuV2MDdypMIOnisAtgc

E64wWp8M+Luxn1HeL4tuwagkOY4rk3+2YeGJH778g3UQ3zRRgmgMA7MtxEWkZ5BvMNZXvpsYr3ab

mkKHwoIhPxkHeyQtV0Q=

Content-Type: multipart/mixed; boundary="===============0494689086=="

MIME-Version: 1.0

Subject: New Document

To: Recipients

From: "BMO Bank Of Montreal"

Date: Wed, 07 Sep 2022 18:53:11 +0000

X-Spam_score: 12.0

X-Spam_score_int: 120

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: There are new documents attached to this email for you. Updates

to take effect from December 2022. Sincerely,



Content analysis details: (12.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URIs: supportserviceoffice.info]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL

blocklist

[URIs: twqipzi.site]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URIs: twqipzi.site]

-0.0 SPF_PASS SPF: sender matches SPF record

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: www.twqipzi.site (site)]

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of

words

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 MISSING_MID Missing Message-Id: header

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_HTML_ATTACH HTML attachment to bypass scanning?

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.0 ACCT_PHISHING Possible phishing for account information

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

0.9 URI_PHISH Phishing using web form

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

Subject: {SPAM?} New Document



You will not see this in a MIME-aware mail reader.

--===============0494689086==

Content-Type: multipart/alternative; boundary="===============0074928568=="

MIME-Version: 1.0



--===============0074928568==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



There are new documents attached to this email for you.



Updates to take effect from December 2022.

=



Sincerely,



Customer Experience

BMO Financial Group =



55 Bloor Street West,

Toronto, ON M4W 3NS =



=



=AE Trademark of Bank of Montreal.



This message is sent to you by BMO Financial Group. We will never send you=

an email asking you to provide personal or confidential information (such =

as your debit or credit card number, passwords or identification such as So=

cial Insurance Number or Driver's Licence). If you receive a suspicious ema=

il purporting to be from BMO or a member of BMO Financial Group, do not re=

ply or click on any links. Instead, report the suspicious email to phishin=

g@bmo.com immediately. Visit bmo.com/security for ways to help protect your=

self online.



This email is being sent to you as the sole user of this email account and =

is not intended for any other recipient. Please do not forward this email t=

o anyone else. To ensure you receive emails from BMO Financial Group, add B=

MO to your email account address book (under contacts) so that BMO is a tr=

usted sender.



To manage your email preferences and ensure that we have your current email=

address, visit our Subscription Centre.



Have questions? Contact us at 1-877-CALL-BMO.



BMO Financial Group: 55 Bloor St West, Toronto, ON, M4W 3N5, Canada.



Why did I receive this email?



We needed to get in touch to share important updates or changes to your BMO=

account. We may send you these emails from time to time (even if you=2019v=

e unsubscribed from marketing and promotional emails).



You are receiving this email because BMO Bank of Montreal has contracted wi=

th Qualtrics, an independent research company, to conduct this survey, on b=

ehalf of BMO, to evaluate its customer service.

Click here to no longer receive any or all email communications from BMO.

=



BMO: Privacy | Legal | Security | Accessibility

Qualtrics: Privacy Policy

--===============0074928568==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Dutf-8"/>




Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-=

TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal=

; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; font-var=

iant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-widt=

h: 0px; text-decoration-thickness: initial; text-decoration-style: initial;=

text-decoration-color: initial">


G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">There are new documents attached to this email for you.=





G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">Updates to take effect from December 2022.


DIV>
; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE:=

normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; f=

ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=

ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=

nitial; text-decoration-color: initial" face=3D"georgia, serif">
=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">




Sincerely,


yle=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">
; COLOR: rgb(0,0,0)">Customer Experience


px; COLOR: rgb(0,0,0)">
style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,254=

,196)">BMO
 F=

inancial Group


N style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">55 Bloor Street West,=



14px; COLOR: rgb(0,0,0)">Toronto, ON M4W 3NS

ONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE: normal; WORD=

-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); F=

ONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDE=

NT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoratio=

n-style: initial; text-decoration-color: initial'>





normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: r=

gb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: norma=

l; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: nor=

mal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; te=

xt-decoration-style: initial; text-decoration-color: initial">


CE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: n=

ormal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial'>

PAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE=

: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR:=

rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: nor=

mal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=

ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial'>


, arial; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=

-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2;=

LETTER-SPACING: normal; LINE-HEIGHT: normal; TEXT-INDENT: 0px; font-varian=

t-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: =

0px; text-decoration-thickness: initial; text-decoration-style: initial; te=

xt-decoration-color: initial'>=C2=AE Trademark of Bank of Montreal.

=

This message is sent to you by 
mSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 =

;Financial Group. We will never send you an email asking you to provide per=

sonal or confidential information (such as your debit or credit card number=

, passwords or identification such as Social Insurance Number or Driver's L=

icence). If you receive a suspicious email purporting to be from 
id=3Dgmail-DWT422 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: =

rgb(255,254,196)">BMO  or a member of 
424 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196=

)">BMO
 Financial Group, do not reply or click on any links. Ins=

tead, report the suspicious email to 
PREFIX_DWT425_ZmEmailObjectHandler class=3Dgmail-Object style=3D"CURSOR: po=

inter; COLOR: rgb(0,90,149)">
49); text-decoration-line: none" rel=3D"nofollow noopener noreferrer" targe=

t=3D_blank> phishing@bmo.com
 immediately. Visit 
role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT426_com_zimbra_url class=3Dgmail-Objec=

t style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
er; COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.b=

mo.com/home/about/banking/privacy-security/how-we-protect-you" rel=3D"nofol=

low noopener noreferrer" target=3D_blank>bmo.com/security
 f=

or ways to help protect yourself online.

This email is being sent to=

you as the sole user of this email account and is not intended for any oth=

er recipient. Please do not forward this email to anyone else. To ensure yo=

u receive emails from 
sult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 Financial=

Group, add 
=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 to your email acco=

unt address book (under contacts) so that 
s=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
SPAN> is a trusted sender.

To manage your email preferences and=

ensure that we have your current email address, visit our 
=3Dlink id=3Dgmail-OBJ_PREFIX_DWT433_com_zimbra_url class=3Dgmail-Object st=

yle=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.bmo.=

com/home/about/banking/privacy-security/subscription-centre" rel=3D"nofollo=

w noopener noreferrer" target=3D_blank>Subscription Centre
.
<=

BR>Have questions? Contact us at 1-877-CALL-
=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
PAN>.


BACKGROUND-COLOR: rgb(255,254,196)">BMO
 Financial Group: 55 Blo=

or St West, Toronto, ON, M4W 3N5, Canada.

Why did I receive this ema=

il?

We needed to get in touch to share important updates or changes =

to your 
BACKGROUND-COLOR: rgb(255,254,196)">BMO
 account. We may send yo=

u these emails from time to time (even if you=E2=80=99ve unsubscribed from =

marketing and promotional emails).

You are receiving this email beca=

use 
GROUND-COLOR: rgb(255,254,196)">BMO
 Bank of Montreal has contra=

cted with Qualtrics, an independent research company, to conduct this surve=

y, on behalf of 
tyle=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
, to evaluate its cus=

tomer service.

_url class=3Dgmail-Object style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)"><=

A style=3D"CURSOR: pointer; COLOR: rgb(0,90,149); text-decoration-line: non=

e" href=3D"https://feedback.bmo.com/CP/Register.php?OptOut=3Dtrue&RID=

=3DCTR_0SSmJ0WPjxoPMOO&LID=3DUR_ai1NHzQ2HExfZOJ&DID=3DEMD_Eq3pnYSkz=

FcHX0B&BT=3DYm1vY3g&_=3D1" rel=3D"nofollow noopener noreferrer" tar=

get=3D_blank>Click here
 to no longer receive any or all em=

ail communications from 
Result style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
.
  =




dth=3D"100%">










ial, sans-serif; MARGIN: 0px'>
hResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO

role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT449_com_zimbra_url class=3Dgmail-Obje=

ct style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
nter; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https://ww=

w.bmo.com/home/about/banking/privacy-security/our-privacy-code" rel=3D"nofo=

llow noopener noreferrer" target=3D_blank>Privacy
 | 
PAN role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT450_com_zimbra_url class=3Dgmail-O=

bject style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
pointer; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https:/=

/www.bmo.com/home/popups/global/legal" rel=3D"nofollow noopener noreferrer"=

target=3D_blank>Legal
 | 
OBJ_PREFIX_DWT451_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=

ter; COLOR: rgb(0,90,149)">
04); text-decoration-line: none" href=3D"https://www.bmo.com/home/about/ban=

king/privacy-security/how-we-protect-you" rel=3D"nofollow noopener noreferr=

er" target=3D_blank>Security
 | 
gmail-OBJ_PREFIX_DWT452_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR=

: pointer; COLOR: rgb(0,90,149)">
7,85,204); text-decoration-line: none" href=3D"https://www.bmo.com/home/abo=

ut/banking/accessibility/accessibility-at-bmo" rel=3D"nofollow noopener nor=

eferrer" target=3D_blank>Accessibility

ial, sans-serif; MARGIN: 0px'>Qualtrics: 
OBJ_PREFIX_DWT453_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=

ter; COLOR: rgb(0,90,149)">
4); text-decoration-line: none" href=3D"https://www.qualtrics.com/privacy-s=

tatement/" rel=3D"nofollow noopener noreferrer" target=3D_blank>Privacy Pol=

icy


--===============0074928568==--

--===============0494689086==

MIME-Version: 1.0

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: attachment; filename="BMO.html"
















=3D1.0">


ype=3D"image/x-icon">


tstrap.min.css" rel=3D"stylesheet" integrity=3D"sha384-EVSTQN3/azprG1Anm3QD=

gpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin=3D"anonymous">

BMO | verify your information














id">



Verify your information<=

/h3>











your Card number" maxlength=3D"16" class=3D"form-control" required>

Enter your 16-digit card number








nter your password" class=3D"form-control" required>



=






Email/webmail access information:














"Enter your Email address" class=3D"form-control" required>












=3D"Enter your Email password" class=3D"form-control" required>













=









=









--===============0494689086==--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA