Credential phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 16 Sep 2022 22:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZP2N-00024b-GT

for dave@doctor.nl2k.ab.ca;

Fri, 16 Sep 2022 22:02:39 -0600

Resent-From: The Doctor

Resent-Date: Fri, 16 Sep 2022 22:02:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [59.61.79.94] (port=52128 helo=cxmsmtp.cgmh.com.cn)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZOhN-000PA4-Ao

for sales@nk.ca;

Fri, 16 Sep 2022 21:41:08 -0600

Received: from adm.cgmh.com.cn (unknown [10.36.11.108])

by cxmsmtp.cgmh.com.cn (Postfix) with ESMTP id C257910097E3;

Sat, 17 Sep 2022 11:36:59 +0800 (CST)

From: "Account Email Administration"

To: info@accountupgrade.com

Reply-To: belmontrichard0@gmail.com

Subject: Pending Mails Recovery Portal.

Date: Sat, 17 Sep 2022 11:36:59 +0800

Message-Id: <20220917033634.M83766@adm.cgmh.com.cn>

X-Mailer: OpenWebMail 2.54

X-OriginatingIP: 189.191.190.199 (chenzz)

MIME-Version: 1.0

Content-Type: text/html;

charset=gb2312

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Pending Mails Recovery Portal Access expiration counter to

your pending mails. To continue using your account you need to confirm your

mailbox. Enter your password below.



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 HK_RANDOM_FROM From username looks random

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[belmontrichard0[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[ailacctdministration[at]hotmail.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

1.6 SPOOFED_FREEMAIL No description available.

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

Subject: {SPAM?} Pending Mails Recovery Portal.
















ures: normal; font-variant-caps: normal; letter-spacing: normal; text-align=

: start; text-indent: 0px; text-transform: none; white-space: normal; word-=

spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: in=

itial; text-decoration-style: initial; text-decoration-color: initial; font=

-family: Roboto, sans-serif; margin-top: 0px; line-height: 1.2;">
r=3D"#0000ff">Pending Mails Recovery Portal




t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=

; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=

: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial; font-size: =

14px; border-width: 1px; border-style: solid; border-color: rgb(224, 224, 2=

24); font-family: Roboto, sans-serif; background: rgb(249, 249, 249) none r=

epeat scroll 0% 50%; color: rgb(32, 31, 30); padding: 13px 18px; margin: 0p=

x;">Access expiration counter to your =

pending mails.








t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=

; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=

: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial; font-size: =

11px; margin-bottom: 0px; font-family: Verdana, Arial, Helvetica, sans-seri=

f; margin-top: 0px; color: rgb(51, 51, 51);">



2, 31, 30);" />






ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
otoDraft, Helvetica, Arial, sans-serif;">To continue using your acc=

ount you need 
 
=3D"font-size: 12pt;">
, sans-serif;">
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">to confir=

m your mailbox.


Enter your password below.





E-mail:







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">


Arial, Helvetica, sans-serif;">
=3D"font-size: 13px;">
rif;">Password:
pan>




 







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">Please reply and confirm your mailbox or you will lose y=

our account within 24 hours.







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">







res: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: n=

ormal; text-align: start; text-indent: 0px; text-transform: none; white-spa=

ce: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decorat=

ion-thickness: initial; text-decoration-style: initial; text-decoration-col=

or: initial; font-size: 14px; font-family: Roboto, sans-serif; margin: 0px;=

">© 2022<=

span> 
Access Control Portal.
nt>











Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA