RBC PHish from Heymman Servers Corporation
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 27 Dec 2022 17:11:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pAK1P-000P0G-1y
for dave@doctor.nl2k.ab.ca;
Tue, 27 Dec 2022 17:10:15 -0700
Resent-From: The Doctor
Resent-Date: Tue, 27 Dec 2022 17:10:15 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [192.188.88.231] (port=63660 helo=gki.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96)
(envelope-from)
id 1pABV0-000ErP-1N
for postmaster@nl2k.ab.ca;
Tue, 27 Dec 2022 08:04:19 -0700
Reply-To:
From: RBC Royal Bank
To: postmaster@nl2k.ab.ca
Subject: Security Alert: Your Attention is Required
Date: 27 Dec 2022 07:01:39 -0800
Message-ID: <20221227070139.A2107FCE4701755F@gki.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your password has been disabled! Your password has been entered
incorrectly three times and for your security, we have disabled your password.
To enable your password, please sign in and follow instructions to review
your recent activities.
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: sendgrid.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[f.morgan12[at]yahoo.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[192.188.88.231 listed in bb.barracudacentral.org]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.8 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX
Subject: {SPAM?} Security Alert: Your Attention is Required
/TR/xhtml1/DTD/xhtml1-strict.dtd">
itor-version=3D"2">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
ily:arial,helvetica,sans-serif; color:#000000; background-color:#FFFFFF;" d=
ata-link-color=3D"#1188E6">
font-size: 14px" class=3D"webkit">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%" width=3D"100%" class=3D"wrapper" bgcolor=
=3D"#ffffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
=3D"content-container" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
cellpadding=3D"0">
style=3D"width: 100%; max-width: 600px;" border=3D"0" cellspacing=3D"0" cel=
lpadding=3D"0">
ole=3D"modules-container" style=3D"padding: 0px; text-align: left; color: r=
gb(0, 0, 0);" bgcolor=3D"#ffffff">
header preheader-hide" role=3D"module" style=3D"width: 0px; height: 0px; co=
lor: transparent; display: none !important; visibility: hidden; opacity: 0;=
mso-hide: all;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-type=
=3D"preheader">
font-size: 14px; margin: 0; padding: 0">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%; table-layout: fixed;" width=3D"100%" clas=
s=3D"wrapper" role=3D"module" border=3D"0" cellspacing=3D"0" cellpadding=3D=
"0" data-type=3D"image" data-muid=3D"6ad0916d-aa5c-4e0a-93cd-c02baca8ea84">=
ght: 10px; font-size: 6px;">
![]()
o !important; color: rgb(0, 0, 0); font-family: Helvetica, arial, sans-seri=
f; font-size: 16px; text-decoration: none; display: block; max-width: 20% !=
important;" width=3D"120" class=3D"max-width" alt=3D"" src=3D"http://cdn.mc=
auto-images-production.sendgrid.net/32724a092ad701f7/8968ea1b-5ec0-4277-828=
8-eba63a941316/512x512.png" border=3D"0" data-responsive=3D"true" data-prop=
ortionally-constrained=3D"true" height=3D"120">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"87a492b9-b53c-4895-ae63-fa9b6f456d56" data-mc-mo=
dule-version=3D"2019-10-22">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: center; font-family: inherit;">
le=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans-ser=
if; font-size: 24px;">Your password has been disabled!
an>
font-size: 14px">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"divider" data-muid=3D"e34902f9-fa0b-44a8-9d6c-7c3c7cbc7bae">
"padding: 0px 40px;" bgcolor=3D"">
-height: 1px; font-size: 1px;" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0">
d>
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"31cfc55c-f773-4f23-8098-33b3e19d0441" data-mc-mo=
dule-version=3D"2019-10-22">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: left; font-family: inherit;">
=3D"font-family: trebuchet ms,helvetica,sans-serif;">Your password has been=
entered incorrectly three times and for your security, we have disabled yo=
ur password.
font-size: 14px; text-align: left; font-family: inherit;">
=3D"font-family: trebuchet ms,helvetica,sans-serif;">
To enable your password, please sign in and follow instructions to review y=
our recent activities.
font-size: 14px; text-align: left; font-family: inherit;">
font-size: 14px; font-family: inherit;">
ky-krill.glitch.me">
ebuchet ms,helvetica,sans-serif; font-size: 14px;">Sign
>
ms,helvetica,sans-serif; font-size: 14px;">in to
pan>
tica,sans-serif; font-size: 14px;"> my account
font-size: 14px; font-family: inherit;">
font-size: 14px; font-family: inherit;">
rebuchet ms,helvetica,sans-serif;">We take your security seriously want to =
keep you in Me loop with important activities in your account. So, if somet=
hing does. look right or you weren't aware of message, we are here to help.=
Thank you for being a valued customer.
y: arial,helvetica,sans-serif;
font-size: 14px">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"4270237d-6da1-4132-8511-ffe90bece983">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: center; font-family: inherit;">
le=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans-ser=
if; font-size: 24px;">Enjoy value, flexibility
style=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans=
-serif; font-size: 24px;">,
,sans-serif; font-size: 24px;"> and choice
iv>
font-size: 14px; text-align: center; font-family: inherit;">
8px;">Are you signed up for RBC ULTIMATE REWARDS?
Here are just some of the perks you could get with RBC Ultimate Rewards.
pan>
font-size: 14px">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 27 Dec 2022 17:11:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pAK1P-000P0G-1y
for dave@doctor.nl2k.ab.ca;
Tue, 27 Dec 2022 17:10:15 -0700
Resent-From: The Doctor
Resent-Date: Tue, 27 Dec 2022 17:10:15 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [192.188.88.231] (port=63660 helo=gki.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96)
(envelope-from
id 1pABV0-000ErP-1N
for postmaster@nl2k.ab.ca;
Tue, 27 Dec 2022 08:04:19 -0700
Reply-To:
From: RBC Royal Bank
To: postmaster@nl2k.ab.ca
Subject: Security Alert: Your Attention is Required
Date: 27 Dec 2022 07:01:39 -0800
Message-ID: <20221227070139.A2107FCE4701755F@gki.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your password has been disabled! Your password has been entered
incorrectly three times and for your security, we have disabled your password.
To enable your password, please sign in and follow instructions to review
your recent activities.
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: sendgrid.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[f.morgan12[at]yahoo.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[192.188.88.231 listed in bb.barracudacentral.org]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.8 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX
Subject: {SPAM?} Security Alert: Your Attention is Required
/TR/xhtml1/DTD/xhtml1-strict.dtd">
itor-version=3D"2">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
ily:arial,helvetica,sans-serif; color:#000000; background-color:#FFFFFF;" d=
ata-link-color=3D"#1188E6">
font-size: 14px" class=3D"webkit">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%" width=3D"100%" class=3D"wrapper" bgcolor=
=3D"#ffffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
=3D"content-container" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
cellpadding=3D"0">
style=3D"width: 100%; max-width: 600px;" border=3D"0" cellspacing=3D"0" cel=
lpadding=3D"0">
ole=3D"modules-container" style=3D"padding: 0px; text-align: left; color: r=
gb(0, 0, 0);" bgcolor=3D"#ffffff">
header preheader-hide" role=3D"module" style=3D"width: 0px; height: 0px; co=
lor: transparent; display: none !important; visibility: hidden; opacity: 0;=
mso-hide: all;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-type=
=3D"preheader">
font-size: 14px; margin: 0; padding: 0">
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%; table-layout: fixed;" width=3D"100%" clas=
s=3D"wrapper" role=3D"module" border=3D"0" cellspacing=3D"0" cellpadding=3D=
"0" data-type=3D"image" data-muid=3D"6ad0916d-aa5c-4e0a-93cd-c02baca8ea84">=
ght: 10px; font-size: 6px;">
o !important; color: rgb(0, 0, 0); font-family: Helvetica, arial, sans-seri=
f; font-size: 16px; text-decoration: none; display: block; max-width: 20% !=
important;" width=3D"120" class=3D"max-width" alt=3D"" src=3D"http://cdn.mc=
auto-images-production.sendgrid.net/32724a092ad701f7/8968ea1b-5ec0-4277-828=
8-eba63a941316/512x512.png" border=3D"0" data-responsive=3D"true" data-prop=
ortionally-constrained=3D"true" height=3D"120">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"87a492b9-b53c-4895-ae63-fa9b6f456d56" data-mc-mo=
dule-version=3D"2019-10-22">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: center; font-family: inherit;">
le=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans-ser=
if; font-size: 24px;">Your password has been disabled!
an>
font-size: 14px">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"divider" data-muid=3D"e34902f9-fa0b-44a8-9d6c-7c3c7cbc7bae">
"padding: 0px 40px;" bgcolor=3D"">
-height: 1px; font-size: 1px;" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0">
d>
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"31cfc55c-f773-4f23-8098-33b3e19d0441" data-mc-mo=
dule-version=3D"2019-10-22">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: left; font-family: inherit;">
=3D"font-family: trebuchet ms,helvetica,sans-serif;">Your password has been=
entered incorrectly three times and for your security, we have disabled yo=
ur password.
font-size: 14px; text-align: left; font-family: inherit;">
=3D"font-family: trebuchet ms,helvetica,sans-serif;">
To enable your password, please sign in and follow instructions to review y=
our recent activities.
font-size: 14px; text-align: left; font-family: inherit;">
font-size: 14px; font-family: inherit;">
ky-krill.glitch.me">
ebuchet ms,helvetica,sans-serif; font-size: 14px;">Sign
>
ms,helvetica,sans-serif; font-size: 14px;">in to
pan>
tica,sans-serif; font-size: 14px;"> my account
font-size: 14px; font-family: inherit;">
font-size: 14px; font-family: inherit;">
rebuchet ms,helvetica,sans-serif;">We take your security seriously want to =
keep you in Me loop with important activities in your account. So, if somet=
hing does. look right or you weren't aware of message, we are here to help.=
Thank you for being a valued customer.
y: arial,helvetica,sans-serif;
font-size: 14px">
able-layout: fixed;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" data-=
type=3D"text" data-muid=3D"4270237d-6da1-4132-8511-ffe90bece983">
"padding: 18px 0px; text-align: inherit; line-height: 22px;" bgcolor=3D""><=
div style=3D"font-family: arial,helvetica,sans-serif;
font-size: 14px">
f;
font-size: 14px; text-align: center; font-family: inherit;">
le=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans-ser=
if; font-size: 24px;">Enjoy value, flexibility
style=3D"color: rgb(15, 90, 195); font-family: trebuchet ms,helvetica,sans=
-serif; font-size: 24px;">,
,sans-serif; font-size: 24px;"> and choice
iv>
font-size: 14px; text-align: center; font-family: inherit;">
8px;">Are you signed up for RBC ULTIMATE REWARDS?
Here are just some of the perks you could get with RBC Ultimate Rewards.
pan>
font-size: 14px">
=20=20=20=20
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments