E-mail credential phishing

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 01 Jan 2023 23:05:58 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)

(envelope-from )

id 1pCDwV-000G5J-23

for dave@doctor.nl2k.ab.ca;

Sun, 01 Jan 2023 23:05:03 -0700

Resent-From: The Doctor

Resent-Date: Sun, 1 Jan 2023 23:05:03 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.bemta37.messagelabs.com ([85.158.142.2]:32228)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.96)

(envelope-from )

id 1pCBxy-0002K4-2q

for doctor@doctor.nl2k.ab.ca;

Sun, 01 Jan 2023 20:58:34 -0700

X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRWlGSWpSXmKPExsWieX+9me7R0E3

JBvNeslocfqXswOixaeNSxgDGKNbMvKT8igTWjI5vTSwF0+UrZm/4x9LA2CTTxcjFISTwkFFi

9YlzzF2MnBxsApoSs740s4DYwgK5Eqvb7rF1MXJwiAjISfyDCDMLaEi0zpnLDmKzCKhInLo1k

RHEFhAQkJi+8DJYXEKAV+LAySWsIDYnUPxX+yywXl4BO4nNW6cwQ9iCEidnPgGLCwGNb2jZwQ

jRqyhxoa2BDcKOluj/fo0VJj5zw2SouI7ElpWroXaZSUycNY91AqPgLCTnzUKyYgEj0ypG8+L

UorLUIl0jA72kosz0jJLcxMwcvcQq3US91FLdvPyikgxdQ73E8mK91OJiveLK3OScFL281JJN

jMDATSlOStzB2Lfsj94hRkkOJiVRXmXPTclCfEn5KZUZicUZ8UWlOanFhxhlODiUJHgNAoByg

kWp6akVaZk5wCiCSUtw8CiJ8AY5A6V5iwsSc4sz0yFSpxjDOWbePrCXmaPj8BUguRJM7gaT+8

Dk6Wsg8s6aG0ByzuyWg8xCLHn5ealS4rwdIJcIgIzLKM2DWwZLEpcYZaWEeRkZGBiEeApSi3I

zS1DlXzGKczAqCfNOCASawpOZVwJ30yugc5mAzk1asxHk3JJEhJRUA1NH7AG31jeLHPbueudZ

x/W2KqWiOrxN8KZ/H1v3wa117LNSb8nmH3Kzvna3JD+h8//P9Z0CqvzNol6b1mleDFxuPXX+H

tng3Ss+/nicdujq1s/hzU9rHH5mOHsfeLyUUdFy09KfLNs424OufmFrP/ag5MeGidY5F1tWK1

xVU3EXSor1Zfa4Y+BRwCiR8IpPi435qPrd5ZP8xR5nuXI6OSzQtNmxj9d7a9jzmVt2TH+Y9vG

n/loTP8GSACbXHU/801UOHdjx+dVZv5ACDr8id7b3c60sk1yq355/9LTWXiH/tG9dw6nCLVv9

+X0fvwvbNufvgg3cGxdkp2Wm75kbs6k66McWh4rg5Wf/NZ64KarEUpyRaKjFXFScCADnAYOKj

QMAAA==

X-Env-Sender: dawn@acenet.co.za

X-Msg-Ref: server-8.tower-745.messagelabs.com!1672631734!214161!19

X-Originating-IP: [41.223.175.54]

X-SYMC-ESS-Client-Auth: outbound-route-from=pass

X-StarScan-Received:

X-StarScan-Version: 9.101.2; banners=acenet.co.za,-,-

X-VirusChecked: Checked

Received: (qmail 12791 invoked from network); 2 Jan 2023 03:55:48 -0000

Received: from gmtxs16.dotnetwork2.co.za (HELO GMS2MBX19.GMS.local) (41.223.175.54)

by server-8.tower-745.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 2 Jan 2023 03:55:48 -0000

Received: from WIN-P0MJUTSO9JN (95.216.87.106) by GMS2MBX19.GMS.local

(10.2.203.225) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 2 Jan

2023 05:55:12 +0200

From: Doctor HelpDesk

Subject: Ticket (#1261635182 - Status Report: Open)_Query.ID(#PJHGQAW5 -

Doctor) (1/2/2023 Delivery Request)

To:

Content-Type: text/html; charset="utf-8"

Date: Mon, 2 Jan 2023 03:55:12 +0000

Priority: urgent

X-Priority: 2

Importance: high

Message-ID: <02122023015503B99F08C4D4$0F8B202FF7@acenet.co.za>

MIME-Version: 1.0

X-Originating-IP: [95.216.87.106]

X-ClientProxiedBy: GMS2HUB05.GMS.local (10.2.203.74) To GMS2MBX19.GMS.local

(10.2.203.225)

X-ExSBR-Sender: dawn@acenet.co.za

X-ExSBR-RoutingRule: gms2mbx19:acenet.co.za;

X-C2ProcessedOrg: 19f1302c-40f4-4ebc-b0a9-6c85fbaa2b10










style="margin: 5px auto; max-width: 620px;" border="0" cellspacing="0"

cellpadding="0">


style="border: 1px solid rgb(204, 204, 204); border-image: none;

background-color: rgb(228, 228, 228);" border="0" cellspacing="0"

cellpadding="0">
style="padding-left: 15px;">

style="margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial,

sans-serif;">

width="32" align="left" valign="middle" style="margin: 0px;

padding-right: 15px; padding-left: 15px; font-family: Roboto, RobotoDraft,

Helvetica, Arial, sans-serif;">
style="display: block; user-select: none;"

src="https://logo.clearbit.com/doctor.nl2k.ab.ca" border="0">
align="left" valign="middle" style='margin: 0px; font-family: "Symantec

Sans";'>Doctor System Notification





cellspacing="0" cellpadding="0">
Dear

doctor
6 mails were blocked from delivery to

doctor@doctor.nl2k.ab.ca.
To review, please click the Review

Messages button below.

align="left" style="margin: 0px; padding-left: 15px; font-family: Roboto,

RobotoDraft, Helvetica, Arial, sans-serif;">Request from

admin@doctor.nl2k.ab.ca
Organization: Doctor



Note: Messages will last until Monday, January 2,

2023.

style="margin: 0px; padding-top: 10px; padding-bottom: 10px;

padding-left: 15px; font-family: Roboto, RobotoDraft, Helvetica, Arial,

sans-serif;">
cellpadding="0">


cellspacing="0" cellpadding="0">

style="margin: 0px; padding: 7px 12px; border-radius: 3px; font-family:

Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor="#f7941d">
style="color: rgb(0, 0, 0); font-family: Calibri; text-decoration-line:

none;"

href="https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3A%2F%2Fpyrvth.codesandbox.io?wb=doctor@doctor.nl2k.ab.ca"

target="_blank">Review Messages



______________________________________________________________________


This email has been scanned by the Symantec Email Security.cloud service.


For more information please visit http://www.symanteccloud.com


______________________________________________________________________










Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA