Nigerian Beneficiary spam from Hotmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 20 Feb 2023 01:33:16 -0700
Received: from 124x35x5x2.ap124.ftth.ucom.ne.jp ([124.35.5.2]:2107 helo=mail-smtp.pappy.jp)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pU1as-000GZ3-18
for dave@doctor.nl2k.ab.ca;
Mon, 20 Feb 2023 01:32:15 -0700
Received: from User (128-162.prod.194964.com [172.16.128.162])
by mail-smtp.pappy.jp (Postfix) with SMTP id 077B626FD86;
Mon, 20 Feb 2023 14:25:12 +0900 (JST)
Reply-To:
From: "Mr. George McConnell"
Subject: Greetings To You..
Date: Sun, 19 Feb 2023 21:25:25 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 23.9
X-Spam_score_int: 239
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION: Beneficiary. I am writing to inform you that your
compensation/winning payment was approved today by the Board and Directors
of the United Nation Committee on Rewards and Compensation. You are hereby
required to reconfirm your following details as to enable the financial department
to release your funds to you without any delay.
Content analysis details: (23.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[georgemcconnell100(at)outlook.com]
1.2 MISSING_HEADERS Missing To: header
1.5 HK_SCAM_N8 BODY: No description available.
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_USER From misspaced, from "User"
2.0 HK_SCAM No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HK_NAME_MR_MRS No description available.
0.0 T_HK_NAME_MR_MRS No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
1.8 FORM_FRAUD_3 Fill a form and several fraud phrases
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
Subject: {SPAM?} Greetings To You..
ATTENTION: Beneficiary.
I am writing to inform you that your compensation/winning payment was approved today by the Board and Directors of the United Nation Committee on Rewards and Compensation.
You are hereby required to reconfirm your following details as to enable the financial department to release your funds to you without any delay.
Thus, reconfirm the following:
1. Your full name:
2. Your residential address:
3. Your direct phone number:
4. Your age:
We look forward to your prompt response.
Thank you.
Mr. George McConnell.
Director of Payment,
UN Foreign Office.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 20 Feb 2023 01:33:16 -0700
Received: from 124x35x5x2.ap124.ftth.ucom.ne.jp ([124.35.5.2]:2107 helo=mail-smtp.pappy.jp)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pU1as-000GZ3-18
for dave@doctor.nl2k.ab.ca;
Mon, 20 Feb 2023 01:32:15 -0700
Received: from User (128-162.prod.194964.com [172.16.128.162])
by mail-smtp.pappy.jp (Postfix) with SMTP id 077B626FD86;
Mon, 20 Feb 2023 14:25:12 +0900 (JST)
Reply-To:
From: "Mr. George McConnell"
Subject: Greetings To You..
Date: Sun, 19 Feb 2023 21:25:25 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 23.9
X-Spam_score_int: 239
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTENTION: Beneficiary. I am writing to inform you that your
compensation/winning payment was approved today by the Board and Directors
of the United Nation Committee on Rewards and Compensation. You are hereby
required to reconfirm your following details as to enable the financial department
to release your funds to you without any delay.
Content analysis details: (23.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[georgemcconnell100(at)outlook.com]
1.2 MISSING_HEADERS Missing To: header
1.5 HK_SCAM_N8 BODY: No description available.
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_USER From misspaced, from "User"
2.0 HK_SCAM No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HK_NAME_MR_MRS No description available.
0.0 T_HK_NAME_MR_MRS No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
1.8 FORM_FRAUD_3 Fill a form and several fraud phrases
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
Subject: {SPAM?} Greetings To You..
ATTENTION: Beneficiary.
I am writing to inform you that your compensation/winning payment was approved today by the Board and Directors of the United Nation Committee on Rewards and Compensation.
You are hereby required to reconfirm your following details as to enable the financial department to release your funds to you without any delay.
Thus, reconfirm the following:
1. Your full name:
2. Your residential address:
3. Your direct phone number:
4. Your age:
We look forward to your prompt response.
Thank you.
Mr. George McConnell.
Director of Payment,
UN Foreign Office.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments