Western Union phish from NaviSite Maryland USA
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 27 Apr 2023 23:09:40 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1psGKH-0005tu-Kj
for dave@doctor.nl2k.ab.ca;
Thu, 27 Apr 2023 23:07:21 -0600
Resent-From: The Doctor
Resent-Date: Thu, 27 Apr 2023 23:07:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from minoml002.navisite.net ([216.251.225.208]:58152)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1psEHf-000Pcx-Il
for root@nk.ca;
Thu, 27 Apr 2023 20:56:35 -0600
Received: from User (unknown [216.251.225.236])
by minoml002.navisite.net (Postfix) with SMTP id F32C9C2E4014;
Thu, 27 Apr 2023 19:54:40 -0400 (EDT)
Reply-To:
From: "Miss. Brenda Smith"
Subject: ?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
Date: Fri, 28 Apr 2023 02:54:46 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ?OFFICE OF THE MONEY GRAM MONEY TRANSFER. COTONOU BENIN REPUBLIC/ADDRESS
358 AGBOKOU,ANKPA ROAD OPPOSITE TUNDE MOTORS COTONOU. WE WISH TO ACKNOWLEDGE
THE RECEIPT OF YOUR EMAIL IN THIS MONEY GRAM OFFICE AND THE CONTENT IS WELL
NOTED.
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[216.251.225.208 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[216.251.225.208 listed in bl.score.senderscore.com]
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.2 MISSING_HEADERS Missing To: header
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[mmoneygram458(at)gmail.com]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[216.251.225.208 listed in wl.mailspike.net]
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_USER From misspaced, from "User"
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 HK_NAME_MR_MRS No description available.
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
2.9 YOU_INHERIT Discussing your inheritance
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
2.0 TVD_PH_BODY_META No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.0 FILL_THIS_FORM Fill in a form with personal information
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
2.2 FILL_THIS_FORM_LOAN Answer loan question(s)
0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form
Subject: {SPAM?} ?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
COTONOU BENIN REPUBLIC/ADDRESS 358 AGBOKOU,ANKPA ROAD
OPPOSITE TUNDE MOTORS COTONOU.
WE WISH TO ACKNOWLEDGE THE RECEIPT OF YOUR EMAIL IN THIS MONEY GRAM OFFICE AND
THE CONTENT IS WELL NOTED.
I really don't know why you should waste this time in sending the $45 USD. This is not a fluke, I have told you this , if some agent has failed and disappointed you in the past, we will not disappoint you because it bonus payment, this payment is legal and that is why I persistently sent you this notification since you have been short listed to benefit from this payment programmed.
We know that you have been maimed in the past and had your fingers burnt by people you have sincerely trusted and that is why we persistently sent you this notification because we have discovered that you are now finding it very difficult to believe and trust people, but I want you to trust me, believe and have faith in us, we will pay your fund, we have the government mandate and their gazette has already recommended you to benefit from this payment programmed , the government has given express order to pay your inheritance fund and to reconcile this debt for genuine economic development of this country, and for foreign investors to have faith in doing business here.
I want you to send the money by western union money transfer or moneygram today as a lot of time has been wasted on this payment programmed already waiting on you to send the Renew file fee of $45 USD. Send the money to our Bursar today with information
Sender's First name = Bahaeddin
Sender's Last name = Aghazadeh
MTCN = 7194622586
Amount= 5000.00, USD
Test Question= To Who?
Test Answer= To Friend
(BUT IS ON-HOLD UNTIL THE FEE IS BEEN PAID WE WILL RELEASE IT TO YOU)
FOR YOUR INFORMATION DO NOT EXPECT THE RELEASING OF YOUR PAYMENT WITHOUT SENDING THE MONEY REQUIRED AND REMEMBER THAT YOU ARE GIVEN ONLY 48HOURS TO COMPLY OR YOUR TRANSFER WILL BE CANCEL IMMEDIATELY SINCE YOU ARE TOLD TO SEND ANY AMOUNT OF MONEY YOU HAVE IN ORDER TO HELP YOU.BELOW IS OUR ACCOUNT OFFICER NAME WHICH YOU WILL USE TO SEND WHATEVER YOU HAVE TO ENABLE US RELEASE YOUR FIRST PAYMENT IMMEDIATELY.
1.RECEIVER NAME:. . . Milo Buddy
2.COUNTRY:. . . . . . . BENIN REPUBLIC .
3.CITY :. . . . . . . . COTONOU .
4. TEST QUESTION:. . .HOW LONG?
5.TEST ANSWER:. . . TODAY.
6.AMOUNT . . . . . .45 usd
SEND US THE MTCN NUMBER IMMEDIATELY YOU SEND THE MONEY AND IMMEDIATELY WE CONFIRM THE TRANSFER FEE WE WILL RELEASE YOUR FIRST PAYMENT $5000TODAY AND NOT TOMORROW
Miss. Brenda Smith
GENERAL OPRATION MANAGER.
VITAL FINANCE
WESTERN UNION DEPARTMENT
Western UnionA®
Send Money Worldwide
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 27 Apr 2023 23:09:40 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1psGKH-0005tu-Kj
for dave@doctor.nl2k.ab.ca;
Thu, 27 Apr 2023 23:07:21 -0600
Resent-From: The Doctor
Resent-Date: Thu, 27 Apr 2023 23:07:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from minoml002.navisite.net ([216.251.225.208]:58152)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1psEHf-000Pcx-Il
for root@nk.ca;
Thu, 27 Apr 2023 20:56:35 -0600
Received: from User (unknown [216.251.225.236])
by minoml002.navisite.net (Postfix) with SMTP id F32C9C2E4014;
Thu, 27 Apr 2023 19:54:40 -0400 (EDT)
Reply-To:
From: "Miss. Brenda Smith"
Subject: ?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
Date: Fri, 28 Apr 2023 02:54:46 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ?OFFICE OF THE MONEY GRAM MONEY TRANSFER. COTONOU BENIN REPUBLIC/ADDRESS
358 AGBOKOU,ANKPA ROAD OPPOSITE TUNDE MOTORS COTONOU. WE WISH TO ACKNOWLEDGE
THE RECEIPT OF YOUR EMAIL IN THIS MONEY GRAM OFFICE AND THE CONTENT IS WELL
NOTED.
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[216.251.225.208 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[216.251.225.208 listed in bl.score.senderscore.com]
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.2 MISSING_HEADERS Missing To: header
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[mmoneygram458(at)gmail.com]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[216.251.225.208 listed in wl.mailspike.net]
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_USER From misspaced, from "User"
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 HK_NAME_MR_MRS No description available.
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
2.9 YOU_INHERIT Discussing your inheritance
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
2.0 TVD_PH_BODY_META No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.0 FILL_THIS_FORM Fill in a form with personal information
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
2.2 FILL_THIS_FORM_LOAN Answer loan question(s)
0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s)
0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
1.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form
Subject: {SPAM?} ?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
?OFFICE OF THE MONEY GRAM MONEY TRANSFER.
COTONOU BENIN REPUBLIC/ADDRESS 358 AGBOKOU,ANKPA ROAD
OPPOSITE TUNDE MOTORS COTONOU.
WE WISH TO ACKNOWLEDGE THE RECEIPT OF YOUR EMAIL IN THIS MONEY GRAM OFFICE AND
THE CONTENT IS WELL NOTED.
I really don't know why you should waste this time in sending the $45 USD. This is not a fluke, I have told you this , if some agent has failed and disappointed you in the past, we will not disappoint you because it bonus payment, this payment is legal and that is why I persistently sent you this notification since you have been short listed to benefit from this payment programmed.
We know that you have been maimed in the past and had your fingers burnt by people you have sincerely trusted and that is why we persistently sent you this notification because we have discovered that you are now finding it very difficult to believe and trust people, but I want you to trust me, believe and have faith in us, we will pay your fund, we have the government mandate and their gazette has already recommended you to benefit from this payment programmed , the government has given express order to pay your inheritance fund and to reconcile this debt for genuine economic development of this country, and for foreign investors to have faith in doing business here.
I want you to send the money by western union money transfer or moneygram today as a lot of time has been wasted on this payment programmed already waiting on you to send the Renew file fee of $45 USD. Send the money to our Bursar today with information
Sender's First name = Bahaeddin
Sender's Last name = Aghazadeh
MTCN = 7194622586
Amount= 5000.00, USD
Test Question= To Who?
Test Answer= To Friend
(BUT IS ON-HOLD UNTIL THE FEE IS BEEN PAID WE WILL RELEASE IT TO YOU)
FOR YOUR INFORMATION DO NOT EXPECT THE RELEASING OF YOUR PAYMENT WITHOUT SENDING THE MONEY REQUIRED AND REMEMBER THAT YOU ARE GIVEN ONLY 48HOURS TO COMPLY OR YOUR TRANSFER WILL BE CANCEL IMMEDIATELY SINCE YOU ARE TOLD TO SEND ANY AMOUNT OF MONEY YOU HAVE IN ORDER TO HELP YOU.BELOW IS OUR ACCOUNT OFFICER NAME WHICH YOU WILL USE TO SEND WHATEVER YOU HAVE TO ENABLE US RELEASE YOUR FIRST PAYMENT IMMEDIATELY.
1.RECEIVER NAME:. . . Milo Buddy
2.COUNTRY:. . . . . . . BENIN REPUBLIC .
3.CITY :. . . . . . . . COTONOU .
4. TEST QUESTION:. . .HOW LONG?
5.TEST ANSWER:. . . TODAY.
6.AMOUNT . . . . . .45 usd
SEND US THE MTCN NUMBER IMMEDIATELY YOU SEND THE MONEY AND IMMEDIATELY WE CONFIRM THE TRANSFER FEE WE WILL RELEASE YOUR FIRST PAYMENT $5000TODAY AND NOT TOMORROW
Miss. Brenda Smith
GENERAL OPRATION MANAGER.
VITAL FINANCE
WESTERN UNION DEPARTMENT
Western UnionA®
Send Money Worldwide
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments