Phish from Utah
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 May 2023 16:04:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1pxar7-00008D-5L
for dave@doctor.nl2k.ab.ca;
Fri, 12 May 2023 16:03:17 -0600
Resent-From: The Doctor
Resent-Date: Fri, 12 May 2023 16:03:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [76.8.220.121] (port=42391 helo=mail.digitalgateway.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
id 1pxZsB-0001gk-1I
for doctor@nl2k.ab.ca;
Fri, 12 May 2023 15:00:22 -0600
Received: from User (193.56.29.167) by YOUNG.dgi.local (10.13.0.90) with
Microsoft SMTP Server id 8.3.389.2; Fri, 12 May 2023 15:03:13 -0600
Reply-To:
From: U.S TREASURY DEPARTMENT'S OFFICE
Subject: STOP CONTACTING THE WRONG OFFICE FOR YOUR FUNDS
Date: Fri, 12 May 2023 20:56:25 -0700
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <2c2405f7-4669-4463-9c14-f785a8080d10@YOUNG.dgi.local>
To: Undisclosed recipients:;
X-Spam_score: 26.3
X-Spam_score_int: 263
X-Spam_bar: ++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: U.S Treasury Department's Office of Foreign Assets Control
(OFAC) U.S Treasury Department's Attn:
Content analysis details: (26.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 XFER_LOTSA_MONEY Transfer a lot of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
0.0 FORM_FRAUD Fill a form and a fraud phrase
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[76.8.220.121 listed in wl.mailspike.net]
Subject: {SPAM?} STOP CONTACTING THE WRONG OFFICE FOR YOUR FUNDS
U.S Treasury Department's Office of Foreign Assets
Control (OFAC) U.S Treasury Department's
Attn:
We write to apologize to you because we knew how hard you tried in the time past to receive your grant fund worth $8,500,000.00 but you contacted those internet criminals and they ripped you off your money because they are the wrong office that doesn't have what it takes to release your grant fund worth $8,500,000.00 to you.
Though, I don't blame you because you are not here to witness the processing of your payment here in this IMF Office. The problem you are having is that you been told the whole truth about this transaction and it is because of this truth they decided to be extorting your money.
Feel free to contact Mr. Mark Brown provide him with all the needed information needed as prove that you are the rightful owner of the names and address on our data. Contact him and you will receive your fund within 7 working days.
Contact Name: Mr. Mark Brown
Email: mr.markbrown101@aliyun.com
Phone Number: (415) 496-5389
Full Name:
Current Residential Address.......
Direct Phone Number.......
Country........
Your ID license...(Optional)
Please I beseech you to stop pursuit of shadows and being deceived. Feel free to contact me immediately you receive this mail so that Mr. Mark Brown will explain to you the method guiding the release of your payment. Do not panic, be rest assured that this arrangement will be guided by Embassy here in United States. Mr. Mark Brown will send you two delivery options you are to choose and comply with and you will receive your payment within 7 working days.
Thanks for your understanding and co-operation.
U.S Treasury Department's Office of Foreign Assets Control
(OFAC)U.S Treasury Department's
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 May 2023 16:04:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1pxar7-00008D-5L
for dave@doctor.nl2k.ab.ca;
Fri, 12 May 2023 16:03:17 -0600
Resent-From: The Doctor
Resent-Date: Fri, 12 May 2023 16:03:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [76.8.220.121] (port=42391 helo=mail.digitalgateway.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
id 1pxZsB-0001gk-1I
for doctor@nl2k.ab.ca;
Fri, 12 May 2023 15:00:22 -0600
Received: from User (193.56.29.167) by YOUNG.dgi.local (10.13.0.90) with
Microsoft SMTP Server id 8.3.389.2; Fri, 12 May 2023 15:03:13 -0600
Reply-To:
From: U.S TREASURY DEPARTMENT'S OFFICE
Subject: STOP CONTACTING THE WRONG OFFICE FOR YOUR FUNDS
Date: Fri, 12 May 2023 20:56:25 -0700
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <2c2405f7-4669-4463-9c14-f785a8080d10@YOUNG.dgi.local>
To: Undisclosed recipients:;
X-Spam_score: 26.3
X-Spam_score_int: 263
X-Spam_bar: ++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: U.S Treasury Department's Office of Foreign Assets Control
(OFAC) U.S Treasury Department's Attn:
Content analysis details: (26.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 XFER_LOTSA_MONEY Transfer a lot of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
0.0 FORM_FRAUD Fill a form and a fraud phrase
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[76.8.220.121 listed in wl.mailspike.net]
Subject: {SPAM?} STOP CONTACTING THE WRONG OFFICE FOR YOUR FUNDS
U.S Treasury Department's Office of Foreign Assets
Control (OFAC) U.S Treasury Department's
Attn:
We write to apologize to you because we knew how hard you tried in the time past to receive your grant fund worth $8,500,000.00 but you contacted those internet criminals and they ripped you off your money because they are the wrong office that doesn't have what it takes to release your grant fund worth $8,500,000.00 to you.
Though, I don't blame you because you are not here to witness the processing of your payment here in this IMF Office. The problem you are having is that you been told the whole truth about this transaction and it is because of this truth they decided to be extorting your money.
Feel free to contact Mr. Mark Brown provide him with all the needed information needed as prove that you are the rightful owner of the names and address on our data. Contact him and you will receive your fund within 7 working days.
Contact Name: Mr. Mark Brown
Email: mr.markbrown101@aliyun.com
Phone Number: (415) 496-5389
Full Name:
Current Residential Address.......
Direct Phone Number.......
Country........
Your ID license...(Optional)
Please I beseech you to stop pursuit of shadows and being deceived. Feel free to contact me immediately you receive this mail so that Mr. Mark Brown will explain to you the method guiding the release of your payment. Do not panic, be rest assured that this arrangement will be guided by Embassy here in United States. Mr. Mark Brown will send you two delivery options you are to choose and comply with and you will receive your payment within 7 working days.
Thanks for your understanding and co-operation.
U.S Treasury Department's Office of Foreign Assets Control
(OFAC)U.S Treasury Department's
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments