Nigerian Gmail spam
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 07 Aug 2023 08:58:29 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qT1fh-0007T0-0U
for dave@doctor.nl2k.ab.ca;
Mon, 07 Aug 2023 08:57:25 -0600
Resent-From: The Doctor
Resent-Date: Mon, 7 Aug 2023 08:57:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f43.google.com ([209.85.208.43]:50253)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qT01s-000PlP-1b
for doctor@doctor.nl2k.ab.ca;
Mon, 07 Aug 2023 07:12:16 -0600
Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-51e2a6a3768so6208362a12.0
for; Mon, 07 Aug 2023 06:10:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1691413806; x=1692018606;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=z7gCTRWTN8A2ZLiJH/BllminTUs+wblRsObk0rwuapA=;
b=WZeYJ10GTc5amOlQfNOJETDS2nQyfoCmoH7PvekmA9jh2zRV6YDhtWky4QEhsoSdAt
ipr/EV9Bd4DVaWLZTkiPNG7D/a+ca090+TwXXSOID7qcgo2Ys1FzJDGR1DdIKMfjAMrf
q5/eg4nTL4DZ7lPNEeUsv/yDmWBB7yRZAh2S3eSNWJrEFcnZ5kRf3avGOnHhhgdFpZS3
S4Wr9K1jIi/ONdOtr3GyJjdQbO5PTbgiIGXJePLd8JSCWVUF99XaYkTH8QIWRRfL6LHT
T70eE8KIIBd+taHWvlObjQ4CkIb27/kSR7G7Yf+4f6ouAgr7vZyflr4iwH9FZlNRMPo9
1bxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1691413806; x=1692018606;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=z7gCTRWTN8A2ZLiJH/BllminTUs+wblRsObk0rwuapA=;
b=Vwx3MhbQI668EhVlxIpFN4KfS05lctVO8F4VA9cj1TAZUeXKfxu9B/rT9w/ogmndaX
fXAj1RpGrMPwFv9ulsNfl+suf8LiEu113jHmRMU79sz5lyaEVpwPXPhXDkgxrsh2kHZa
RHdX8vKBTi3pn2SJqmUXYcD0bq6vHJW5NFPliyClOaUCaFyowqU/uRIXCKWeuQmQfZKP
J3hPivr0NRSAXPGAH8Bn63CqGxtLUtpFxa9UBiNA+4eSRchfqNCnOwPfFoX8sEzw1x/y
1DKMAX6ww6lfcextjmTxHIHSClyfsrs6tiFKRVkDKC+2u3pr/Z30HRx+qeQ9fcC09qYe
DFKQ==
X-Gm-Message-State: AOJu0Yz7fg9RiJnCNxMZEGkRB107R55YgpXgR75o1e7Uetfb4uSiZEVR
KA+QCflywIyAOY+909GvapqI1yVV5E1e5bD5yMY=
X-Google-Smtp-Source: AGHT+IH1hUl1W5gKLkwGqs4UhLE6jr2mrZnSWxRrPB0qbj9lWzQBk0l1iX0IEx4K1+WmetVpuYfOjhDKWRgJuUysrvk=
X-Received: by 2002:aa7:d7cf:0:b0:523:3fa1:6a34 with SMTP id
e15-20020aa7d7cf000000b005233fa16a34mr426366eds.4.1691413806063; Mon, 07 Aug
2023 06:10:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a54:3550:0:b0:223:f550:da8e with HTTP; Mon, 7 Aug 2023
06:10:05 -0700 (PDT)
Reply-To: usbank289@aol.com
From: "Mr. Rick Ruzzi,"
Date: Mon, 7 Aug 2023 14:10:05 +0100
Message-ID:
Subject: REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.9
X-Spam_score_int: 149
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Us Bank.1025 Connecticut Ave. NW, Ste. 510. Washington,
DC 20036. Tell: (626) 427-8376. REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT
WITH THE SUM OF (US$10.5Million) This is the second time we are notifying
you about this said fund. After due vetting and evaluation of your file that
was sent to us by the Nigerian Government in conjunction with the Ministry
of Fina [...]
Content analysis details: (14.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.6 HK_RANDOM_ENVFROM Envelope sender username looks random
1.0 HK_RANDOM_FROM From username looks random
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[usbank289(at)aol.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[mrplcjackson73(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[mrplcjackson73(at)gmail.com]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.43 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.43 listed in wl.mailspike.net]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
1.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 MONEY_FORM Lots of money if you fill out a form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.8 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
Subject: {SPAM?} REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
--
Us Bank.1025 Connecticut Ave.
NW, Ste. 510. Washington, DC 20036.
Tell: (626) 427-8376.
REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
This is the second time we are notifying you about this said fund.
After due vetting and evaluation of your file that was sent to us by
the Nigerian Government in conjunction with the Ministry of Finance
and Central Bank of the Federal Republic of Nigeria. This bank has an
instruction to see to the immediate release of the sum of
(US$10.5Million) of your claim that has been holding since is
transferred into your bank Account from their Domiciliary Account with
this bank.
We were meant to understand from our findings that you have been going
through hard ways by paying a lot of charges to see to the release of
your fund (US$10.5Million), which has been the handwork of some
miscreant elements from that Country. We advice that you stop further
communication with any correspondence from any bank or anywhere
concerning your funds as you will receive your fund from this bank if
you follow our instruction.
We know your representatives in Nigeria or anywhere will advice you to
still go ahead with them, which will be on your own risk. Your
(US$10.5Million) will reflect in your designated bank account within
five Bank working days. Do not go through anybody again but through
this Bank if you really want your fund. Finally, you are advice to
re-confirm these to us,
Your Full Name,
Contact address,
Occupation
Telephone and Fax Number for easy communication.
We need your second email for security and private reasons.
Yours sincerely,
Mr. Rick Ruzzi,
Assistance Secretary,
U.S Bank.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 07 Aug 2023 08:58:29 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qT1fh-0007T0-0U
for dave@doctor.nl2k.ab.ca;
Mon, 07 Aug 2023 08:57:25 -0600
Resent-From: The Doctor
Resent-Date: Mon, 7 Aug 2023 08:57:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f43.google.com ([209.85.208.43]:50253)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qT01s-000PlP-1b
for doctor@doctor.nl2k.ab.ca;
Mon, 07 Aug 2023 07:12:16 -0600
Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-51e2a6a3768so6208362a12.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1691413806; x=1692018606;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=z7gCTRWTN8A2ZLiJH/BllminTUs+wblRsObk0rwuapA=;
b=WZeYJ10GTc5amOlQfNOJETDS2nQyfoCmoH7PvekmA9jh2zRV6YDhtWky4QEhsoSdAt
ipr/EV9Bd4DVaWLZTkiPNG7D/a+ca090+TwXXSOID7qcgo2Ys1FzJDGR1DdIKMfjAMrf
q5/eg4nTL4DZ7lPNEeUsv/yDmWBB7yRZAh2S3eSNWJrEFcnZ5kRf3avGOnHhhgdFpZS3
S4Wr9K1jIi/ONdOtr3GyJjdQbO5PTbgiIGXJePLd8JSCWVUF99XaYkTH8QIWRRfL6LHT
T70eE8KIIBd+taHWvlObjQ4CkIb27/kSR7G7Yf+4f6ouAgr7vZyflr4iwH9FZlNRMPo9
1bxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1691413806; x=1692018606;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=z7gCTRWTN8A2ZLiJH/BllminTUs+wblRsObk0rwuapA=;
b=Vwx3MhbQI668EhVlxIpFN4KfS05lctVO8F4VA9cj1TAZUeXKfxu9B/rT9w/ogmndaX
fXAj1RpGrMPwFv9ulsNfl+suf8LiEu113jHmRMU79sz5lyaEVpwPXPhXDkgxrsh2kHZa
RHdX8vKBTi3pn2SJqmUXYcD0bq6vHJW5NFPliyClOaUCaFyowqU/uRIXCKWeuQmQfZKP
J3hPivr0NRSAXPGAH8Bn63CqGxtLUtpFxa9UBiNA+4eSRchfqNCnOwPfFoX8sEzw1x/y
1DKMAX6ww6lfcextjmTxHIHSClyfsrs6tiFKRVkDKC+2u3pr/Z30HRx+qeQ9fcC09qYe
DFKQ==
X-Gm-Message-State: AOJu0Yz7fg9RiJnCNxMZEGkRB107R55YgpXgR75o1e7Uetfb4uSiZEVR
KA+QCflywIyAOY+909GvapqI1yVV5E1e5bD5yMY=
X-Google-Smtp-Source: AGHT+IH1hUl1W5gKLkwGqs4UhLE6jr2mrZnSWxRrPB0qbj9lWzQBk0l1iX0IEx4K1+WmetVpuYfOjhDKWRgJuUysrvk=
X-Received: by 2002:aa7:d7cf:0:b0:523:3fa1:6a34 with SMTP id
e15-20020aa7d7cf000000b005233fa16a34mr426366eds.4.1691413806063; Mon, 07 Aug
2023 06:10:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a54:3550:0:b0:223:f550:da8e with HTTP; Mon, 7 Aug 2023
06:10:05 -0700 (PDT)
Reply-To: usbank289@aol.com
From: "Mr. Rick Ruzzi,"
Date: Mon, 7 Aug 2023 14:10:05 +0100
Message-ID:
Subject: REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.9
X-Spam_score_int: 149
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Us Bank.1025 Connecticut Ave. NW, Ste. 510. Washington,
DC 20036. Tell: (626) 427-8376. REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT
WITH THE SUM OF (US$10.5Million) This is the second time we are notifying
you about this said fund. After due vetting and evaluation of your file that
was sent to us by the Nigerian Government in conjunction with the Ministry
of Fina [...]
Content analysis details: (14.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.6 HK_RANDOM_ENVFROM Envelope sender username looks random
1.0 HK_RANDOM_FROM From username looks random
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[usbank289(at)aol.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[mrplcjackson73(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[mrplcjackson73(at)gmail.com]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.43 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.43 listed in wl.mailspike.net]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
1.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 MONEY_FORM Lots of money if you fill out a form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.8 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
Subject: {SPAM?} REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
--
Us Bank.1025 Connecticut Ave.
NW, Ste. 510. Washington, DC 20036.
Tell: (626) 427-8376.
REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$10.5Million)
This is the second time we are notifying you about this said fund.
After due vetting and evaluation of your file that was sent to us by
the Nigerian Government in conjunction with the Ministry of Finance
and Central Bank of the Federal Republic of Nigeria. This bank has an
instruction to see to the immediate release of the sum of
(US$10.5Million) of your claim that has been holding since is
transferred into your bank Account from their Domiciliary Account with
this bank.
We were meant to understand from our findings that you have been going
through hard ways by paying a lot of charges to see to the release of
your fund (US$10.5Million), which has been the handwork of some
miscreant elements from that Country. We advice that you stop further
communication with any correspondence from any bank or anywhere
concerning your funds as you will receive your fund from this bank if
you follow our instruction.
We know your representatives in Nigeria or anywhere will advice you to
still go ahead with them, which will be on your own risk. Your
(US$10.5Million) will reflect in your designated bank account within
five Bank working days. Do not go through anybody again but through
this Bank if you really want your fund. Finally, you are advice to
re-confirm these to us,
Your Full Name,
Contact address,
Occupation
Telephone and Fax Number for easy communication.
We need your second email for security and private reasons.
Yours sincerely,
Mr. Rick Ruzzi,
Assistance Secretary,
U.S Bank.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments