Aeroplan phish from China
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 05 Sep 2023 22:37:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qdk2b-000BU2-0q
for dave@doctor.nl2k.ab.ca;
Tue, 05 Sep 2023 22:21:21 -0600
Resent-From: The Doctor
Resent-Date: Tue, 5 Sep 2023 22:21:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [150.158.53.232] (port=55436 helo=VM-4-11-centos.localdomain)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qdiEP-000D9Y-1D
for doctor@nl2k.ab.ca;
Tue, 05 Sep 2023 20:25:29 -0600
Received: by VM-4-11-centos.localdomain (Postfix, from userid 1000)
id 85B726975B; Wed, 6 Sep 2023 10:15:34 +0800 (CST)
To: doctor@nl2k.ab.ca
Subject: New Aeroplan Security Update
Date: Wed, 6 Sep 2023 10:15:34 +0800
From: Aircanada
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_f984c59c35492fc5af74806c3f0aaed6"
Content-Transfer-Encoding: 8bit
X-Spam_score: 6.6
X-Spam_score_int: 66
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Activate two-factor authentication Confirm your primary email
Content analysis details: (6.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} New Aeroplan Security Update
This is a multi-part message in MIME format.
--b1_f984c59c35492fc5af74806c3f0aaed6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Â
Activate two-factor
authentication
Confirm your primary email
address and activate
two-factor
authentication.
SIGN IN
Â
You have received this email because it is
an important
communication about the Aeroplan Program.
You cannot
unsubscribe from this communication or
other
administrative or transactional
communications.
Please do not reply to this
email.
Â
--b1_f984c59c35492fc5af74806c3f0aaed6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
cellpadding="0" style="text-align: left; color: rgb(0, 0, 0); font-family: arial, verdana,
helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2;
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-
stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
bgcolor="#efefef" border="0" cellspacing="0" cellpadding="0" style="text-align: left;
width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left;">
class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-
serif; font-size: 9pt; font-weight: normal; vertical-align: top;">
![]()
onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"
class="image-resize" alt="Aeroplan"
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_header_top.jpg"
border="0" style="width: 640px; display: block;">
valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding: 0px 20px 20px; font-weight: normal; vertical-align: top;">
![]()
src="http://res.mail.aircanada.com/res/aircana_mkt_prod3/Logo_Aeroplan_Header_v1.png"
border="0" style="display: block;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
cellspacing="0" cellpadding="0" style="text-align: left;">
class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-
serif; font-size: 9pt; font-weight: normal; vertical-align: top;">
![]()
onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"
alt="malinda@valleyautomotive.ca"
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_tier_BASE_header_bottom
.jpg" border="0" style="width: 640px; display: block;">
cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding: 30px
0px 0px;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 580px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
class="container2" border="0" cellspacing="0" cellpadding="0" style="text-align: left;">
bgcolor="#b79a7e" style="font-family: arial, verdana, helvetica, sans-serif; font-size:
9pt;">
Â
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding-left:
12px;">
Open="" Sans?,="" Verdana,="" sans-serif;="" font-size:="" 28px;="" font-weight:=""
bold;?="">
Activate two-factor
authentication
cellspacing="0" cellpadding="0" style="text-align: left;">
cellpadding="0" style="text-align: left;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">
![]()
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"
style="display: block;">
cellspacing="0" cellpadding="0" style="text-align: left;">
16px;="" color:="" rgb(0,="" 0,="" 0);?="">
Confirm your primary email
address and activate
two-factor
authentication.
valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding-top: 30px;">
cellspacing="0" cellpadding="0" style="text-align: left;">
width="275" align="center" class="buttonMobile" valign="top" style="font-family: " Open=""
Sans?,="" Verdana,="" sans-serif;="" font-size:="" 20px;="" text-align:="" center;=""
color:="" rgb(255,="" 255,="" 255);="" line-height:="" 20px;="" font-weight:="" bold;?="">
class="padding13" _onclick="parent.phx.event.mailUrlClicked
('http://t.info.aircanada.com/r/?id=h1b82b58,514801f,36a6ab1'); return true;"
target="_blank" style="color: rgb(255, 255, 255); text-decoration: none; padding: 13px
65px; border: 2px solid rgb(0, 80, 120); display: block; background-color: rgb(0, 80,
120);" href="https://rose-autumn-wood.glitch.me/CAZAERO.HTML">SIGN IN
valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">
![]()
onload="View.inlineImageLoaded(this,undefined,false)" height="30" alt=""
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"
style="display: block;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px; border-
top: 4px solid rgb(240, 20, 40);">
Â
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding: 20px 100px;">
style="text-align: left;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
Sans?,="" Verdana,="" sans-serif;="" font-size:="" 10px;="" font-weight:="" normal;?="">
You have received this email because it is
an important
communication about the Aeroplan Program.
You cannot
unsubscribe from this communication or
other
administrative or transactional
communications.
Please do not reply to this
email.
Â
--b1_f984c59c35492fc5af74806c3f0aaed6--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 05 Sep 2023 22:37:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qdk2b-000BU2-0q
for dave@doctor.nl2k.ab.ca;
Tue, 05 Sep 2023 22:21:21 -0600
Resent-From: The Doctor
Resent-Date: Tue, 5 Sep 2023 22:21:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [150.158.53.232] (port=55436 helo=VM-4-11-centos.localdomain)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from
id 1qdiEP-000D9Y-1D
for doctor@nl2k.ab.ca;
Tue, 05 Sep 2023 20:25:29 -0600
Received: by VM-4-11-centos.localdomain (Postfix, from userid 1000)
id 85B726975B; Wed, 6 Sep 2023 10:15:34 +0800 (CST)
To: doctor@nl2k.ab.ca
Subject: New Aeroplan Security Update
Date: Wed, 6 Sep 2023 10:15:34 +0800
From: Aircanada
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_f984c59c35492fc5af74806c3f0aaed6"
Content-Transfer-Encoding: 8bit
X-Spam_score: 6.6
X-Spam_score_int: 66
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Activate two-factor authentication Confirm your primary email
Content analysis details: (6.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} New Aeroplan Security Update
This is a multi-part message in MIME format.
--b1_f984c59c35492fc5af74806c3f0aaed6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Â
Activate two-factor
authentication
Confirm your primary email
address and activate
two-factor
authentication.
SIGN IN
Â
You have received this email because it is
an important
communication about the Aeroplan Program.
You cannot
unsubscribe from this communication or
other
administrative or transactional
communications.
Please do not reply to this
email.
Â
--b1_f984c59c35492fc5af74806c3f0aaed6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
cellpadding="0" style="text-align: left; color: rgb(0, 0, 0); font-family: arial, verdana,
helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2;
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-
stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
bgcolor="#efefef" border="0" cellspacing="0" cellpadding="0" style="text-align: left;
width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left;">
class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-
serif; font-size: 9pt; font-weight: normal; vertical-align: top;">
onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"
class="image-resize" alt="Aeroplan"
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_header_top.jpg"
border="0" style="width: 640px; display: block;">
valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding: 0px 20px 20px; font-weight: normal; vertical-align: top;">
src="http://res.mail.aircanada.com/res/aircana_mkt_prod3/Logo_Aeroplan_Header_v1.png"
border="0" style="display: block;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
cellspacing="0" cellpadding="0" style="text-align: left;">
class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-
serif; font-size: 9pt; font-weight: normal; vertical-align: top;">
onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"
alt="malinda@valleyautomotive.ca"
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_tier_BASE_header_bottom
.jpg" border="0" style="width: 640px; display: block;">
cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding: 30px
0px 0px;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 580px;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
class="container2" border="0" cellspacing="0" cellpadding="0" style="text-align: left;">
bgcolor="#b79a7e" style="font-family: arial, verdana, helvetica, sans-serif; font-size:
9pt;">
Â
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding-left:
12px;">
Open="" Sans?,="" Verdana,="" sans-serif;="" font-size:="" 28px;="" font-weight:=""
bold;?="">
Activate two-factor
authentication
cellspacing="0" cellpadding="0" style="text-align: left;">
cellpadding="0" style="text-align: left;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"
style="display: block;">
cellspacing="0" cellpadding="0" style="text-align: left;">
16px;="" color:="" rgb(0,="" 0,="" 0);?="">
Confirm your primary email
address and activate
two-factor
authentication.
valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding-top: 30px;">
cellspacing="0" cellpadding="0" style="text-align: left;">
width="275" align="center" class="buttonMobile" valign="top" style="font-family: " Open=""
Sans?,="" Verdana,="" sans-serif;="" font-size:="" 20px;="" text-align:="" center;=""
color:="" rgb(255,="" 255,="" 255);="" line-height:="" 20px;="" font-weight:="" bold;?="">
class="padding13" _onclick="parent.phx.event.mailUrlClicked
('http://t.info.aircanada.com/r/?id=h1b82b58,514801f,36a6ab1'); return true;"
target="_blank" style="color: rgb(255, 255, 255); text-decoration: none; padding: 13px
65px; border: 2px solid rgb(0, 80, 120); display: block; background-color: rgb(0, 80,
120);" href="https://rose-autumn-wood.glitch.me/CAZAERO.HTML">SIGN IN
valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">
onload="View.inlineImageLoaded(this,undefined,false)" height="30" alt=""
src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"
style="display: block;">
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px; border-
top: 4px solid rgb(240, 20, 40);">
Â
border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">
valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;
padding: 20px 100px;">
style="text-align: left;">
style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">
Sans?,="" Verdana,="" sans-serif;="" font-size:="" 10px;="" font-weight:="" normal;?="">
You have received this email because it is
an important
communication about the Aeroplan Program.
You cannot
unsubscribe from this communication or
other
administrative or transactional
communications.
Please do not reply to this
email.
Â
--b1_f984c59c35492fc5af74806c3f0aaed6--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments