BMO phish from Los Angeles
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Sep 2023 15:01:04 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qlFAv-00071i-27
for dave@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 15:00:57 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Sep 2023 15:00:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [191.96.106.82] (port=57916)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qlEpx-000O4d-2K
for doctor@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 14:39:22 -0600
From: BMO Bank of Montreal
To: doctor@doctor.nl2k.ab.ca
Subject: bmoalert
Date: 26 Sep 2023 16:37:14 -0400
Message-ID: <20230926163713.ECD635FC5E7B89D4@doctor.nl2k.ab.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_66940AC7.90C3861F"
X-Spam_score: 9.3
X-Spam_score_int: 93
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: messaged encrypted Due to a recent security check on your
BMO bank Account. We require you to view your confirm by Clicking here Failure
to do this within 48hrs will lead to access suspension sorry for the inconvenience
Content analysis details: (9.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[191.96.106.82 listed in zen.spamhaus.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40doctor.nl2k.ab.ca;ip=191.96.106.82;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} bmoalert
------=_NextPart_000_0012_66940AC7.90C3861F
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
messaged encrypted
------=_NextPart_000_0012_66940AC7.90C3861F
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=3Diso-8859-1">
------=_NextPart_000_0012_66940AC7.90C3861F--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Sep 2023 15:01:04 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qlFAv-00071i-27
for dave@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 15:00:57 -0600
Resent-From: The Doctor
Resent-Date: Tue, 26 Sep 2023 15:00:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [191.96.106.82] (port=57916)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from
id 1qlEpx-000O4d-2K
for doctor@doctor.nl2k.ab.ca;
Tue, 26 Sep 2023 14:39:22 -0600
From: BMO Bank of Montreal
To: doctor@doctor.nl2k.ab.ca
Subject: bmoalert
Date: 26 Sep 2023 16:37:14 -0400
Message-ID: <20230926163713.ECD635FC5E7B89D4@doctor.nl2k.ab.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_66940AC7.90C3861F"
X-Spam_score: 9.3
X-Spam_score_int: 93
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: messaged encrypted Due to a recent security check on your
BMO bank Account. We require you to view your confirm by Clicking here Failure
to do this within 48hrs will lead to access suspension sorry for the inconvenience
Content analysis details: (9.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[191.96.106.82 listed in zen.spamhaus.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40doctor.nl2k.ab.ca;ip=191.96.106.82;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} bmoalert
------=_NextPart_000_0012_66940AC7.90C3861F
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
messaged encrypted
------=_NextPart_000_0012_66940AC7.90C3861F
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=3Diso-8859-1">
O_Logo.svg/220px-BMO_Logo.svg.png">
Due to a recent security check on your BMO bank Account.
We require y=
ou to=20
view your confirm by
=2Ecom/ipfs/QmYxGFxZw2tkYVjARCtjDRwFBR8bEi7LPJW4U9zmGRfhus">Clicking here=
a>
Failure to do this within 48hrs will lead to access suspension
so=
rry=20
for the inconvenience
Regards
Have questions? Contact us at 1-877-CALL-BMO.
------=_NextPart_000_0012_66940AC7.90C3861F--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments