Nigerian Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 28 Sep 2023 23:57:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qm6SR-000KUP-0B
for dave@doctor.nl2k.ab.ca;
Thu, 28 Sep 2023 23:54:35 -0600
Resent-From: The Doctor
Resent-Date: Thu, 28 Sep 2023 23:54:34 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [212.116.224.135] (port=33872 helo=webmail.kz)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qm548-000Hds-10
for doctor@nl2k.ab.ca;
Thu, 28 Sep 2023 22:25:38 -0600
Received: from [105.112.178.50] (account kif@ducatmail.kz HELO User)
by webmail.kz (CommuniGate Pro SMTP 5.2.13)
with ESMTPA id 6312664; Fri, 29 Sep 2023 10:21:54 +0600
Reply-To:
From: "CBN CONSULTANT"
Subject: RE:YOUR OVER DUE PAYMENT
Date: Fri, 29 Sep 2023 05:22:44 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
X-Spam_score: 33.2
X-Spam_score_int: 332
X-Spam_bar: +++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Beneficiary, I hope that this correspondence is received
with the urgency and the expediency required. It has come to the notice of
the Board of Trustees at the CBN that your present inheritance claims application
[...]
Content analysis details: (33.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[212.116.224.135 listed in bb.barracudacentral.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[212.116.224.135 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[212.116.224.135 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
2.5 NSL_RCVD_HELO_USER Received from HELO User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.2 MISSING_HEADERS Missing To: header
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.1 HK_SCAM_N3 BODY: No description available.
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.9 YOU_INHERIT Discussing your inheritance
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSPACED From: missing whitespace
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.7 HK_SCAM No description available.
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 FAKE_REPLY_C No description available.
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.5 LOTTO_AGENT Claims Agent
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} RE:YOUR OVER DUE PAYMENT
Dear Beneficiary,
I hope that this correspondence is received with the urgency and the expediency required. It has come to the notice of the Board of Trustees at the CBN that your present inheritance claims application being handled by the Remitting Bank in Nigeria is experiencing some man-made irregularities. To this effect, it has become necessary for the Board of Trustees to invite trained Fund Transfer / Assets transfer Specialists from the United States to resolve and regularize your fund release with immediate effect and stop all further fund discrepancies.
We at Howard & Associates have been duly consulted by the CBN Board of Trustees and have been fully informed about how the staff of the remitting bank have been taking advantage of you by telling you to pay unnecessary exorbitant charges which will only make your fund payment a long-drawn-out process. Due to this we have decided to step into the process of your fund transfer to enable your funds to be transferred within the soonest possible time without needing to pay all the huge sums of monies that are being demanded from you by the remitting bank, you are to get back to us immediately.
All processes to have your funds paid to you immediately through the Federal Reserve Bank in New York have been initiated to cut out unnecessary costs. You are advised to keep this communication highly confidential as the CBN Board of Trustees have asked us to resolve this fund payment independent of the office of the CBN Governor to identify the principal participants in this unethical payment procedure.Furthermore,you are hereby advised to pay no further fees or charges to the Remitting Bank in Nigeria as well as any person or persons, Real or Fictitious, prostates and institutions as they shall no longer be handling your payment process.
We shall await your immediate correspondence with your direct telephone numbers so that we may conclude your payment immediately contact the claim officer through this email address: FIRMA_THOMAS@outlook.com
Yours Faithfully,
Barbara Michael.
Howard & Associates c/o CBN.
Statement of confidentiality: "the information in this email and in any attachments contains confidential information and is intended solely for the attention and use of the named addressee(s). It may not be disclosed to any person without authorization. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient you are not authorized to and must not disclose, copy, distribute or retain this message or any part of it."
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 28 Sep 2023 23:57:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qm6SR-000KUP-0B
for dave@doctor.nl2k.ab.ca;
Thu, 28 Sep 2023 23:54:35 -0600
Resent-From: The Doctor
Resent-Date: Thu, 28 Sep 2023 23:54:34 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [212.116.224.135] (port=33872 helo=webmail.kz)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))
(envelope-from
id 1qm548-000Hds-10
for doctor@nl2k.ab.ca;
Thu, 28 Sep 2023 22:25:38 -0600
Received: from [105.112.178.50] (account kif@ducatmail.kz HELO User)
by webmail.kz (CommuniGate Pro SMTP 5.2.13)
with ESMTPA id 6312664; Fri, 29 Sep 2023 10:21:54 +0600
Reply-To:
From: "CBN CONSULTANT"
Subject: RE:YOUR OVER DUE PAYMENT
Date: Fri, 29 Sep 2023 05:22:44 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
X-Spam_score: 33.2
X-Spam_score_int: 332
X-Spam_bar: +++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Beneficiary, I hope that this correspondence is received
with the urgency and the expediency required. It has come to the notice of
the Board of Trustees at the CBN that your present inheritance claims application
[...]
Content analysis details: (33.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[212.116.224.135 listed in bb.barracudacentral.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[212.116.224.135 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[212.116.224.135 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
2.5 NSL_RCVD_HELO_USER Received from HELO User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.2 MISSING_HEADERS Missing To: header
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.1 HK_SCAM_N3 BODY: No description available.
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.9 YOU_INHERIT Discussing your inheritance
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSPACED From: missing whitespace
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.7 HK_SCAM No description available.
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 FAKE_REPLY_C No description available.
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.5 LOTTO_AGENT Claims Agent
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} RE:YOUR OVER DUE PAYMENT
Dear Beneficiary,
I hope that this correspondence is received with the urgency and the expediency required. It has come to the notice of the Board of Trustees at the CBN that your present inheritance claims application being handled by the Remitting Bank in Nigeria is experiencing some man-made irregularities. To this effect, it has become necessary for the Board of Trustees to invite trained Fund Transfer / Assets transfer Specialists from the United States to resolve and regularize your fund release with immediate effect and stop all further fund discrepancies.
We at Howard & Associates have been duly consulted by the CBN Board of Trustees and have been fully informed about how the staff of the remitting bank have been taking advantage of you by telling you to pay unnecessary exorbitant charges which will only make your fund payment a long-drawn-out process. Due to this we have decided to step into the process of your fund transfer to enable your funds to be transferred within the soonest possible time without needing to pay all the huge sums of monies that are being demanded from you by the remitting bank, you are to get back to us immediately.
All processes to have your funds paid to you immediately through the Federal Reserve Bank in New York have been initiated to cut out unnecessary costs. You are advised to keep this communication highly confidential as the CBN Board of Trustees have asked us to resolve this fund payment independent of the office of the CBN Governor to identify the principal participants in this unethical payment procedure.Furthermore,you are hereby advised to pay no further fees or charges to the Remitting Bank in Nigeria as well as any person or persons, Real or Fictitious, prostates and institutions as they shall no longer be handling your payment process.
We shall await your immediate correspondence with your direct telephone numbers so that we may conclude your payment immediately contact the claim officer through this email address: FIRMA_THOMAS@outlook.com
Yours Faithfully,
Barbara Michael.
Howard & Associates c/o CBN.
Statement of confidentiality: "the information in this email and in any attachments contains confidential information and is intended solely for the attention and use of the named addressee(s). It may not be disclosed to any person without authorization. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient you are not authorized to and must not disclose, copy, distribute or retain this message or any part of it."
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments