TD Phish from 80.85.96.88 Luqa Malta
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 24 Oct 2023 08:00:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1qvHwk-000PrZ-0i
for dave@doctor.nl2k.ab.ca;
Tue, 24 Oct 2023 07:59:50 -0600
Resent-From: The Doctor
Resent-Date: Tue, 24 Oct 2023 07:59:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [80.85.96.88] (port=41518 helo=mailrelay.telco.mt)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1qvHSp-000PvY-07
for sales@nk.ca;
Tue, 24 Oct 2023 07:28:59 -0600
Received: from [194.26.192.184] (s068.150-25-77.epic.com.mt [77.25.150.68] (may be forged))
by mailrelay.telco.mt (8.14.7/8.14.7) with ESMTP id 39ODPsu7025153
for; Tue, 24 Oct 2023 15:26:47 +0200
Message-Id: <202310241326.39ODPsu7025153@mailrelay.telco.mt>
Content-Type: multipart/alternative; boundary="===============0644147688=="
MIME-Version: 1.0
Subject: Your TD bank Account needs to be updated
To: sales@nk.ca
From: no.reply@td.ca
Date: Tue, 24 Oct 2023 15:26:46 +0200
X-Spam_score: 8.9
X-Spam_score_int: 89
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Customer , Due to a recent security check on TD bank
Account. We require you to confirm your details by clicking on the login
link below : Login
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[80.85.96.88 listed in bb.barracudacentral.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
2.5 NORDNS_LOW_CONTRAST No rDNS + hidden text
Subject: {SPAM?} Your TD bank Account needs to be updated
You will not see this in a MIME-aware mail reader.
--===============0644147688==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=
=
=
=
=
=
=
=
=
=
Dear Customer ,
=
=
=
=
=
Due to a recent security check on TD bank Account.
We require you to confirm your details by clicking on the login link bel=
ow :
=
Login =
=
=
=
=
Failure to do this within 48hrs will lead to access suspension .
=
=
=
=
=
Sorry for the inconvienence .
=
=
=
=
=
Regards
=FFFD 2023 TD Bank, N.A All Rights Reserved .
=
=
=
=
=
=20
--===============0644147688==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
t">
New message
b(246, 246, 246);" dir=3D"ltr">
ound-position: top; margin: 0px; padding: 0px; width: 100%; height: 100%; b=
order-collapse: collapse; border-spacing: 0px; background-repeat: repeat; b=
ackground-color: rgb(246, 246, 246); mso-table-lspace: 0pt; mso-table-rspac=
e: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
width: 100%; border-collapse: collapse; table-layout: fixed !important; bor=
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
style=3D"width: 600px; border-collapse: collapse; border-spacing: 0px; back=
ground-color: rgb(255, 255, 255); mso-table-lspace: 0pt; mso-table-rspace: =
0pt;" bgcolor=3D"#ffffff" cellspacing=3D"0" cellpadding=3D"0">
px;">
: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0=
pt;" cellspacing=3D"0" cellpadding=3D"0">
padding: 0px; width: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
px; font-size: 0px;">
: 0px currentColor; border-image: none; font-size: 14px; text-decoration: n=
one; display: block;" alt=3D"" src=3D"https://ebilpdd.stripocdn.email/conte=
nt/guids/CABINET_b7e0daef778d06a3a319549ff61da0f1b94cdd28548f20704d4ebff482=
7b26f6/images/td1.png">
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
x 0px; width: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Dear Cust=
omer ,
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Due to a recent securit=
y check on TD bank Account.
rgb(51, 51, 51); line-height: 21px; letter-spacing: 0px; font-family: arial=
, "helvetica neue", helvetica, sans-serif; font-size: 14px; mso-line-height=
-rule: exactly;'>We require you to confirm your details by clic=
king on the login link below :
px 0px 0px;">
style=3D"background: rgb(49, 203, 75); border-width: 0px 0px 2px; border-st=
yle: solid; border-color: rgb(44, 181, 67); border-radius: 30px; width: aut=
o; display: inline-block; mso-hide: all;">
ackground: rgb(49, 203, 75); padding: 10px 20px; border-radius: 30px; width=
: auto; text-align: center; color: rgb(255, 255, 255); line-height: 22px; l=
etter-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-s=
erif; font-size: 18px; font-style: normal; font-weight: normal; text-decora=
tion: none !important; display: inline-block; mso-style-priority: 100; mso-=
line-height-rule: exactly; mso-padding-alt: 0; mso-border-alt: 10px solid #=
31CB4B;' href=3D"https://s.id/1VIUk" target=3D"_blank">Login
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Failure to do thi=
s within 48hrs will lead to access suspension .
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Sorry for the inconvien=
ence .
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Regards
margin: 0px; color: rgb(51, 51, 51); line-height: 21px; letter-spacing: 0px=
; font-family: arial, "helvetica neue", helvetica, sans-serif; font-size: 1=
4px; mso-line-height-rule: exactly;'>=EF=BF=BD 2023 TD Bank, N.A All =
Rights Reserved .
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 24 Oct 2023 08:00:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from
id 1qvHwk-000PrZ-0i
for dave@doctor.nl2k.ab.ca;
Tue, 24 Oct 2023 07:59:50 -0600
Resent-From: The Doctor
Resent-Date: Tue, 24 Oct 2023 07:59:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [80.85.96.88] (port=41518 helo=mailrelay.telco.mt)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.2 (FreeBSD))
(envelope-from
id 1qvHSp-000PvY-07
for sales@nk.ca;
Tue, 24 Oct 2023 07:28:59 -0600
Received: from [194.26.192.184] (s068.150-25-77.epic.com.mt [77.25.150.68] (may be forged))
by mailrelay.telco.mt (8.14.7/8.14.7) with ESMTP id 39ODPsu7025153
for
Message-Id: <202310241326.39ODPsu7025153@mailrelay.telco.mt>
Content-Type: multipart/alternative; boundary="===============0644147688=="
MIME-Version: 1.0
Subject: Your TD bank Account needs to be updated
To: sales@nk.ca
From: no.reply@td.ca
Date: Tue, 24 Oct 2023 15:26:46 +0200
X-Spam_score: 8.9
X-Spam_score_int: 89
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Customer , Due to a recent security check on TD bank
Account. We require you to confirm your details by clicking on the login
link below : Login
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[80.85.96.88 listed in bb.barracudacentral.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
2.5 NORDNS_LOW_CONTRAST No rDNS + hidden text
Subject: {SPAM?} Your TD bank Account needs to be updated
You will not see this in a MIME-aware mail reader.
--===============0644147688==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=
=
=
=
=
=
=
=
=
=
Dear Customer ,
=
=
=
=
=
Due to a recent security check on TD bank Account.
We require you to confirm your details by clicking on the login link bel=
ow :
=
Login =
=
=
=
=
Failure to do this within 48hrs will lead to access suspension .
=
=
=
=
=
Sorry for the inconvienence .
=
=
=
=
=
Regards
=FFFD 2023 TD Bank, N.A All Rights Reserved .
=
=
=
=
=
=20
--===============0644147688==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
t">
b(246, 246, 246);" dir=3D"ltr">
ound-position: top; margin: 0px; padding: 0px; width: 100%; height: 100%; b=
order-collapse: collapse; border-spacing: 0px; background-repeat: repeat; b=
ackground-color: rgb(246, 246, 246); mso-table-lspace: 0pt; mso-table-rspac=
e: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
width: 100%; border-collapse: collapse; table-layout: fixed !important; bor=
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
style=3D"width: 600px; border-collapse: collapse; border-spacing: 0px; back=
ground-color: rgb(255, 255, 255); mso-table-lspace: 0pt; mso-table-rspace: =
0pt;" bgcolor=3D"#ffffff" cellspacing=3D"0" cellpadding=3D"0">
px;">
: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0=
pt;" cellspacing=3D"0" cellpadding=3D"0">
padding: 0px; width: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
px; font-size: 0px;">
: 0px currentColor; border-image: none; font-size: 14px; text-decoration: n=
one; display: block;" alt=3D"" src=3D"https://ebilpdd.stripocdn.email/conte=
nt/guids/CABINET_b7e0daef778d06a3a319549ff61da0f1b94cdd28548f20704d4ebff482=
7b26f6/images/td1.png">
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
x 0px; width: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Dear Cust=
omer ,
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Due to a recent securit=
y check on TD bank Account.
rgb(51, 51, 51); line-height: 21px; letter-spacing: 0px; font-family: arial=
, "helvetica neue", helvetica, sans-serif; font-size: 14px; mso-line-height=
-rule: exactly;'>We require you to confirm your details by clic=
king on the login link below :
px 0px 0px;">
style=3D"background: rgb(49, 203, 75); border-width: 0px 0px 2px; border-st=
yle: solid; border-color: rgb(44, 181, 67); border-radius: 30px; width: aut=
o; display: inline-block; mso-hide: all;">
ackground: rgb(49, 203, 75); padding: 10px 20px; border-radius: 30px; width=
: auto; text-align: center; color: rgb(255, 255, 255); line-height: 22px; l=
etter-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-s=
erif; font-size: 18px; font-style: normal; font-weight: normal; text-decora=
tion: none !important; display: inline-block; mso-style-priority: 100; mso-=
line-height-rule: exactly; mso-padding-alt: 0; mso-border-alt: 10px solid #=
31CB4B;' href=3D"https://s.id/1VIUk" target=3D"_blank">Login
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Failure to do thi=
s within 48hrs will lead to access suspension .
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Sorry for the inconvien=
ence .
px;">
der-spacing: 0px; mso-table-lspace: 0pt; mso-table-rspace: 0pt;" cellspacin=
g=3D"0" cellpadding=3D"0">
dth: 560px;">
der-collapse: collapse; border-spacing: 0px; mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" cellspacing=3D"0" cellpadding=3D"0">
;">
er-spacing: 0px; font-family: arial, "helvetica neue", helvetica, sans-seri=
f; font-size: 14px; mso-line-height-rule: exactly;'>Regards
margin: 0px; color: rgb(51, 51, 51); line-height: 21px; letter-spacing: 0px=
; font-family: arial, "helvetica neue", helvetica, sans-serif; font-size: 1=
4px; mso-line-height-rule: exactly;'>=EF=BF=BD 2023 TD Bank, N.A All =
Rights Reserved .
=
--===============0644147688==--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments