2FA Phish from USA Midwest
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 04 Jan 2024 15:30:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rLWDc-000000004n5-2fJ9
for dave@doctor.nl2k.ab.ca;
Thu, 04 Jan 2024 15:29:40 -0700
Resent-From: The Doctor
Resent-Date: Thu, 4 Jan 2024 15:29:40 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-10964872.us-midwest-2.nxcli.net ([192.190.220.44]:60812)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rLPCr-000000005qw-3GhO
for sales@nk.ca;
Thu, 04 Jan 2024 08:00:31 -0700
Received: (qmail 1831 invoked by uid 108); 4 Jan 2024 14:58:55 +0000
Received: from unknown (HELO cloudhost-10964872.us-midwest-2.nxcli.net) (127.0.0.1)
by cloudhost-10964872.us-midwest-2.nxcli.net with SMTP; 4 Jan 2024 14:58:55 +0000
Received: from [10.0.0.4] ([98.67.160.60])
by cloudhost-10964872.us-midwest-2.nxcli.net with ESMTPSA
id gGu5H6/HlmUIBwAAi6NlWg
(envelope-from)
for; Thu, 04 Jan 2024 14:58:55 +0000
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Reply-To: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="
Message-ID: <4a05da41635746a3be3fbe0f6923898c@1302fe695f.nxcli.io>
X-Priority: 2 (High)
From: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="
To: sales@nk.ca
Subject: Immediate Action Required: Enable 2FA for Account Safety
Date: Thu, 04 Jan 2024 14:58:54 +0000
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_72ED_6674E578.289A905C"
X-Spam_score: 5.5
X-Spam_score_int: 55
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Activate 2-Factor Authentication Dear sales@nk.ca, Enhance
the security of your account by activating 2-Factor Authentication (2FA).
This additional layer of protection ensures that only you can access your
account. To activate 2FA, [...]
Content analysis details: (5.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 UNICODE_OBFU_ASC Obfuscating text with unicode
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} Immediate Action Required: Enable 2FA for Account Safety
X-Antivirus: AVG (VPS 240104-18, 1/4/2024), Inbound message
X-Antivirus-Status: Clean
------=_NextPart_000_72ED_6674E578.289A905C
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Activate 2-Factor Authentication
Dear sales@nk.ca,
Enhance the security of your account by activating 2-Factor Authentication =
(2FA). This additional layer of protection ensures that only you can access=
your account.
To activate 2FA, click the button below:
Activate 2FA
Thank you for choosing to secure your account with 2FA.
Best Regards,
@2024 M=D0=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation
Questions? Visit our Help Center.
------=_NextPart_000_72ED_6674E578.289A905C
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
=0A
=3D"en">Activate 2-Factor Authentication =0A
nt=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Type">=0A
=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">=0A
=3D"#ffffff">
s=3D1 cellPadding=3D0 width=3D"100%" align=3Dleft border=3D0>
lPadding=3D0 width=3D"100%" align=3Dleft border=3D0>
=0A
ellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A
y>=0A =0A
er">=0A
cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A =
=0A =0A
ff" align=3D"center">=0AActivate 2=
=0A
g=3D"0" width=3D"500" bgcolor=3D"#ffffff" border=3D"0">=0A =
=0A=0A
"left">=0A
IZE: 16px; LINE-HEIGHT: 1.5">Dear sales@nk.ca,=0A
=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Enhance the security of =0A =
your account by activating 2-Factor Authentication (2FA). This =0A =
additional layer of protection ensures that only you can access your =
=0A account.=0A
-HEIGHT: 1.5">To activate 2FA, click =0A the button below:
-- CTA Button -->=0A
bgcolor=3D"#ffffff" border=3D"0">=0A =0A <=
tr>=0A
PADDING-LEFT: 20px; PADDING-RIGHT: 20px; BACKGROUND-COLOR: #0071eb; border=
-radius: 5px" bgcolor=3D"#ffffff">
ION: none; FONT-WEIGHT: bold; COLOR: #ffffff" href=3D"https://shopsfosralls=
.com/">Activate 2FA =0A =0A =
e=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Best Regards,
ter__PolicyCopyLink-sc-rarfco-3 jrzEXq paragraph">@2024 =0A M=D0=
=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation=
=0A
=3D"0" cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=
=0A =0A=0A
=3D"#ffffff" align=3D"center">=0A
OLOR: #ffffff">Questions? Visit our
COLOR: #ffffff" href=3D"[YourHelpCenterLink]">Help =0A Center.<=
/td> =0A
------=_NextPart_000_72ED_6674E578.289A905C--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 04 Jan 2024 15:30:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rLWDc-000000004n5-2fJ9
for dave@doctor.nl2k.ab.ca;
Thu, 04 Jan 2024 15:29:40 -0700
Resent-From: The Doctor
Resent-Date: Thu, 4 Jan 2024 15:29:40 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-10964872.us-midwest-2.nxcli.net ([192.190.220.44]:60812)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rLPCr-000000005qw-3GhO
for sales@nk.ca;
Thu, 04 Jan 2024 08:00:31 -0700
Received: (qmail 1831 invoked by uid 108); 4 Jan 2024 14:58:55 +0000
Received: from unknown (HELO cloudhost-10964872.us-midwest-2.nxcli.net) (127.0.0.1)
by cloudhost-10964872.us-midwest-2.nxcli.net with SMTP; 4 Jan 2024 14:58:55 +0000
Received: from [10.0.0.4] ([98.67.160.60])
by cloudhost-10964872.us-midwest-2.nxcli.net with ESMTPSA
id gGu5H6/HlmUIBwAAi6NlWg
(envelope-from
for
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Reply-To: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="
Message-ID: <4a05da41635746a3be3fbe0f6923898c@1302fe695f.nxcli.io>
X-Priority: 2 (High)
From: "=?utf-8?Q?M=D0=B5taM=D0=B0sk?="
To: sales@nk.ca
Subject: Immediate Action Required: Enable 2FA for Account Safety
Date: Thu, 04 Jan 2024 14:58:54 +0000
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_72ED_6674E578.289A905C"
X-Spam_score: 5.5
X-Spam_score_int: 55
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Activate 2-Factor Authentication Dear sales@nk.ca, Enhance
the security of your account by activating 2-Factor Authentication (2FA).
This additional layer of protection ensures that only you can access your
account. To activate 2FA, [...]
Content analysis details: (5.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 UNICODE_OBFU_ASC Obfuscating text with unicode
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} Immediate Action Required: Enable 2FA for Account Safety
X-Antivirus: AVG (VPS 240104-18, 1/4/2024), Inbound message
X-Antivirus-Status: Clean
------=_NextPart_000_72ED_6674E578.289A905C
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Activate 2-Factor Authentication
Dear sales@nk.ca,
Enhance the security of your account by activating 2-Factor Authentication =
(2FA). This additional layer of protection ensures that only you can access=
your account.
To activate 2FA, click the button below:
Activate 2FA
Thank you for choosing to secure your account with 2FA.
Best Regards,
@2024 M=D0=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation
Questions? Visit our Help Center.
------=_NextPart_000_72ED_6674E578.289A905C
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
=0A
=3D"en">
nt=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Type">=0A
=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">=0A
=3D"#ffffff">
s=3D1 cellPadding=3D0 width=3D"100%" align=3Dleft border=3D0>
lPadding=3D0 width=3D"100%" align=3Dleft border=3D0>
=C2=A0
=0Aellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A
y>=0A
er">=0A
cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=0A =
ff" align=3D"center">=0A
Activate 2=
-Factor =0A Authentication
g=3D"0" width=3D"500" bgcolor=3D"#ffffff" border=3D"0">=0A =
=0A
"left">=0A
order=3D"0" src=3D"https://theme.zdassets.com/theme_assets/2313093/bad730fb=
4fa8145bf225c509b343cc23f951c2e9.svg">
IZE: 16px; LINE-HEIGHT: 1.5">Dear sales@nk.ca,=0A
=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Enhance the security of =0A =
your account by activating 2-Factor Authentication (2FA). This =0A =
additional layer of protection ensures that only you can access your =
=0A account.=0A
-HEIGHT: 1.5">To activate 2FA, click =0A the button below:
-- CTA Button -->=0A
bgcolor=3D"#ffffff" border=3D"0">=0A
tr>=0A
PADDING-LEFT: 20px; PADDING-RIGHT: 20px; BACKGROUND-COLOR: #0071eb; border=
-radius: 5px" bgcolor=3D"#ffffff">
ION: none; FONT-WEIGHT: bold; COLOR: #ffffff" href=3D"https://shopsfosralls=
.com/">Activate 2FA =0A =0A =
Thank you for choosin=
g =0A to secure your account with 2FA.
e=3D"FONT-SIZE: 16px; LINE-HEIGHT: 1.5">Best Regards,
ter__PolicyCopyLink-sc-rarfco-3 jrzEXq paragraph">@2024 =0A M=D0=
=B5taM=D0=B0sk =E2=80=A2 A Consensys Formation=
=0A
=3D"0" cellpadding=3D"0" width=3D"100%" bgcolor=3D"#ffffff" border=3D"0">=
=0A =0A
=3D"#ffffff" align=3D"center">=0A
OLOR: #ffffff">Questions? Visit our
COLOR: #ffffff" href=3D"[YourHelpCenterLink]">Help =0A Center.<=
/td>
------=_NextPart_000_72ED_6674E578.289A905C--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments