Lottery Phishing from Japan

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jan 2024 22:50:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rOAQV-000000009On-2b5M

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jan 2024 22:49:55 -0700

Resent-From: The Doctor

Resent-Date: Thu, 11 Jan 2024 22:49:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [202.33.141.45] (port=53484 helo=mother.comworth.co.jp)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rO9L0-000000005Ue-04ec

for sales@nk.ca;

Thu, 11 Jan 2024 21:40:13 -0700

Received: from IP-144-241 (unknown [109.248.144.241])

by mother.comworth.co.jp (Postfix) with ESMTPA id A926B30246CBA

for ; Fri, 12 Jan 2024 13:37:31 +0900 (JST)

From: "Admin"

Subject: Re: FYI~

To:

Content-Type: multipart/alternative; boundary="aENkl6uky01MtVbfthpUbbi=_qKcaNcB4n"

MIME-Version: 1.0

Reply-To:

Date: Fri, 12 Jan 2024 05:37:29 +0100

Message-Id: <2024120105372885B582420A$1615A2333B@comcast.net>

X-Spam_score: 9.9

X-Spam_score_int: 99

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day sales, This is to officially inform you that your

email address emerged as one of the selected lucky winners of £750,000.00

in the international lottery jackpot 2023. This program was sponsored and

organized by Coca-Cola in conjunction with Ann Uarmusa Organization for the

final quarter of the year jackpot.



Content analysis details: (9.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[jababarman975(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[iello(at)comcast.net]

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.8 HK_LOTTO No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to

1.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: FYI~



This is a multi-part message in MIME format



--aENkl6uky01MtVbfthpUbbi=_qKcaNcB4n

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





Good day sales,



This is to officially inform you that your email address emerged as on=

e of the selected lucky winners of =A3750,000.00 in the international =

lottery jackpot 2023.



This program was sponsored and organized by Coca-Cola in conjunction w=

ith Ann Uarmusa Organization for the final quarter of the year jackpot=

=2E



You are among the lucky 500 beneficiaries to gain from this global lot=

tery program (GLP 2023).

Below are your approved details to claim your winnings.

Winning Reference Number: CCCI-GLP-W20-CL23



Kindly contact Mr. Eugene Drumio by Email:=20



dast79709@gmail.com mailto:dast79709@gmail.com



; and quote your winning reference number: CCCI-GLP-W20-CL23



Once again, Congratulations!!!



Regards,



Gilbert Trouse

Coca Cola

Global Lottery Program (GLP 2023)



--aENkl6uky01MtVbfthpUbbi=_qKcaNcB4n

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








8859-1">


le=3D1"> <=

title>Re: FYI~




style=3D"FONT-SIZE: 15px; FONT-FAMILY: Arial, Helvetica, sans-serif; =

WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: n=

one; FONT-WEIGHT: 400; COLOR: rgb(36,36,36); FONT-STYLE: normal; ORPHA=

NS: 2; WIDOWS: 2; DISPLAY: inline !important; BACKGROUND-COLOR: rgb(25=

5,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-var=

iant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thi=

ckness: initial; text-decoration-style: initial; text-decoration-color=

: initial">Good day sales,


; FONT-FAMILY: Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD=

-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; CO=

LOR: rgb(36,36,36); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; DISPLAY=

: inline !important; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: =

0px; font-variant-ligatures: normal; font-variant-caps: normal; -webki=

t-text-stroke-width: 0px; text-decoration-thickness: initial; text-dec=

oration-style: initial; text-decoration-color: initial">I am still awa=

iting your Current Address & Phone Number in order to remit your p=

ending bequest payment to you.
Your prompt response is being antici=

pated for expedient action.


x; FONT-FAMILY: Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WOR=

D-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; C=

OLOR: rgb(36,36,36); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; DISPLA=

Y: inline !important; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT:=

0px; font-variant-ligatures: normal; font-variant-caps: normal; -webk=

it-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial">Faithfully,
R>Admin Emissary







--aENkl6uky01MtVbfthpUbbi=_qKcaNcB4n--

I1.17KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA