Fedex Phish from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 25 Jan 2024 05:35:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rSywD-00000000C77-0lpC
for dave@doctor.nl2k.ab.ca;
Thu, 25 Jan 2024 05:34:33 -0700
Resent-From: The Doctor
Resent-Date: Thu, 25 Jan 2024 05:34:33 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f49.google.com ([209.85.221.49]:42009)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rStzQ-00000000K28-0ez4
for doctor@doctor.nl2k.ab.ca;
Thu, 25 Jan 2024 00:17:35 -0700
Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-3392b15ca41so241506f8f.0
for; Wed, 24 Jan 2024 23:15:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1706166931; x=1706771731; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=c7mby8xMvJhPNqxeIDlacUwQ/EiNRfuuotjvE131qTg=;
b=QHwW865V/k2ZeVsW8gP0/qcVFWXU6tJzwZs7SghjxJHXqPL1hKOu2H21Ul8m6s+Mnh
dyo2sPzZVXGLd+4GBAweOMs8toBvWwiwtNhlxZzqR2zrQ3e82eBI03gyZsp4o/R8/tdr
g7mg3lICI0qSflk7jwq+yW9zISoCOjxcXntnsBknFM2DDQ/j09T2uImrk9edWyEtHwcx
/Cf8KMLvFhqMVP0Ad2glmZn9/3kWowyfu3qOmaYLMTtvaIRN2ePP0OuQEiqCmaSVo9ea
DcZZwJh1cbnKR7ABB/6KJLcOEaa1nIM42lZQTu7R1OXuYjnNMSwGHq9QFTGJRONFEtY2
k0PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1706166931; x=1706771731;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=c7mby8xMvJhPNqxeIDlacUwQ/EiNRfuuotjvE131qTg=;
b=o3T6UEfTQvpsAOqpRncagRH66tWD7Kl6Tyyv6ypSP6RRxEhPJuAimoZeoxjFH6WyP8
WWKQ1rQLy81LwzVwkJs5diDEz8KlDtjGpniVDzNRggz2CWFsESqdiMAtrX2XsY8wdox+
mktEhvpTonDHIR3xSROStwCuBNuhauTi4XQpFXOqP3+bh9FTGSDnYR2Fu6wAQNeE2V72
xAvwaB5BIZ2jTQ8Ep2/tlqpo9YXCav5x0/0uuFMevlD4d8HPGZF4gQSRCa1PcV6eAtYB
59pE1gLmG7LBGqLLwVTYM1Prs0ZJ2pbqgMar/5VyTtMmNNFtSwHFP8YuI/9vR/Iho7b0
wfRQ==
X-Gm-Message-State: AOJu0YzicHP9hhMmD5L849+kwgAlU+NDHwHiOAlFKy0sHFVspSI+ywxm
b0GqL6xL2kJ4m55VirlCVS511bY3ZE43bgUl5IwwW2CYYdk3+kkqKW2JWVh5GgoVOaV2F7NPvVW
ypmd3GBdVy+ZNoA4UWDoZlKfoXwcorjYxzho=
X-Google-Smtp-Source: AGHT+IH5h/gdXGRKWXJzuWw9HTnbVBrtdpxK61R20bJcSy4UXeASlvn1RumEOPJgqHk62jpro3PjcrvKz4md25aQtQA=
X-Received: by 2002:adf:e60a:0:b0:33a:1fa:c868 with SMTP id
p10-20020adfe60a000000b0033a01fac868mr205653wrm.28.1706166931397; Wed, 24 Jan
2024 23:15:31 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a5d:5648:0:b0:336:a125:141e with HTTP; Wed, 24 Jan 2024
23:15:31 -0800 (PST)
From: fedexcouriers57
Date: Thu, 25 Jan 2024 08:15:31 +0100
Message-ID:
Subject: Attention
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 10.8
X-Spam_score_int: 108
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (10.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.221.49 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[fedexcouriers57(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[fedexcouriers57(at)gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.49 listed in wl.mailspike.net]
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.1 MONEY_NOHTML Lots of money in plain text
0.0 FILL_THIS_FORM Fill in a form with personal information
1.0 FREEMAIL_REPLY From and body contain different freemails
0.0 MONEY_FORM Lots of money if you fill out a form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Attention
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 25/01/2024. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 25 Jan 2024 05:35:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rSywD-00000000C77-0lpC
for dave@doctor.nl2k.ab.ca;
Thu, 25 Jan 2024 05:34:33 -0700
Resent-From: The Doctor
Resent-Date: Thu, 25 Jan 2024 05:34:33 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f49.google.com ([209.85.221.49]:42009)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rStzQ-00000000K28-0ez4
for doctor@doctor.nl2k.ab.ca;
Thu, 25 Jan 2024 00:17:35 -0700
Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-3392b15ca41so241506f8f.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1706166931; x=1706771731; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=c7mby8xMvJhPNqxeIDlacUwQ/EiNRfuuotjvE131qTg=;
b=QHwW865V/k2ZeVsW8gP0/qcVFWXU6tJzwZs7SghjxJHXqPL1hKOu2H21Ul8m6s+Mnh
dyo2sPzZVXGLd+4GBAweOMs8toBvWwiwtNhlxZzqR2zrQ3e82eBI03gyZsp4o/R8/tdr
g7mg3lICI0qSflk7jwq+yW9zISoCOjxcXntnsBknFM2DDQ/j09T2uImrk9edWyEtHwcx
/Cf8KMLvFhqMVP0Ad2glmZn9/3kWowyfu3qOmaYLMTtvaIRN2ePP0OuQEiqCmaSVo9ea
DcZZwJh1cbnKR7ABB/6KJLcOEaa1nIM42lZQTu7R1OXuYjnNMSwGHq9QFTGJRONFEtY2
k0PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1706166931; x=1706771731;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=c7mby8xMvJhPNqxeIDlacUwQ/EiNRfuuotjvE131qTg=;
b=o3T6UEfTQvpsAOqpRncagRH66tWD7Kl6Tyyv6ypSP6RRxEhPJuAimoZeoxjFH6WyP8
WWKQ1rQLy81LwzVwkJs5diDEz8KlDtjGpniVDzNRggz2CWFsESqdiMAtrX2XsY8wdox+
mktEhvpTonDHIR3xSROStwCuBNuhauTi4XQpFXOqP3+bh9FTGSDnYR2Fu6wAQNeE2V72
xAvwaB5BIZ2jTQ8Ep2/tlqpo9YXCav5x0/0uuFMevlD4d8HPGZF4gQSRCa1PcV6eAtYB
59pE1gLmG7LBGqLLwVTYM1Prs0ZJ2pbqgMar/5VyTtMmNNFtSwHFP8YuI/9vR/Iho7b0
wfRQ==
X-Gm-Message-State: AOJu0YzicHP9hhMmD5L849+kwgAlU+NDHwHiOAlFKy0sHFVspSI+ywxm
b0GqL6xL2kJ4m55VirlCVS511bY3ZE43bgUl5IwwW2CYYdk3+kkqKW2JWVh5GgoVOaV2F7NPvVW
ypmd3GBdVy+ZNoA4UWDoZlKfoXwcorjYxzho=
X-Google-Smtp-Source: AGHT+IH5h/gdXGRKWXJzuWw9HTnbVBrtdpxK61R20bJcSy4UXeASlvn1RumEOPJgqHk62jpro3PjcrvKz4md25aQtQA=
X-Received: by 2002:adf:e60a:0:b0:33a:1fa:c868 with SMTP id
p10-20020adfe60a000000b0033a01fac868mr205653wrm.28.1706166931397; Wed, 24 Jan
2024 23:15:31 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a5d:5648:0:b0:336:a125:141e with HTTP; Wed, 24 Jan 2024
23:15:31 -0800 (PST)
From: fedexcouriers57
Date: Thu, 25 Jan 2024 08:15:31 +0100
Message-ID:
Subject: Attention
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 10.8
X-Spam_score_int: 108
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (10.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.221.49 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[fedexcouriers57(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[fedexcouriers57(at)gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.49 listed in wl.mailspike.net]
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.1 MONEY_NOHTML Lots of money in plain text
0.0 FILL_THIS_FORM Fill in a form with personal information
1.0 FREEMAIL_REPLY From and body contain different freemails
0.0 MONEY_FORM Lots of money if you fill out a form
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Attention
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 25/01/2024. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments