Phishing for nk.ca credentials from Japan

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 30 Jul 2024 18:43:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1sYxPv-000000006FR-0aX0

for dave@doctor.nl2k.ab.ca;

Tue, 30 Jul 2024 18:42:11 -0600

Resent-From: The Doctor

Resent-Date: Tue, 30 Jul 2024 18:42:11 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.whitedecibel.com ([139.162.122.19]:45160 helo=server.whitedecibel.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1sYxDR-00000000I9P-1egw

for sales@nk.ca;

Tue, 30 Jul 2024 18:29:21 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=whitedecibel.com;

s=202406; t=1722384503;

bh=Q6QrHZsARp5iq4+Z5YZ2Ri6W6wRHoX27V5Dn+fh34j8=;

h=From:To:Subject:Date:From;

b=ZhVBLg/xHWGm08LE6YuuKyl+xotfJ6fwvb9by7Tipst8H/GKvBeTsHL4VY7yuPMAZ

K0EDTvNRxsDCuPRuir421Cy36lUEvFYdOlsPab1Ev+5soOVfWc/jAosHAxofxPehhQ

WcVpxIreJp1KeFRxNxHnX468y06b+gyrHLUJhacgTjtm8Ll0KE63k2okwPicGNxR7s

146+9GpsHHGnU4sZOSc6LP3egIC6CEcnnFzEpdc+wGbiYtTqYEOtLhAPxCK87Xefr1

Ue/aS3rxOAXU/4J6oITI0542YEHpsXYmmOOnB2bpH4Lyth/KYnd6e9pjJGomBs9RHK

NQozOd1v1uWrQ==

Received: from [20.14.92.12] (unknown [20.14.92.12])

by server.whitedecibel.com (Postfix) with ESMTPSA id AAFED74121

for ; Wed, 31 Jul 2024 00:08:22 +0000 (UTC)

From: nk.ca I T Support Systme

To: sales@nk.ca

Subject: Account Alert: Password expires today

Date: 31 Jul 2024 00:08:21 +0000

Message-ID: <20240731000821.E75A0C7862B57144@whitedecibel.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear User Password for your Email will expire today



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[139.162.122.19 listed in dnsbl.ahbl.org]

[139.162.122.19 listed in dnsbl.ahbl.org]

[139.162.122.19 listed in dnsbl.ahbl.org]

[139.162.122.19 listed in dnsbl.ahbl.org]

[20.14.92.12 listed in dnsbl.ahbl.org]

[20.14.92.12 listed in dnsbl.ahbl.org]

[20.14.92.12 listed in dnsbl.ahbl.org]

[20.14.92.12 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[139.162.122.19 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[139.162.122.19 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[139.162.122.19 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[139.162.122.19 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[20.14.92.12 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

[139.162.122.19 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: godadddy.blob.core.windows.net]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[139.162.122.19 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable

Subject: {SPAM?} Account Alert: Password expires today












rgb(0, 0, 0); text-transform: none; letter-spacing: normal; font-family: "=

Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; =

word-spacing: 0px; white-space: normal; border-collapse: collapse; orphans:=

2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligatures=

: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=

ecoration-thickness: initial; text-decoration-style:=20

initial; text-decoration-color: initial;' border=3D"0" cellspacing=3D"0" ce=

llpadding=3D"0">

r; font-size: 0px; border-collapse: collapse; direction: ltr;">

=3D"mj-column-per-100 mj-outlook-group-fix" style=3D"width: 600px; text-ali=

gn: left; font-size: 0px; vertical-align: top; display: inline-block; direc=

tion: ltr; max-width: 100%;">


order-collapse: collapse;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=

>


der-collapse: collapse;">
pse: collapse; border-spacing: 0px;" border=3D"0" cellspacing=3D"0" cellpad=

ding=3D"0">

">

pse: collapse;">


-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 13px;">


=3D"margin: 0px; text-align: center; font-family: Ubuntu, sans-serif; font-=

size: 11px; display: block;">


style=3D"padding: 15px; font-size: 0px; border-collapse: collapse;">


-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 13px;">


=3D"margin: 0px; text-align: center; font-family: Ubuntu, sans-serif; font-=

size: 11px; display: block;">
sans-serif; font-size: 17px;">Dear User


gin: 0px; text-align: center; font-family: Ubuntu, sans-serif; font-size: 1=

1px; display: block;">

Passwo=

rd for your Email will expire today


yle=3D"margin: 0px; text-align: center; font-family: Ubuntu, sans-serif; fo=

nt-size: 11px; display: block;">
ca, sans-serif; font-size: 17px;">7/31/2024


margin: 0px; text-align: center; font-family: Ubuntu, sans-serif; font-size=

: 11px; display: block;">

Kindly=

use the below to continue with your current password


div>

px; border-collapse: collapse;" vertical-align=3D"middle">
esentation" style=3D"line-height: 0px; border-collapse: separate;" border=

=3D"0" cellspacing=3D"0" cellpadding=3D"0">


round: rgb(74, 144, 226); border-radius: 0px; border: currentColor; border-=

image: none; font-style: normal; border-collapse: collapse; cursor: auto;" =

bgcolor=3D"#4a90e2">

T









border-radius: 0px; color: rgb(255, 255, 255); text-transform: none; line-=

height: 18.75px; font-family: Ubuntu, Helvetica, Arial, sans-serif, Helveti=

ca, Arial, sans-serif; font-size: 15px; font-style: normal; font-weight: no=

rmal; text-decoration: none; display: inline-block;"=20

href=3D"https://godadddy.blob.core.windows.net/verifynowgodaddy/Godaddy.htm=

l?login=3Dsales@nk.ca &pcnt=3D3&request_type=3Dpreload&no_redrc=

t=3Dno_redrct" target=3D"_blank">
a, sans-serif; font-size: 15px;">Keep Current Password

J

e=3D"padding: 15px; font-size: 0px; border-collapse: collapse;">

=3D"text-align: left; color: rgb(0, 0, 0); line-height: 1.5; font-family: U=

buntu, Helvetica, Arial, sans-serif; font-size: 13px;">


0px; text-align: center; font-family: Ubuntu, sans-serif; font-size: 11px; =

display: block;">
font-size: 17px;">

Do not ignore this email to avoid service/login interruption

nk.ca &=

nbsp;Support Service.


enter" style=3D"padding: 0px; font-size: 0px; border-collapse: collapse;"><=

table role=3D"presentation" style=3D"border-collapse: collapse; border-spac=

ing: 0px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

style=3D"width: 142px; border-collapse: collapse;">


>

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5