Amex Fraud Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 27 Nov 2024 16:45:20 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tGRhl-00000000GOe-0FUC

for dave@doctor.nl2k.ab.ca;

Wed, 27 Nov 2024 16:44:21 -0700

Resent-From: The Doctor

Resent-Date: Wed, 27 Nov 2024 16:44:21 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.basa.school ([88.198.207.53]:36922 helo=elitzoo)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tGRHU-000000001MF-2AgA

for doctor@nk.ca;

Wed, 27 Nov 2024 16:17:17 -0700

Received: from techno_group_usr by elitzoo with local (Exim 4.96)

(envelope-from )

id 1tGRFd-004bLq-0S

for doctor@nk.ca;

Thu, 28 Nov 2024 01:15:17 +0200

To: doctor@nk.ca

Subject: Action Needed: Verify Your Account to Restore Access

X-PHP-Originating-Script: 1009:ez.php

From: Amex Fraud Detection Team

Reply-To: support@techno-group.com.ua

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Message-Id:

Date: Thu, 28 Nov 2024 01:15:17 +0200

X-Spam_score: 10.9

X-Spam_score_int: 109

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Account Security Notification Account Security Alert



Content analysis details: (10.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[88.198.207.53 listed in dnsbl.ahbl.org]

[88.198.207.53 listed in dnsbl.ahbl.org]

[88.198.207.53 listed in dnsbl.ahbl.org]

[88.198.207.53 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[88.198.207.53 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[88.198.207.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[88.198.207.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[88.198.207.53 listed in dnsbl.ahbl.org]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.0 FSL_HELO_NON_FQDN_1 No description available.

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

0.5 HELO_NO_DOMAIN Relay reports its domain incorrectly

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.9 URI_PHISH Phishing using web form

1.0 ACCT_PHISHING Possible phishing for account information

Subject: {SPAM?} Action Needed: Verify Your Account to Restore Access













Account Security Notification















Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA