Interactive Brokers Canada Inc. 2FA Phish From Google
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Jul 2026 08:28:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wje6Y-00000000LWx-1p8o
for dave@doctor.nl2k.ab.ca;
Tue, 14 Jul 2026 08:27:26 -0600
Resent-From: The Doctor
Resent-Date: Tue, 14 Jul 2026 08:27:26 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from wap-lite-haixing.com ([35.219.161.115]:58173 helo=campaigns.wap-lite-haixing.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wjdlj-00000000HJI-3Ucx
for root@nk.ca;
Tue, 14 Jul 2026 08:06:04 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default;
d=campaigns.wap-lite-haixing.com;
h=Content-Type:MIME-Version:From:To:Subject:Date:Message-ID;
i=finance@brzwci.campaigns.wap-lite-haixing.com;
bh=LplRm6CuLvidNPTg2tPSG7Yu4qAJ69y113UxkIaUtng=;
b=GBGV5aDCGgCxI6wo30Emh9MSI+BWrsu0PQo2NAOwj+ckjHRSbSt9cPZLzmOqpEd4ElNhfVs9z0W+
5C/sFjF6W/Ak3qedT5FLI2lcmN4xHu1+tU4qlZ6YDgWDH1yOYNPZgx7y8tNPllSK53IQ80wVftyK
6m99CHLQgoTxsraD/u3VEnRPGbYOJxWJwmQFlTRchzfWpXUDZ+ScWG2kehtyeUZxUyUD7ihBE/Xh
pySF4wPvAFstHdPJx6WbzmHFvf6z1tOY94xUZX4m8y1kKa+0pWVjcEtroAz9mDzAge0qhuJpdpnQ
x5J95d4Locn/sMqKfgEN57LP77MH7aaI8Mc/fA==
Content-Type: multipart/alternative;
boundary="===============6817175869246814039=="
MIME-Version: 1.0
From: IBKR Security
To: root@nk.ca
Subject: Security Upgrade - Two-Factor Authentication Now Mandatory
Date: Tue, 14 Jul 2026 23:05:07 +0900
Message-ID:
<178403790730.3567.12778854735615802399@brzwci.campaigns.wap-lite-haixing.com>
X-Spam_score: 12.7
X-Spam_score_int: 127
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Subject: Security Upgrade: Two-Factor Authentication Now Mandatory
root, As part of our ongoing commitment to safeguarding client assets and
personal information, Interactive Brokers Canada Inc. is now requiring Two-Factor
Authentication (2FA) for all account access. This [...]
Content analysis details: (12.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[35.219.161.115 listed in dnsbl.ahbl.org]
[35.219.161.115 listed in dnsbl.ahbl.org]
[35.219.161.115 listed in dnsbl.ahbl.org]
[35.219.161.115 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[35.219.161.115 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[35.219.161.115 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[35.219.161.115 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[35.219.161.115 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
[35.219.161.115 listed in will-spam-for-food.eu.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: laewz.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
2.3 MANGLED_PLEASE BODY: mangled please
2.3 MANGLED_EMAIL BODY: mangled email
2.3 MANGLED_ACTION BODY: mangled action
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[35.219.161.115 listed in bl.score.senderscore.com]
1.5 MR_STRANGE_QUESTION URI: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)
Subject: {SPAM?} Security Upgrade - Two-Factor Authentication Now Mandatory
--===============6817175869246814039==
Content-Type: text/plain; charset="iso-2022-jp"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Security Upgrade: Two-Factor Authentication Now Mandatory
root,
As part of our ongoing commitment to safeguarding client assets and personal information, Interactive Brokers Canada Inc. is now requiring Two-Factor Authentication (2FA) for all account access. This enhanced security measure aligns with guidance from the Canadian Investment Regulatory Organization (CIRO) and industry best practices for protecting online trading accounts.
Once enabled, 2FA adds an additional layer of protection by requiring a one-time verification code -- delivered via SMS or an authenticator application -- in addition to your existing credentials each time you log in. This significantly reduces the risk of unauthorised access, even if your password has been compromised.
--- SETUP INSTRUCTIONS ---
Step 1: Log in to your account via the link below using your current credentials.
Step 2: Navigate to Settings > Security > Two-Factor Authentication.
Step 3: Select your preferred 2FA method (SMS or authenticator app).
Step 4: Confirm your setup by entering the verification code sent to your chosen device.
---------------------------
Enabling 2FA takes less than two minutes and provides continuous protection for your account and assets.
LOG IN TO ENABLE 2FA:
https://www.laewz.com/?3ckvmzQ2yPepvA8ksxerC8l0
Please note: Interactive Brokers Canada Inc. will never contact you by phone, email, or SMS to request your password, verification codes, or other sensitive credentials. Always log in through the official website or mobile application.
Interactive Brokers Canada Inc. -- Information Security Team
---
Interactive Brokers Canada Inc. | Member of CIRO & CIPF
This is an automated security notification sent to the registered email address of root.
If you have already enabled 2FA, please disregard this message.
--===============6817175869246814039==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
...
--===============6817175869246814039==--