NetKnow Corporate Blog

p {

margin: 0;

}



.ie-container table,

.mso-container table {

table-layout: fixed;

}



* {

line-height: inherit;

}



a[x-apple-data-detectors='true'] {

color: inherit !important;

text-decoration: none !important;

}



table,

td {

color: #000000;

}



#u_body a {

color: #0000ee;

text-decoration: underline;

}



@media (max-width: 480px) {

#u_content_image_9 .v-container-padding-padding {

padding: 10px !important;

}

#u_content_image_9 .v-text-align {

text-align: center !important;

}

#u_content_image_8 .v-container-padding-padding {

padding: 10px !important;

}

#u_content_image_8 .v-text-align {

text-align: center !important;

}

}


























style=3D"" class=3D"" align=3D"left">

-hidden=3D"true">  

Outstanding Balance on Your 407 ETR Account 407 ETR Phish Part 1 Posted by Dave Yadallee on Friday, February 6. 2026 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-path: Envelope-to: dave@doctor.nl2k.ab.ca Delivery-date: Thu, 05 Feb 2026 22:37:00 -0700 Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD)) (envelope-from ) id 1voEWZ-00000000LRH-3Zt3 for dave@doctor.nl2k.ab.ca; Thu, 05 Feb 2026 22:36:59 -0700 Resent-From: The Doctor Resent-Date: Thu, 5 Feb 2026 22:36:59 -0700 Resent-Message-ID: Resent-To: Dave Yadallee Received: from ip-208-97-147-218.dreamhost.com ([208.97.147.218]:58478 helo=vps68630.dreamhostps.com) by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.98.2 (FreeBSD)) (envelope-from ) id 1voBf5-00000000D7q-32tK for doctor@doctor.nl2k.ab.ca; Thu, 05 Feb 2026 19:33:38 -0700 Received: by vps68630.dreamhostps.com (Postfix, from userid 6910629) id 4f6dQp46VDz2Qt1R6l; Thu, 5 Feb 2026 18:32:18 -0800 (PST) To: doctor@doctor.nl2k.ab.ca Subject: Action Required: Outstanding Balance on Your 407 ETR Account X-PHP-Originating-Script: 6910629:header.php From: 407 ETR Reply-To: dh_ybnah4@vps68630.dreamhostps.com MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Message-Id: <4f6dQp46VDz2Qt1R6l@vps68630.dreamhostps.com> Date: Thu, 5 Feb 2026 18:32:18 -0800 (PST) X-Spam_score: 20.7 X-Spam_score_int: 207 X-Spam_bar: ++++++++++++++++++++ X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Outstanding Balance on Your 407 ETR Account We are writing to inform you that there is an outstanding balance of $9.95 CAD on your 407 ETR account. To avoid any late fees and ensure your account remains in good standing, we kindly request that [...] Content analysis details: (20.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] [208.97.147.218 listed in will-spam-for-food.eu.org] 1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org [208.97.147.218 listed in dnsbl.ahbl.org] [208.97.147.218 listed in dnsbl.ahbl.org] [208.97.147.218 listed in dnsbl.ahbl.org] [208.97.147.218 listed in dnsbl.ahbl.org] 0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org [208.97.147.218 listed in dnsbl.ahbl.org] 0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org [208.97.147.218 listed in dnsbl.ahbl.org] 1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org [208.97.147.218 listed in dnsbl.ahbl.org] 0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org [208.97.147.218 listed in dnsbl.ahbl.org] 2.3 MANGLED_ACCNT BODY: mangled account(s) 2.3 MANGLED_SAVELE BODY: mangled save sale 2.3 MANGLED_TIME BODY: mangled time 2.3 MANGLED_YOUR BODY: mangled your 2.3 MANGLED_FROM BODY: mangled from 2.3 MANGLED_MEN BODY: mangled men 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS Subject: {SPAM?} Action Required: Outstanding Balance on Your 407 ETR Account /InformAction"> emtype=3D"http://schema.org/EmailMessage"> ntent=3D"Judy Yung: Processing finished for Hey Order"/> op=3D"object" itemscope itemtype=3D"http://schema.org/Event"> =3D"eventStatus" content=3D"http://schema.org/EventScheduled"/> op=3D"publisher" itemscope itemtype=3D"http://schema.org/Organization"> a itemprop=3D"name" content=3D"Google Calendar"/> ventId/googleCalendar" content=3D"mn2pVFQ9wz3DmjtR3LjFrP4d9E"/> =3D"display: none; font-size: 1px; color: #fff; line-height: 1px; height: 0= ; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidden;" ite= mprop=3D"name">Processing finished for Hey Order "true"> ime itemprop=3D"endDate" datetime=3D"20260206T083850Z"> border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" ali= gn=3D"center" style=3D"width:100%;" class=3D"body-container">

ation" align=3D"center" style=3D"width:100%;" class=3D"">

le=3D"" class=3D"" align=3D"left"> .org/EmailMessage"> Processing finished for Hey = Order

=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" style=3D"wi=

dth:100%;" class=3D"">

rder-radius: 8px; direction: rtl; font-size: 0; padding: 24px 32px; text-al= ign: left; vertical-align: top;" class=3D"main-container-inner"> ign: left; direction: ltr; display: inline-block; vertical-align: top; widt= h: 100%;overflow: hidden; word-wrap: break-word;"> adding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%" class= =3D"main-column-table-ltr" style=3D"padding-right: 32px; padding-left: 0;;t= able-layout: fixed;"> ng:0; vertical-align:top;"> g=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-layout: fixed;"= > reak-word;;padding-bottom:2px;"> ', Roboto, sans-serif;font-weight: 400; font-size: 22px; line-height: 2= 8px;color: #3c4043; text-decoration: none;" class=3D"primary-text" role=3D"= presentation">Processing finished for Hey Order an> eft; word-break: break-word;;padding-bottom:24px;"> y: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px= ; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration:= none;" class=3D"primary-text" role=3D"presentation"> rue"> e itemprop=3D"endDate" datetime=3D"20260206T083850Z">Fr= iday Feb 6, 2026 =E2=8B=85 3:38am (Eastern Time - New York) d> eak: break-word;;padding-bottom:24px;"> ans-serif;font-style: normal; font-weight: 400; font-size: 14px; line-heigh= t: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;" clas= s=3D"primary-text" role=3D"presentation"> Windows ThreatGuard<= /p> Friday, 06 February 2026 Order receipt: 6035-XADW-RKB Support L= ine: 1-(865) 209-0967 Hey, Y= our account is enrolled in auto-renewal. A payment of USD372.99 for your Pr= emium Protection Membership will be deducted within 24 hours. >Transaction Snapshot View Item Name: Complete Care Plan = Duration: 2 Years Charged Amount: USD 372.99 Kindly avoid replying= to this email. For support, reach us at 1-(865) 209-0967= . Greatly appreciated, Joyce Duckett 200 Scotney Glen Cir Torra= nce Ca 90502-2047 Usa Copyright =C2=A92026 Company, All rights reserv= ed. tGuardFriday, 06 February 2026Order receipt: 6035-XADW-RKBSupport Line: 1-(= 865) 209-0967Hey,Your account is enrolled in auto-renewal. A payment of US= D372.99 for your Premium Protection Membership will be deducted within 24 h= ours.Transaction Snapshot ViewItem Name: Complete CarePlan Duration: 2 Year= sCharged Amount: USD 372.99Kindly avoid replying to this email. For support= , reach us at 1-(865) 209-0967.Greatly appreciated,Joyce Duckett200 Scotne= y Glen Cir Torrance Ca 90502-2047 UsaCopyright =C2=A92026 Company, All righ= ts reserved."/> ext-align: left; word-break: break-word;;padding-bottom:24px;"> =3D"font-family: Roboto, sans-serif;font-style: normal; font-weight: 400; f= ont-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; te= xt-decoration: none;" class=3D"primary-text" role=3D"presentation"> order=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style= =3D"padding-bottom: 4px;"> able>(Guest list has been hidden at organizer's request) able> size: 14px;color: #3c4043; text-decoration: none;font-weight: 700;-webkit-f= ont-smoothing: antialiased;margin: 0; padding: 0;">Guests dy> --00000000000020c147064a18d33a-- Antimalware phishing from Google Gmail Part 2 Posted by Dave Yadallee on Friday, February 6. 2026 body { margin: 0; padding: 0; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; } #outlook a { padding: 0; } .ReadMsgBody { width: 100%; } .ExternalClass { width: 100%; } .ExternalClass * { line-height: 100%; } table, td { mso-table-lspace: 0pt; mso-table-rspace: 0pt; } img { border: 0; height: auto; line-height: 100%; outline: none; text-decoration: none; -ms-interpolation-mode: bicubic; } p { display: block; margin: 13px 0; } Antimalware phishing from Google Gmail Part 3 Posted by Dave Yadallee on Friday, February 6. 2026 =20 =20 =20 =20 Antimalware phishing from Google Gmail Part 1 Posted by Dave Yadallee on Friday, February 6. 2026 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-path: Envelope-to: dave@doctor.nl2k.ab.ca Delivery-date: Thu, 05 Feb 2026 13:46:00 -0700 Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD)) (envelope-from ) id 1vo6EM-00000000DBq-2c6R for dave@doctor.nl2k.ab.ca; Thu, 05 Feb 2026 13:45:38 -0700 Resent-From: The Doctor Resent-Date: Thu, 5 Feb 2026 13:45:38 -0700 Resent-Message-ID: Resent-To: Dave Yadallee Received: from mail-oa1-f74.google.com ([209.85.160.74]:50247) by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.98.2 (FreeBSD)) (envelope-from ) id 1vo5Cl-00000000AEx-0cAm for doctor@nl2k.ab.ca; Thu, 05 Feb 2026 12:40:04 -0700 Received: by mail-oa1-f74.google.com with SMTP id 586e51a60fabf-4046864f5e7so3020806fac.0 for ; Thu, 05 Feb 2026 11:39:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1770320342; x=1770925142; darn=nl2k.ab.ca; h=from:subject:date:message-id:sender:reply-to:mime-version:from:to :cc:subject:date:message-id:reply-to; bh=yLMtIuvqHmWsPvYvraLpYJUnbcXuhi2PaRF6WjirlzU=; b=SWWNXu7ZChvVJsRw7PTYu7HUQonMti9FaKfbbUn2GLbvgIACGh/M0zu2HFiuC/LeIr YCLLKa/j5yJPv1TuNVGdQq1DzmxHzhTpV7ysAO+viS022RsRla29dzQYnQvCTlEoShoN rKdWOdBVbO+QzJyhCuTVJeVsewq3pKaFz2oy8er5G4SeGadYvo8OAtdDOYPFLT/aWp5V qTlmfCAlqdM4uIcp0Ow4NINdOjHHV7EeMjtRxT5JCQfQxtLVCBHObl4cEUw0y6PFwEhu UpI+ZkOPXfFXdogqsyioG8aV/43yzshFWnOYEJnXh1wbi79P6IuG3Xp/Mw83/GT1sP1X 5AMw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=primeto-org.20230601.gappssmtp.com; s=20230601; t=1770320342; x=1770925142; darn=nl2k.ab.ca; h=from:subject:date:message-id:sender:reply-to:mime-version:from:to :cc:subject:date:message-id:reply-to; bh=yLMtIuvqHmWsPvYvraLpYJUnbcXuhi2PaRF6WjirlzU=; b=ck4GRWmc9pTtFQSBPi+geaRa61ftaSixm9T0nnOqX5+ei8NCgpywFKe+McsGmV/MTL HXnkVkea6JE3aN92a6q2yoxcNcsUk36HRTtHrAMuTPKIb/VFA4kCOABdq2ylq8WuCxv8 h1LwZuqVwyQuuKeINgI3rk6Y51cSPj/TjOyJTMFW5by6Q2loET4WZmpYnGr/Pj9YEBXr zt0LcC0WkIOkOFLIB67oIRd0ex1sQtvNkJ6sevu5ZTWK0HJegj7O3xNGm13rtxpqLd6a VOKP4blMvx3QpdGfMqGXdyfrSmT+rFKdSok34VUKP5J6u4QEKj+kW+QAEiZMjanmInZP 3Jwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770320342; x=1770925142; h=from:subject:date:message-id:sender:reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yLMtIuvqHmWsPvYvraLpYJUnbcXuhi2PaRF6WjirlzU=; b=JVEMza+fnq7wuL/PtmU1rwn9l1eSp+1xFv3OWgTCar5oz3y4vmOeM1RC4BQsvoe1rs M/Uao2iv7uNGWjY9J4BaPIo26yuMC7P/7Di5rxU0oNs9LsVyJLk3WErM3+9U29gxHfiu 84vQjHmLK9Y+Q2oD8IgIU+bfJurdHoln/a4rl9L0juJNjo6yBY0SeXHgrb/pEPXLsSAg 3yU3zYx+3CuBgOMTPYuJjtdZsmWkhAwAgKW9Tzy8DOqL0L+1chDcEkWFilRNkBjz3nau qMyf7Qw2+uiU4joJPSBQrHU8YcLQ3puL6g8Zjef4ibXfHFNv+xrswcUDyO2wPg2VN4CN 7maA== X-Forwarded-Encrypted: i=1; AJvYcCV/cXC5GwPXYTMFS+ES3+7Gm1KWgwbo2Go+gHI7SRSOH/1HuxkPXIOl06sD6tM5pFqEy+/EPDk=@nl2k.ab.ca X-Gm-Message-State: AOJu0Yy2GCwGEhiUmGQJV+bDWTPCw7OwvRU4CKh0jdtw2K403aU12ZR3 g9C2Gj5Qk0xoMYvQZhGG+7KldwB3DAq/W0fzQuaAXoMs4fbV3ScQnY+gbkbXZ0nwYm0ziCSbmYJ I52qeYHjUu5LRWod9cAWHvsNf58aY2VhS3P2YAX66+cs56w== MIME-Version: 1.0 X-Received: by 2002:a05:6820:151e:b0:65d:d0b:fd3b with SMTP id 006d021491bc7-66d09ac31b7mt227888eaf.15.1770320341824; Thu, 05 Feb 2026 11:39:01 -0800 (PST) Reply-To: Judy Yung Sender: Google Calendar Message-ID: Date: Thu, 05 Feb 2026 19:39:02 +0000 Subject: Processing finished for Hey Order From: Judy Yung Content-Type: multipart/alternative; boundary="00000000000020c147064a18d33a" X-Spam_score: 13.2 X-Spam_score_int: 132 X-Spam_bar: +++++++++++++ X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Processing finished for Hey Order Processing finished for Hey Order Friday Feb 6, 2026 â‹… 3:38am Eastern Time - New York Windows ThreatGuardFriday, 06 February 2026Order receipt: 6035-XADW-RKBSupport Line: 1-(865) 209-0967Hey,Your account is enrolled in auto-renewal. A payment of USD372.99 for your Premium Protection Me [...] Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] [209.85.160.74 listed in will-spam-for-food.eu.org] 1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org [209.85.160.74 listed in dnsbl.ahbl.org] [209.85.160.74 listed in dnsbl.ahbl.org] [209.85.160.74 listed in dnsbl.ahbl.org] [209.85.160.74 listed in dnsbl.ahbl.org] 0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org [209.85.160.74 listed in dnsbl.ahbl.org] 0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org [209.85.160.74 listed in dnsbl.ahbl.org] 0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org [209.85.160.74 listed in dnsbl.ahbl.org] 1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org [209.85.160.74 listed in dnsbl.ahbl.org] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.160.74 listed in list.dnswl.org] 1.2 MISSING_HEADERS Missing To: header -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.160.74 listed in wl.mailspike.net] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge 2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.9 REPLYTO_WITHOUT_TO_CC No description available. 3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison? Subject: {SPAM?} Processing finished for Hey Order --00000000000020c147064a18d33a Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes Content-Transfer-Encoding: base64 UHJvY2Vzc2luZyBmaW5pc2hlZCBmb3IgSGV5IE9yZGVyDQoNClByb2Nlc3NpbmcgZmluaXNoZWQg Zm9yIEhleSBPcmRlcg0KRnJpZGF5IEZlYiA2LCAyMDI2IOKLhSAzOjM4YW0NCkVhc3Rlcm4gVGlt ZSAtIE5ldyBZb3JrDQoNCg0KDQpXaW5kb3dzIFRocmVhdEd1YXJkRnJpZGF5LCAwNiBGZWJydWFy eSAyMDI2T3JkZXIgcmVjZWlwdDogIA0KNjAzNS1YQURXLVJLQlN1cHBvcnQgTGluZTogMS0oODY1 KSAgMjA5LTA5NjdIZXksWW91ciBhY2NvdW50IGlzIGVucm9sbGVkIGluICANCmF1dG8tcmVuZXdh bC4gQSBwYXltZW50IG9mIFVTRDM3Mi45OSBmb3IgeW91ciBQcmVtaXVtIFByb3RlY3Rpb24gTWVt YmVyc2hpcCAgDQp3aWxsIGJlIGRlZHVjdGVkIHdpdGhpbiAyNCBob3Vycy5UcmFuc2FjdGlvbiBT bmFwc2hvdCBWaWV3SXRlbSBOYW1lOiAgDQpDb21wbGV0ZSBDYXJlUGxhbiBEdXJhdGlvbjogMiBZ ZWFyc0NoYXJnZWQgQW1vdW50OiBVU0QgMzcyLjk5S2luZGx5IGF2b2lkICANCnJlcGx5aW5nIHRv IHRoaXMgZW1haWwuIEZvciBzdXBwb3J0LCByZWFjaCB1cyBhdCAxLSg4NjUpICAyMDktMDk2Ny5H cmVhdGx5ICANCmFwcHJlY2lhdGVkLEpveWNlIER1Y2tldHQyMDAgU2NvdG5leSBHbGVuIENpciBU b3JyYW5jZSBDYSA5MDUwMi0yMDQ3ICANClVzYUNvcHlyaWdodCDCqTIwMjYgQ29tcGFueSwgQWxs IHJpZ2h0cyByZXNlcnZlZC4NCg0KT3JnYW5pemVyDQpKdWR5IFl1bmcNCnNhbGhhbGZqbTQwQHBy aW1ldG8ub3JnDQoNCkd1ZXN0cw0KKEd1ZXN0IGxpc3QgaGFzIGJlZW4gaGlkZGVuIGF0IG9yZ2Fu aXplcidzIHJlcXVlc3QpDQoNCg== --00000000000020c147064a18d33a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi= ce"> t=3D"text/html; charset=3DUTF-8"> =3Ddevice-width,initial-scale=3D1"> ight dark">