|
Open Sans';color:#000000;font-size:11px;line-height:15px;padding-right:4px">
Stay connected
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 06 Jan 2026 07:49:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from )
id 1vd8Ly-00000000M1A-3eqV
for dave@doctor.nl2k.ab.ca;
Tue, 06 Jan 2026 07:48:10 -0700
Resent-From: The Doctor
Resent-Date: Tue, 6 Jan 2026 07:48:10 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [213.21.253.28] (port=60572 helo=mail.wlztqq.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
(envelope-from )
id 1vd81a-00000000NLX-1NFJ
for webmaster@nk.ca;
Tue, 06 Jan 2026 07:27:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; d=wlztqq.com; s=dkim; c=relaxed/relaxed;
bh=6+wkwLL5CrTF2VTCWHKmIZoIdycP/7Eb5xyTvHQftvw=;
h=from:to:subject:date:message-id:sender; t=1767709573;
b=n0RpBkLkYksbvcnJX4Jwcd38zmBQSBzEmjGZ0ilEPs1znt7Fpjq1g8wPyGK3fwndWRA8+cuYa
TC53sdN0QpPhQQr13wuF/lCD8vF7/+gguXqPc0QSpmr09BmaVAG5UWNPe/RZLErRZvTvYlsVBPH
XOhTrF5C6fp2aDZMQg/tdSumMbCaaDxm0Lz8BftYlc0y7eCb2rPWPQJzHXcETtlFW2fryKYbucf
ZtPVhI2BEeCI1xUGzcI5dW0zhDnfV9lc+bz6sbMFPpjKoB0KuohT4aSjKl4HOOx/QjEdz5aWBPo
ogbYGvmtlwsSqiKI22idBzmVX5YslW6W2ctQqMF92m1A==;
From: National Bank Direct Brokerage
To: webmaster@nk.ca
Subject: Required Renewal of W-8BEN =?utf-8?b?4oCT?= Updated Validity Through
2026
Date: Tue, 06 Jan 2026 14:26:13 +0000
List-Unsubscribe:
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Mailer: Apple Mail (2.3445.9.1)
Message-ID: <176770957304.11106.8695466610173419510@127.0.0.1>
Content-Type: multipart/alternative;
boundary="===============7149761682133803277=="
X-Spam_score: 24.9
X-Spam_score_int: 249
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Required Renewal of W-8BEN – Updated Validity Through 2026
MESSAGE CONFIRMATION Required Renewal of W-8BEN – Updated Validity Through
2026
Content analysis details: (24.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[213.21.253.28 listed in dnsbl.ahbl.org]
[213.21.253.28 listed in dnsbl.ahbl.org]
[213.21.253.28 listed in dnsbl.ahbl.org]
[213.21.253.28 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[213.21.253.28 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[213.21.253.28 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[213.21.253.28 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[213.21.253.28 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
[213.21.253.28 listed in will-spam-for-food.eu.org]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: wlztqq.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: wlztqq.com]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: wlztqq.com]
[URI: bnc-nbdb-sevuip.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.5 MR_STRANGE_QUESTION URI: No description available.
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.0 IMPRO_URI_2 No description available.
1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 VOWEL_FROM_6 Impronouncable from header (6 consecutive vowels)
1.8 COMBO_IMAGEONLY1 Appears to be an image only message
Subject: {SPAM?} Required Renewal of W-8BEN =?utf-8?b?4oCT?= Updated Validity Through
2026
--===============7149761682133803277==
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Required Renewal of W-8BEN =E2=80=93 Updated Validity Through 2026</ti=<br /><br />
tle><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=<br /><br />
=3D"center"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td width=3D"600" style=3D"padding-bottom:45px;font-family:Arial,sans-serif,'=<br /><br />
Open Sans';color:#666666;font-size:11px;line-height:12px" align=3D"left" vali=<br /><br />
gn=3D"top"><br /><br />
<a href=3D"https://bnc-nbdb-sevuip.com?token=3DjXyNCaTxpn2Jcj91wCen" style=3D=<br /><br />
"color:#666666;text-decoration:underline" target=3D"_blank"><img src=3D"https=<br /><br />
://www.bnc.ca/content/dam/bnc/formulaires/picto/NB_2D_RGB.jpg" alt=3D"Button =<br /><br />
to the BNC website" width=3D"217" border=3D"0" style=3D"display:block"><br /><br />
</a></td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#ececec"><br /><br />
<tbody><br /><br />
<br /><br />
<br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><br /><br />
<br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table>
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14757-National-Bank-of-Canada-Phish-Part-1.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14757.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14757"
dc:title="National Bank of Canada Phish Part 1"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14757-National-Bank-of-Canada-Phish-Part-1.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14756-Health-products-phish-from-Google-Gmail.html">Health products phish from Google Gmail</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T23:28:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
X-Mozilla-Status: 0001<br /><br />
X-Mozilla-Status2: 00000000<br /><br />
Return-path: <doctor@doctor.nl2k.ab.ca><br /><br />
Envelope-to: dave@doctor.nl2k.ab.ca<br /><br />
Delivery-date: Tue, 06 Jan 2026 07:49:00 -0700<br /><br />
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br />
id 1vd8Lq-00000000LiT-1fW4<br /><br />
for dave@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:48:02 -0700<br /><br />
Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br />
Resent-Date: Tue, 6 Jan 2026 07:48:02 -0700<br /><br />
Resent-Message-ID: <aV0gotiyine3FrM_@doctor.nl2k.ab.ca><br /><br />
Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br />
Received: from 75.242.204.35.bc.googleusercontent.com ([35.204.242.75]:36184 helo=freenet-mobilfunk.de)<br /><br />
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <arend_janspeijer97@freenet-mobilfunk.de>)<br /><br />
id 1vd7te-00000000MxO-268p<br /><br />
for doctor@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:19:02 -0700<br /><br />
Received: by freenet-mobilfunk.de (Postfix, from userid 1000)<br /><br />
id 007C8369BD5; Tue, 6 Jan 2026 14:18:07 +0000 (UTC)<br /><br />
To: doctor@doctor.nl2k.ab.ca<br /><br />
From: "=?UTF-8?B?UGVyZm9ybWFuY2UgRW5oYW5jZXI=?=" <noreply@micropayment.de><br /><br />
Subject: =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
MIME-Version: 1.0<br /><br />
Content-Type: text/html; charset="UTF-8"<br /><br />
Content-Transfer-Encoding: base64<br /><br />
List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br />
Message-Id: <20260106141808.007C8369BD5@freenet-mobilfunk.de><br /><br />
Date: Tue, 6 Jan 2026 14:18:07 +0000 (UTC)<br /><br />
X-Spam_score: 12.4<br /><br />
X-Spam_score_int: 124<br /><br />
X-Spam_bar: ++++++++++++<br /><br />
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",<br /><br />
has identified this incoming email as possible spam. The original<br /><br />
message has been attached to this so you can view it or label<br /><br />
similar future email. If you have any questions, see<br /><br />
@@CONTACT_ADDRESS@@ for details.<br /><br />
<br /><br />
Content preview: StratosBoost — Offer Unleash Your True Potential 🚀 <br /><br />
<br /><br />
Content analysis details: (12.4 points, 5.0 required)<br /><br />
<br /><br />
pts rule name description<br /><br />
---- ---------------------- --------------------------------------------------<br /><br />
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)<br /><br />
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)<br /><br />
0.0 TVD_RCVD_IP Message was received from an IP address<br /><br />
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in<br /><br />
headers<br /><br />
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail<br /><br />
domains are different<br /><br />
0.3 SPECIAL_OFFER BODY: Special Offer<br /><br />
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge<br /><br />
0.0 HTML_MESSAGE BODY: HTML included in message<br /><br />
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br /><br />
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam<br /><br />
0.4 RDNS_DYNAMIC Delivered to internal network by host with<br /><br />
dynamic-looking rDNS<br /><br />
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily<br /><br />
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS<br /><br />
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid<br /><br />
URIBL<br /><br />
Subject: {SPAM?} =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
<br /><br />
PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CjxtZXRhIGNoYXJzZXQ9InV0<br /><br />
Zi04IiAvPgo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRo<br /><br />
LGluaXRpYWwtc2NhbGU9MSIgLz4KPHRpdGxlPlN0cmF0b3NCb29zdCDigJQgT2ZmZXI8L3RpdGxl<br /><br />
Pgo8c3R5bGU+CiAgLyogQmFzaWMgcmVzZXQgKi8KICBodG1sLGJvZHl7aGVpZ2h0OjEwMCU7bWFy<br /><br />
Z2luOjA7Zm9udC1mYW1pbHk6QXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjtiYWNrZ3JvdW5k<br /><br />
OiNmZmY7Y29sb3I6IzIyMjstd2Via2l0LWZvbnQtc21vb3RoaW5nOmFudGlhbGlhc2VkfQogIC5j<br /><br />
b250YWluZXJ7bWF4LXdpZHRoOjY4MHB4O21hcmdpbjoyOHB4IGF1dG87cGFkZGluZzoyNHB4O2Jv<br /><br />
cmRlci1yYWRpdXM6OHB4O2JveC1zaGFkb3c6MCAxMHB4IDMwcHggcmdiYSgxMiwyMCwzMCwuMDYp<br /><br />
O30KICAuaGVyby1pbWd7d2lkdGg6MTAwJTtoZWlnaHQ6YXV0bztib3JkZXItcmFkaXVzOjZweDtk<br /><br />
aXNwbGF5OmJsb2NrO29iamVjdC1maXQ6Y292ZXJ9CiAgLmNvbnRlbnR7cGFkZGluZzoyMnB4IDZw<br /><br />
eH0KICBoMXtmb250LXNpemU6MjRweDttYXJnaW46NnB4IDAgOHB4O3RleHQtYWxpZ246Y2VudGVy<br /><br />
O2NvbG9yOiMxMTF9CiAgLmxlYWR7Zm9udC1zaXplOjE1cHg7Y29sb3I6IzY2NjtsaW5lLWhlaWdo<br /><br />
dDoxLjU1O3RleHQtYWxpZ246Y2VudGVyO21hcmdpbjowIDAgMThweH0KICAuY3RhLXdyYXB7dGV4<br /><br />
dC1hbGlnbjpjZW50ZXI7bWFyZ2luOjE4cHggMH0KICAuYnRuewogICAgZGlzcGxheTppbmxpbmUt<br /><br />
YmxvY2s7CiAgICBiYWNrZ3JvdW5kOiNlNzRiNTQ7CiAgICBjb2xvcjojZmZmOwogICAgcGFkZGlu<br /><br />
ZzoxMnB4IDIwcHg7CiAgICBib3JkZXItcmFkaXVzOjhweDsKICAgIHRleHQtZGVjb3JhdGlvbjpu<br /><br />
b25lOwogICAgZm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDhweCAyMHB4IHJnYmEo<br /><br />
MjMxLDc1LDg0LC4xOCk7CiAgfQoKICAvKiBGZWF0dXJlcyBncmlkICovCiAgLmZlYXR1cmVze2Rp<br /><br />
c3BsYXk6ZmxleDtmbGV4LXdyYXA6d3JhcDtnYXA6MTJweDttYXJnaW4tdG9wOjE4cHg7anVzdGlm<br /><br />
eS1jb250ZW50OmNlbnRlcn0KICAuZmVhdHt3aWR0aDo0OCU7bWluLXdpZHRoOjIwMHB4O2Rpc3Bs<br /><br />
YXk6ZmxleDthbGlnbi1pdGVtczpmbGV4LXN0YXJ0O2dhcDoxMHB4O2NvbG9yOiMzMzN9CiAgLmNo<br /><br />
ZWNrewogICAgd2lkdGg6MThweDtoZWlnaHQ6MThweDtib3JkZXItcmFkaXVzOjRweDtmbGV4OjAg<br /><br />
MCAxOHB4O2JhY2tncm91bmQ6IzFiYmY0YTtjb2xvcjojZmZmO2Rpc3BsYXk6aW5saW5lLWZsZXg7<br /><br />
YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50ZXI7Zm9udC1zaXplOjEzcHg7<br /><br />
Zm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDRweCAxMHB4IHJnYmEoMjcsMTkxLDc0<br /><br />
LC4xMikKICB9CiAgLmZlYXQgcHttYXJnaW46MDtmb250LXNpemU6MTRweDtsaW5lLWhlaWdodDox<br /><br />
LjR9CgogIC8qIEhpZ2hsaWdodCBib3ggKi8KICAucGlsbHsKICAgIG1hcmdpbjoxOHB4IGF1dG8g<br /><br />
NHB4OwogICAgbWF4LXdpZHRoOjUyMHB4OwogICAgYmFja2dyb3VuZDojZmZmNGM5OwogICAgY29s<br /><br />
b3I6IzZiNGYwMDsKICAgIHBhZGRpbmc6MTJweCAxNHB4OwogICAgYm9yZGVyLXJhZGl1czo4cHg7<br /><br />
CiAgICBib3gtc2hhZG93OjAgNnB4IDE4cHggcmdiYSgyMzUsMTg4LDYyLC4xMik7CiAgICBkaXNw<br /><br />
bGF5OmZsZXg7Z2FwOjEwcHg7YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50<br /><br />
ZXI7Zm9udC13ZWlnaHQ6NjAwCiAgfQoKICAvKiBmb290ZXIgKi8KICAuZm9vdGVye2ZvbnQtc2l6<br /><br />
ZToxMnB4O2NvbG9yOiM5OTk7dGV4dC1hbGlnbjpjZW50ZXI7bWFyZ2luLXRvcDoxOHB4fQogIC51<br /><br />
bnN1YnNjcmliZXtjb2xvcjojN2I3YjdiO3RleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmV9CgogIC8q<br /><br />
IHNtYWxsIHNjcmVlbnMgKi8KICBAbWVkaWEgKG1heC13aWR0aDo1MjBweCl7CiAgICAuZmVhdHt3<br /><br />
aWR0aDoxMDAlfQogICAgaDF7Zm9udC1zaXplOjIwcHh9CiAgICAuYnRue3dpZHRoOjEwMCU7Ym94<br /><br />
LXNpemluZzpib3JkZXItYm94O3BhZGRpbmc6MTJweCAxNnB4fQogIH0KPC9zdHlsZT4KPC9oZWFk<br /><br />
Pgo8Ym9keT4KICA8ZGl2IGNsYXNzPSJjb250YWluZXIiIHJvbGU9Im1haW4iIGFyaWEtbGFiZWw9<br /><br />
IlN0cmF0b3NCb29zdCBvZmZlciI+CiAgICA8IS0tIEhlcm8gaW1hZ2UgLS0+CiAgICA8IS0tIFJl<br /><br />
Y29tbWVuZGVkOiBzYXZlIHRoZSB1cGxvYWRlZCBmaWxlIGFzIHN0cmF0b3Nib29zdC5wbmcgYW5k<br /><br />
IHVzZSB0aGF0IGZpbGVuYW1lIC0tPgogICAgPGltZyBjbGFzcz0iaGVyby1pbWciIHNyYz0iaHR0<br /><br />
cHM6Ly9pLmd5YXpvLmNvbS80NzhkNGViNmZmNmIyZDVjMmExMGFjMWU5NjBkNzM3Yi5wbmciIGFs<br /><br />
dD0iU3RyYXRvc0Jvb3N0IHByb2R1Y3QgKyBjb3VwbGUiIC8+CiAgICA8IS0tIElmIHlvdSBwcmVm<br /><br />
ZXIgdG8gdXNlIHRoZSBvcmlnaW5hbCB1cGxvYWRlZCBwYXRoLCBjb21tZW50IHRoZSBwcmV2aW91<br /><br />
cyBsaW5lIGFuZCB1bmNvbW1lbnQgYmVsb3c6CiAgICA8aW1nIGNsYXNzPSJoZXJvLWltZyIgc3Jj<br /><br />
PSIvbW50L2RhdGEvU2NyZWVuc2hvdCAyMDI1LTExLTE0IGF0IDE3LTQwLTU3IEJvb3N0IFlvdXIg<br /><br />
UGVyZm9ybWFuY2Ugd2l0aCBTdHJhdG9zQm9vc3QucG5nIiBhbHQ9IlN0cmF0b3NCb29zdCBwcm9k<br /><br />
dWN0ICsgY291cGxlIiAvPgogICAgLS0+CgogICAgPGRpdiBjbGFzcz0iY29udGVudCI+CiAgICAg<br /><br />
IDxoMT5VbmxlYXNoIFlvdXIgVHJ1ZSBQb3RlbnRpYWwg8J+agDwvaDE+CgogICAgICA8cCBjbGFz<br /><br />
cz0ibGVhZCI+CiAgICAgICAgU3RyYXRvc0Jvb3N0IGlzIGRlc2lnbmVkIHRvIGZ1ZWwgeW91ciBl<br /><br />
bmVyZ3ksIHNoYXJwZW4geW91ciBmb2N1cywgYW5kIGVuaGFuY2UgcGVyZm9ybWFuY2UuCiAgICAg<br /><br />
ICAgQmFja2VkIGJ5IHNjaWVuY2UsIHRydXN0ZWQgYnkgcHJvZmVzc2lvbmFscywgYW5kIG5vdyBh<br /><br />
dmFpbGFibGUgd2l0aCBhIDxzdHJvbmc+c3BlY2lhbCBvbmxpbmUgb2ZmZXI8L3N0cm9uZz4uCiAg<br /><br />
ICAgIDwvcD4KCiAgICAgIDxkaXYgY2xhc3M9ImN0YS13cmFwIj4KICAgICAgICA8IS0tIFJlcGxh<br /><br />
Y2UgIyB3aXRoIHlvdXIgbGFuZGluZyBVUkwgLS0+CiAgICAgICAgPGEgY2xhc3M9ImJ0biIgaHJl<br /><br />
Zj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2JhbDAyZnZ4bnM2NGtqbjU4YjE2ZmR2<br /><br />
eHM3OGtqL3N0cmFvc2JtaXRsc29rb2x6N2RpNTRkc2N4a203Z2JmLmh0bWwiIHJvbGU9ImJ1dHRv<br /><br />
biI+Q2xhaW0gWW91ciBTdHJhdG9zQm9vc3QgTm93PC9hPgogICAgICA8L2Rpdj4KCiAgICAgIDxk<br /><br />
aXYgY2xhc3M9ImZlYXR1cmVzIiBhcmlhLWhpZGRlbj0iZmFsc2UiIHJvbGU9Imxpc3QiPgogICAg<br /><br />
ICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xh<br /><br />
c3M9ImNoZWNrIj7inJM8L2Rpdj4KICAgICAgICAgIDxwPkZhc3QtYWN0aW5nIG5hdHVyYWwgZm9y<br /><br />
bXVsYTwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0i<br /><br />
bGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAg<br /><br />
ICAgPHA+QmFja2VkIGJ5IGV4cGVydHM8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYg<br /><br />
Y2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNr<br /><br />
Ij7inJM8L2Rpdj4KICAgICAgICAgIDxwPkVuZXJneSAmIHN0YW1pbmEgc3VwcG9ydDwvcD4KICAg<br /><br />
ICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgog<br /><br />
ICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+RWFzeSBk<br /><br />
YWlseSB1c2U8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJv<br /><br />
bGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNrIj7inJM8L2Rpdj4KICAg<br /><br />
ICAgICAgIDxwPk1lbnRhbCBmb2N1cyBib29zdDwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAg<br /><br />
PGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0i<br /><br />
Y2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+MTAwJSBzYXRpc2ZhY3Rpb24gZ3VhcmFudGVl<br /><br />
PC9wPgogICAgICAgIDwvZGl2PgogICAgICA8L2Rpdj4KCiAgICAgIDxkaXYgY2xhc3M9InBpbGwi<br /><br />
IHJvbGU9InN0YXR1cyIgYXJpYS1saXZlPSJwb2xpdGUiPgogICAgICAgIOKaoSBMaW1pdGVkIHN0<br /><br />
b2NrIGF2YWlsYWJsZSDigJQgb3JkZXIgdG9kYXkgYmVmb3JlIGl0J3MgZ29uZSEKICAgICAgPC9k<br /><br />
aXY+CgogICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgIDxwIHN0eWxlPSJtYXJnaW46<br /><br />
NnB4IDAgMCI+WW91IHJlY2VpdmVkIHRoaXMgZW1haWwgYmVjYXVzZSB5b3Ugc3Vic2NyaWJlZCB0<br /><br />
byBTdHJhdG9zQm9vc3Qgb2ZmZXJzLjwvcD4KICAgICAgICA8cCBzdHlsZT0ibWFyZ2luOjZweCAw<br /><br />
IDAiPjxhIGNsYXNzPSJ1bnN1YnNjcmliZSIgaHJlZj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFw<br /><br />
aXMuY29tL2ZhdGttbnMtNjJrbW5mZy1mdjZzbmM4LWptZG5zZXQvc3RyYW9zYm1pdGxzb2tvbHo3<br /><br />
ZGk1NGRzY3hrbTdnYmYuaHRtbCIgdGl0bGU9IlVuc3Vic2NyaWJlIGxpbmsiPlVuc3Vic2NyaWJl<br /><br />
PC9hPjwvcD4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICA8L2Rpdj4KPC9ib2R5Pgo8L2h0bWw+<br /><br />
<br /><br />
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/14-Google-Gmail-Spam">Google Gmail Spam</a>, <a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14756-Health-products-phish-from-Google-Gmail.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14756.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14756"
dc:title="Health products phish from Google Gmail"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14756-Health-products-phish-from-Google-Gmail.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14755-Health-products-phish-from-Google-Gmail.html">Health products phish from Google Gmail</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T23:23:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
X-Mozilla-Status: 0001<br /><br />
X-Mozilla-Status2: 00000000<br /><br />
Return-path: <doctor@doctor.nl2k.ab.ca><br /><br />
Envelope-to: dave@doctor.nl2k.ab.ca<br /><br />
Delivery-date: Tue, 06 Jan 2026 07:48:00 -0700<br /><br />
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br />
id 1vd8Le-00000000Kti-2Swk<br /><br />
for dave@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:47:50 -0700<br /><br />
Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br />
Resent-Date: Tue, 6 Jan 2026 07:47:50 -0700<br /><br />
Resent-Message-ID: <aV0glsTsyS45uF42@doctor.nl2k.ab.ca><br /><br />
Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br />
Received: from 75.242.204.35.bc.googleusercontent.com ([35.204.242.75]:58428 helo=freenet-mobilfunk.de)<br /><br />
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <arend_janspeijer97@freenet-mobilfunk.de>)<br /><br />
id 1vd7te-00000000Mx4-265u<br /><br />
for doctor@nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:19:06 -0700<br /><br />
Received: by freenet-mobilfunk.de (Postfix, from userid 1000)<br /><br />
id C1D88369B39; Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
To: doctor@nl2k.ab.ca<br /><br />
From: "=?UTF-8?B?UGVyZm9ybWFuY2UgRW5oYW5jZXI=?=" <noreply@micropayment.de><br /><br />
Subject: =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
MIME-Version: 1.0<br /><br />
Content-Type: text/html; charset="UTF-8"<br /><br />
Content-Transfer-Encoding: base64<br /><br />
List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br />
Message-Id: <20260106141801.C1D88369B39@freenet-mobilfunk.de><br /><br />
Date: Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
X-Spam_score: 12.4<br /><br />
X-Spam_score_int: 124<br /><br />
X-Spam_bar: ++++++++++++<br /><br />
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",<br /><br />
has identified this incoming email as possible spam. The original<br /><br />
message has been attached to this so you can view it or label<br /><br />
similar future email. If you have any questions, see<br /><br />
@@CONTACT_ADDRESS@@ for details.<br /><br />
<br /><br />
Content preview: StratosBoost — Offer Unleash Your True Potential 🚀 <br /><br />
<br /><br />
Content analysis details: (12.4 points, 5.0 required)<br /><br />
<br /><br />
pts rule name description<br /><br />
---- ---------------------- --------------------------------------------------<br /><br />
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)<br /><br />
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)<br /><br />
0.0 TVD_RCVD_IP Message was received from an IP address<br /><br />
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in<br /><br />
headers<br /><br />
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail<br /><br />
domains are different<br /><br />
0.3 SPECIAL_OFFER BODY: Special Offer<br /><br />
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge<br /><br />
0.0 HTML_MESSAGE BODY: HTML included in message<br /><br />
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br /><br />
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily<br /><br />
0.4 RDNS_DYNAMIC Delivered to internal network by host with<br /><br />
dynamic-looking rDNS<br /><br />
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS<br /><br />
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam<br /><br />
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid<br /><br />
URIBL<br /><br />
Subject: {SPAM?} =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
<br /><br />
PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CjxtZXRhIGNoYXJzZXQ9InV0<br /><br />
Zi04IiAvPgo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRo<br /><br />
LGluaXRpYWwtc2NhbGU9MSIgLz4KPHRpdGxlPlN0cmF0b3NCb29zdCDigJQgT2ZmZXI8L3RpdGxl<br /><br />
Pgo8c3R5bGU+CiAgLyogQmFzaWMgcmVzZXQgKi8KICBodG1sLGJvZHl7aGVpZ2h0OjEwMCU7bWFy<br /><br />
Z2luOjA7Zm9udC1mYW1pbHk6QXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjtiYWNrZ3JvdW5k<br /><br />
OiNmZmY7Y29sb3I6IzIyMjstd2Via2l0LWZvbnQtc21vb3RoaW5nOmFudGlhbGlhc2VkfQogIC5j<br /><br />
b250YWluZXJ7bWF4LXdpZHRoOjY4MHB4O21hcmdpbjoyOHB4IGF1dG87cGFkZGluZzoyNHB4O2Jv<br /><br />
cmRlci1yYWRpdXM6OHB4O2JveC1zaGFkb3c6MCAxMHB4IDMwcHggcmdiYSgxMiwyMCwzMCwuMDYp<br /><br />
O30KICAuaGVyby1pbWd7d2lkdGg6MTAwJTtoZWlnaHQ6YXV0bztib3JkZXItcmFkaXVzOjZweDtk<br /><br />
aXNwbGF5OmJsb2NrO29iamVjdC1maXQ6Y292ZXJ9CiAgLmNvbnRlbnR7cGFkZGluZzoyMnB4IDZw<br /><br />
eH0KICBoMXtmb250LXNpemU6MjRweDttYXJnaW46NnB4IDAgOHB4O3RleHQtYWxpZ246Y2VudGVy<br /><br />
O2NvbG9yOiMxMTF9CiAgLmxlYWR7Zm9udC1zaXplOjE1cHg7Y29sb3I6IzY2NjtsaW5lLWhlaWdo<br /><br />
dDoxLjU1O3RleHQtYWxpZ246Y2VudGVyO21hcmdpbjowIDAgMThweH0KICAuY3RhLXdyYXB7dGV4<br /><br />
dC1hbGlnbjpjZW50ZXI7bWFyZ2luOjE4cHggMH0KICAuYnRuewogICAgZGlzcGxheTppbmxpbmUt<br /><br />
YmxvY2s7CiAgICBiYWNrZ3JvdW5kOiNlNzRiNTQ7CiAgICBjb2xvcjojZmZmOwogICAgcGFkZGlu<br /><br />
ZzoxMnB4IDIwcHg7CiAgICBib3JkZXItcmFkaXVzOjhweDsKICAgIHRleHQtZGVjb3JhdGlvbjpu<br /><br />
b25lOwogICAgZm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDhweCAyMHB4IHJnYmEo<br /><br />
MjMxLDc1LDg0LC4xOCk7CiAgfQoKICAvKiBGZWF0dXJlcyBncmlkICovCiAgLmZlYXR1cmVze2Rp<br /><br />
c3BsYXk6ZmxleDtmbGV4LXdyYXA6d3JhcDtnYXA6MTJweDttYXJnaW4tdG9wOjE4cHg7anVzdGlm<br /><br />
eS1jb250ZW50OmNlbnRlcn0KICAuZmVhdHt3aWR0aDo0OCU7bWluLXdpZHRoOjIwMHB4O2Rpc3Bs<br /><br />
YXk6ZmxleDthbGlnbi1pdGVtczpmbGV4LXN0YXJ0O2dhcDoxMHB4O2NvbG9yOiMzMzN9CiAgLmNo<br /><br />
ZWNrewogICAgd2lkdGg6MThweDtoZWlnaHQ6MThweDtib3JkZXItcmFkaXVzOjRweDtmbGV4OjAg<br /><br />
MCAxOHB4O2JhY2tncm91bmQ6IzFiYmY0YTtjb2xvcjojZmZmO2Rpc3BsYXk6aW5saW5lLWZsZXg7<br /><br />
YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50ZXI7Zm9udC1zaXplOjEzcHg7<br /><br />
Zm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDRweCAxMHB4IHJnYmEoMjcsMTkxLDc0<br /><br />
LC4xMikKICB9CiAgLmZlYXQgcHttYXJnaW46MDtmb250LXNpemU6MTRweDtsaW5lLWhlaWdodDox<br /><br />
LjR9CgogIC8qIEhpZ2hsaWdodCBib3ggKi8KICAucGlsbHsKICAgIG1hcmdpbjoxOHB4IGF1dG8g<br /><br />
NHB4OwogICAgbWF4LXdpZHRoOjUyMHB4OwogICAgYmFja2dyb3VuZDojZmZmNGM5OwogICAgY29s<br /><br />
b3I6IzZiNGYwMDsKICAgIHBhZGRpbmc6MTJweCAxNHB4OwogICAgYm9yZGVyLXJhZGl1czo4cHg7<br /><br />
CiAgICBib3gtc2hhZG93OjAgNnB4IDE4cHggcmdiYSgyMzUsMTg4LDYyLC4xMik7CiAgICBkaXNw<br /><br />
bGF5OmZsZXg7Z2FwOjEwcHg7YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50<br /><br />
ZXI7Zm9udC13ZWlnaHQ6NjAwCiAgfQoKICAvKiBmb290ZXIgKi8KICAuZm9vdGVye2ZvbnQtc2l6<br /><br />
ZToxMnB4O2NvbG9yOiM5OTk7dGV4dC1hbGlnbjpjZW50ZXI7bWFyZ2luLXRvcDoxOHB4fQogIC51<br /><br />
bnN1YnNjcmliZXtjb2xvcjojN2I3YjdiO3RleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmV9CgogIC8q<br /><br />
IHNtYWxsIHNjcmVlbnMgKi8KICBAbWVkaWEgKG1heC13aWR0aDo1MjBweCl7CiAgICAuZmVhdHt3<br /><br />
aWR0aDoxMDAlfQogICAgaDF7Zm9udC1zaXplOjIwcHh9CiAgICAuYnRue3dpZHRoOjEwMCU7Ym94<br /><br />
LXNpemluZzpib3JkZXItYm94O3BhZGRpbmc6MTJweCAxNnB4fQogIH0KPC9zdHlsZT4KPC9oZWFk<br /><br />
Pgo8Ym9keT4KICA8ZGl2IGNsYXNzPSJjb250YWluZXIiIHJvbGU9Im1haW4iIGFyaWEtbGFiZWw9<br /><br />
IlN0cmF0b3NCb29zdCBvZmZlciI+CiAgICA8IS0tIEhlcm8gaW1hZ2UgLS0+CiAgICA8IS0tIFJl<br /><br />
Y29tbWVuZGVkOiBzYXZlIHRoZSB1cGxvYWRlZCBmaWxlIGFzIHN0cmF0b3Nib29zdC5wbmcgYW5k<br /><br />
IHVzZSB0aGF0IGZpbGVuYW1lIC0tPgogICAgPGltZyBjbGFzcz0iaGVyby1pbWciIHNyYz0iaHR0<br /><br />
cHM6Ly9pLmd5YXpvLmNvbS80NzhkNGViNmZmNmIyZDVjMmExMGFjMWU5NjBkNzM3Yi5wbmciIGFs<br /><br />
dD0iU3RyYXRvc0Jvb3N0IHByb2R1Y3QgKyBjb3VwbGUiIC8+CiAgICA8IS0tIElmIHlvdSBwcmVm<br /><br />
ZXIgdG8gdXNlIHRoZSBvcmlnaW5hbCB1cGxvYWRlZCBwYXRoLCBjb21tZW50IHRoZSBwcmV2aW91<br /><br />
cyBsaW5lIGFuZCB1bmNvbW1lbnQgYmVsb3c6CiAgICA8aW1nIGNsYXNzPSJoZXJvLWltZyIgc3Jj<br /><br />
PSIvbW50L2RhdGEvU2NyZWVuc2hvdCAyMDI1LTExLTE0IGF0IDE3LTQwLTU3IEJvb3N0IFlvdXIg<br /><br />
UGVyZm9ybWFuY2Ugd2l0aCBTdHJhdG9zQm9vc3QucG5nIiBhbHQ9IlN0cmF0b3NCb29zdCBwcm9k<br /><br />
dWN0ICsgY291cGxlIiAvPgogICAgLS0+CgogICAgPGRpdiBjbGFzcz0iY29udGVudCI+CiAgICAg<br /><br />
IDxoMT5VbmxlYXNoIFlvdXIgVHJ1ZSBQb3RlbnRpYWwg8J+agDwvaDE+CgogICAgICA8cCBjbGFz<br /><br />
cz0ibGVhZCI+CiAgICAgICAgU3RyYXRvc0Jvb3N0IGlzIGRlc2lnbmVkIHRvIGZ1ZWwgeW91ciBl<br /><br />
bmVyZ3ksIHNoYXJwZW4geW91ciBmb2N1cywgYW5kIGVuaGFuY2UgcGVyZm9ybWFuY2UuCiAgICAg<br /><br />
ICAgQmFja2VkIGJ5IHNjaWVuY2UsIHRydXN0ZWQgYnkgcHJvZmVzc2lvbmFscywgYW5kIG5vdyBh<br /><br />
dmFpbGFibGUgd2l0aCBhIDxzdHJvbmc+c3BlY2lhbCBvbmxpbmUgb2ZmZXI8L3N0cm9uZz4uCiAg<br /><br />
ICAgIDwvcD4KCiAgICAgIDxkaXYgY2xhc3M9ImN0YS13cmFwIj4KICAgICAgICA8IS0tIFJlcGxh<br /><br />
Y2UgIyB3aXRoIHlvdXIgbGFuZGluZyBVUkwgLS0+CiAgICAgICAgPGEgY2xhc3M9ImJ0biIgaHJl<br /><br />
Zj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2JhbDAyZnZ4bnM2NGtqbjU4YjE2ZmR2<br /><br />
eHM3OGtqL3N0cmFvc2JtaXRsc29rb2x6N2RpNTRkc2N4a203Z2JmLmh0bWwiIHJvbGU9ImJ1dHRv<br /><br />
biI+Q2xhaW0gWW91ciBTdHJhdG9zQm9vc3QgTm93PC9hPgogICAgICA8L2Rpdj4KCiAgICAgIDxk<br /><br />
aXYgY2xhc3M9ImZlYXR1cmVzIiBhcmlhLWhpZGRlbj0iZmFsc2UiIHJvbGU9Imxpc3QiPgogICAg<br /><br />
ICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xh<br /><br />
c3M9ImNoZWNrIj7inJM8L2Rpdj4KICAgICAgICAgIDxwPkZhc3QtYWN0aW5nIG5hdHVyYWwgZm9y<br /><br />
bXVsYTwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0i<br /><br />
bGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAg<br /><br />
ICAgPHA+QmFja2VkIGJ5IGV4cGVydHM8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYg<br /><br />
Y2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNr<br /><br />
Ij7inJM8L2Rpdj4KICAgICAgICAgIDxwPkVuZXJneSAmIHN0YW1pbmEgc3VwcG9ydDwvcD4KICAg<br /><br />
ICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgog<br /><br />
ICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+RWFzeSBk<br /><br />
YWlseSB1c2U8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJv<br /><br />
bGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNrIj7inJM8L2Rpdj4KICAg<br /><br />
ICAgICAgIDxwPk1lbnRhbCBmb2N1cyBib29zdDwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAg<br /><br />
PGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0i<br /><br />
Y2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+MTAwJSBzYXRpc2ZhY3Rpb24gZ3VhcmFudGVl<br /><br />
PC9wPgogICAgICAgIDwvZGl2PgogICAgICA8L2Rpdj4KCiAgICAgIDxkaXYgY2xhc3M9InBpbGwi<br /><br />
IHJvbGU9InN0YXR1cyIgYXJpYS1saXZlPSJwb2xpdGUiPgogICAgICAgIOKaoSBMaW1pdGVkIHN0<br /><br />
b2NrIGF2YWlsYWJsZSDigJQgb3JkZXIgdG9kYXkgYmVmb3JlIGl0J3MgZ29uZSEKICAgICAgPC9k<br /><br />
aXY+CgogICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgIDxwIHN0eWxlPSJtYXJnaW46<br /><br />
NnB4IDAgMCI+WW91IHJlY2VpdmVkIHRoaXMgZW1haWwgYmVjYXVzZSB5b3Ugc3Vic2NyaWJlZCB0<br /><br />
byBTdHJhdG9zQm9vc3Qgb2ZmZXJzLjwvcD4KICAgICAgICA8cCBzdHlsZT0ibWFyZ2luOjZweCAw<br /><br />
IDAiPjxhIGNsYXNzPSJ1bnN1YnNjcmliZSIgaHJlZj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFw<br /><br />
aXMuY29tL2ZhdGttbnMtNjJrbW5mZy1mdjZzbmM4LWptZG5zZXQvc3RyYW9zYm1pdGxzb2tvbHo3<br /><br />
ZGk1NGRzY3hrbTdnYmYuaHRtbCIgdGl0bGU9IlVuc3Vic2NyaWJlIGxpbmsiPlVuc3Vic2NyaWJl<br /><br />
PC9hPjwvcD4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICA8L2Rpdj4KPC9ib2R5Pgo8L2h0bWw+<br /><br />
<br /><br />
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/14-Google-Gmail-Spam">Google Gmail Spam</a></li>
<li><a href="/blog/index.php?/archives/14755-Health-products-phish-from-Google-Gmail.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14755.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14755"
dc:title="Health products phish from Google Gmail"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14755-Health-products-phish-from-Google-Gmail.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14754-Health-products-phish-from-Google-Gmail.html">Health products phish from Google Gmail</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T23:21:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
X-Mozilla-Status: 0001<br /><br />
X-Mozilla-Status2: 00000000<br /><br />
Return-path: <doctor@doctor.nl2k.ab.ca><br /><br />
Envelope-to: dave@doctor.nl2k.ab.ca<br /><br />
Delivery-date: Tue, 06 Jan 2026 07:48:00 -0700<br /><br />
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br />
id 1vd8Lm-00000000LOn-1R1v<br /><br />
for dave@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:47:58 -0700<br /><br />
Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br />
Resent-Date: Tue, 6 Jan 2026 07:47:58 -0700<br /><br />
Resent-Message-ID: <aV0gnuAN9rCT52fF@doctor.nl2k.ab.ca><br /><br />
Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br />
Received: from 75.242.204.35.bc.googleusercontent.com ([35.204.242.75]:58414 helo=freenet-mobilfunk.de)<br /><br />
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <arend_janspeijer97@freenet-mobilfunk.de>)<br /><br />
id 1vd7te-00000000Mx2-26DA<br /><br />
for root@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:19:05 -0700<br /><br />
Received: by freenet-mobilfunk.de (Postfix, from userid 1000)<br /><br />
id 45128369B2C; Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
To: root@doctor.nl2k.ab.ca<br /><br />
From: "=?UTF-8?B?UGVyZm9ybWFuY2UgRW5oYW5jZXI=?=" <noreply@micropayment.de><br /><br />
Subject: =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
MIME-Version: 1.0<br /><br />
Content-Type: text/html; charset="UTF-8"<br /><br />
Content-Transfer-Encoding: base64<br /><br />
List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br />
Message-Id: <20260106141801.45128369B2C@freenet-mobilfunk.de><br /><br />
Date: Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
X-Spam_score: 12.4<br /><br />
X-Spam_score_int: 124<br /><br />
X-Spam_bar: ++++++++++++<br /><br />
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",<br /><br />
has identified this incoming email as possible spam. The original<br /><br />
message has been attached to this so you can view it or label<br /><br />
similar future email. If you have any questions, see<br /><br />
@@CONTACT_ADDRESS@@ for details.<br /><br />
<br /><br />
Content preview: StratosBoost — Offer Unleash Your True Potential 🚀 <br /><br />
<br /><br />
Content analysis details: (12.4 points, 5.0 required)<br /><br />
<br /><br />
pts rule name description<br /><br />
---- ---------------------- --------------------------------------------------<br /><br />
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)<br /><br />
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)<br /><br />
0.0 TVD_RCVD_IP Message was received from an IP address<br /><br />
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in<br /><br />
headers<br /><br />
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail<br /><br />
domains are different<br /><br />
0.3 SPECIAL_OFFER BODY: Special Offer<br /><br />
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge<br /><br />
0.0 HTML_MESSAGE BODY: HTML included in message<br /><br />
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br /><br />
0.4 RDNS_DYNAMIC Delivered to internal network by host with<br /><br />
dynamic-looking rDNS<br /><br />
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily<br /><br />
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam<br /><br />
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid<br /><br />
URIBL<br /><br />
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS<br /><br />
Subject: {SPAM?} =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
<br /><br />
PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CjxtZXRhIGNoYXJzZXQ9InV0<br /><br />
Zi04IiAvPgo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRo<br /><br />
LGluaXRpYWwtc2NhbGU9MSIgLz4KPHRpdGxlPlN0cmF0b3NCb29zdCDigJQgT2ZmZXI8L3RpdGxl<br /><br />
Pgo8c3R5bGU+CiAgLyogQmFzaWMgcmVzZXQgKi8KICBodG1sLGJvZHl7aGVpZ2h0OjEwMCU7bWFy<br /><br />
Z2luOjA7Zm9udC1mYW1pbHk6QXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjtiYWNrZ3JvdW5k<br /><br />
OiNmZmY7Y29sb3I6IzIyMjstd2Via2l0LWZvbnQtc21vb3RoaW5nOmFudGlhbGlhc2VkfQogIC5j<br /><br />
b250YWluZXJ7bWF4LXdpZHRoOjY4MHB4O21hcmdpbjoyOHB4IGF1dG87cGFkZGluZzoyNHB4O2Jv<br /><br />
cmRlci1yYWRpdXM6OHB4O2JveC1zaGFkb3c6MCAxMHB4IDMwcHggcmdiYSgxMiwyMCwzMCwuMDYp<br /><br />
O30KICAuaGVyby1pbWd7d2lkdGg6MTAwJTtoZWlnaHQ6YXV0bztib3JkZXItcmFkaXVzOjZweDtk<br /><br />
aXNwbGF5OmJsb2NrO29iamVjdC1maXQ6Y292ZXJ9CiAgLmNvbnRlbnR7cGFkZGluZzoyMnB4IDZw<br /><br />
eH0KICBoMXtmb250LXNpemU6MjRweDttYXJnaW46NnB4IDAgOHB4O3RleHQtYWxpZ246Y2VudGVy<br /><br />
O2NvbG9yOiMxMTF9CiAgLmxlYWR7Zm9udC1zaXplOjE1cHg7Y29sb3I6IzY2NjtsaW5lLWhlaWdo<br /><br />
dDoxLjU1O3RleHQtYWxpZ246Y2VudGVyO21hcmdpbjowIDAgMThweH0KICAuY3RhLXdyYXB7dGV4<br /><br />
dC1hbGlnbjpjZW50ZXI7bWFyZ2luOjE4cHggMH0KICAuYnRuewogICAgZGlzcGxheTppbmxpbmUt<br /><br />
YmxvY2s7CiAgICBiYWNrZ3JvdW5kOiNlNzRiNTQ7CiAgICBjb2xvcjojZmZmOwogICAgcGFkZGlu<br /><br />
ZzoxMnB4IDIwcHg7CiAgICBib3JkZXItcmFkaXVzOjhweDsKICAgIHRleHQtZGVjb3JhdGlvbjpu<br /><br />
b25lOwogICAgZm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDhweCAyMHB4IHJnYmEo<br /><br />
MjMxLDc1LDg0LC4xOCk7CiAgfQoKICAvKiBGZWF0dXJlcyBncmlkICovCiAgLmZlYXR1cmVze2Rp<br /><br />
c3BsYXk6ZmxleDtmbGV4LXdyYXA6d3JhcDtnYXA6MTJweDttYXJnaW4tdG9wOjE4cHg7anVzdGlm<br /><br />
eS1jb250ZW50OmNlbnRlcn0KICAuZmVhdHt3aWR0aDo0OCU7bWluLXdpZHRoOjIwMHB4O2Rpc3Bs<br /><br />
YXk6ZmxleDthbGlnbi1pdGVtczpmbGV4LXN0YXJ0O2dhcDoxMHB4O2NvbG9yOiMzMzN9CiAgLmNo<br /><br />
ZWNrewogICAgd2lkdGg6MThweDtoZWlnaHQ6MThweDtib3JkZXItcmFkaXVzOjRweDtmbGV4OjAg<br /><br />
MCAxOHB4O2JhY2tncm91bmQ6IzFiYmY0YTtjb2xvcjojZmZmO2Rpc3BsYXk6aW5saW5lLWZsZXg7<br /><br />
YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50ZXI7Zm9udC1zaXplOjEzcHg7<br /><br />
Zm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDRweCAxMHB4IHJnYmEoMjcsMTkxLDc0<br /><br />
LC4xMikKICB9CiAgLmZlYXQgcHttYXJnaW46MDtmb250LXNpemU6MTRweDtsaW5lLWhlaWdodDox<br /><br />
LjR9CgogIC8qIEhpZ2hsaWdodCBib3ggKi8KICAucGlsbHsKICAgIG1hcmdpbjoxOHB4IGF1dG8g<br /><br />
NHB4OwogICAgbWF4LXdpZHRoOjUyMHB4OwogICAgYmFja2dyb3VuZDojZmZmNGM5OwogICAgY29s<br /><br />
b3I6IzZiNGYwMDsKICAgIHBhZGRpbmc6MTJweCAxNHB4OwogICAgYm9yZGVyLXJhZGl1czo4cHg7<br /><br />
CiAgICBib3gtc2hhZG93OjAgNnB4IDE4cHggcmdiYSgyMzUsMTg4LDYyLC4xMik7CiAgICBkaXNw<br /><br />
bGF5OmZsZXg7Z2FwOjEwcHg7YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50<br /><br />
ZXI7Zm9udC13ZWlnaHQ6NjAwCiAgfQoKICAvKiBmb290ZXIgKi8KICAuZm9vdGVye2ZvbnQtc2l6<br /><br />
ZToxMnB4O2NvbG9yOiM5OTk7dGV4dC1hbGlnbjpjZW50ZXI7bWFyZ2luLXRvcDoxOHB4fQogIC51<br /><br />
bnN1YnNjcmliZXtjb2xvcjojN2I3YjdiO3RleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmV9CgogIC8q<br /><br />
IHNtYWxsIHNjcmVlbnMgKi8KICBAbWVkaWEgKG1heC13aWR0aDo1MjBweCl7CiAgICAuZmVhdHt3<br /><br />
aWR0aDoxMDAlfQogICAgaDF7Zm9udC1zaXplOjIwcHh9CiAgICAuYnRue3dpZHRoOjEwMCU7Ym94<br /><br />
LXNpemluZzpib3JkZXItYm94O3BhZGRpbmc6MTJweCAxNnB4fQogIH0KPC9zdHlsZT4KPC9oZWFk<br /><br />
Pgo8Ym9keT4KICA8ZGl2IGNsYXNzPSJjb250YWluZXIiIHJvbGU9Im1haW4iIGFyaWEtbGFiZWw9<br /><br />
IlN0cmF0b3NCb29zdCBvZmZlciI+CiAgICA8IS0tIEhlcm8gaW1hZ2UgLS0+CiAgICA8IS0tIFJl<br /><br />
Y29tbWVuZGVkOiBzYXZlIHRoZSB1cGxvYWRlZCBmaWxlIGFzIHN0cmF0b3Nib29zdC5wbmcgYW5k<br /><br />
IHVzZSB0aGF0IGZpbGVuYW1lIC0tPgogICAgPGltZyBjbGFzcz0iaGVyby1pbWciIHNyYz0iaHR0<br /><br />
cHM6Ly9pLmd5YXpvLmNvbS80NzhkNGViNmZmNmIyZDVjMmExMGFjMWU5NjBkNzM3Yi5wbmciIGFs<br /><br />
dD0iU3RyYXRvc0Jvb3N0IHByb2R1Y3QgKyBjb3VwbGUiIC8+CiAgICA8IS0tIElmIHlvdSBwcmVm<br /><br />
ZXIgdG8gdXNlIHRoZSBvcmlnaW5hbCB1cGxvYWRlZCBwYXRoLCBjb21tZW50IHRoZSBwcmV2aW91<br /><br />
cyBsaW5lIGFuZCB1bmNvbW1lbnQgYmVsb3c6CiAgICA8aW1nIGNsYXNzPSJoZXJvLWltZyIgc3Jj<br /><br />
PSIvbW50L2RhdGEvU2NyZWVuc2hvdCAyMDI1LTExLTE0IGF0IDE3LTQwLTU3IEJvb3N0IFlvdXIg<br /><br />
UGVyZm9ybWFuY2Ugd2l0aCBTdHJhdG9zQm9vc3QucG5nIiBhbHQ9IlN0cmF0b3NCb29zdCBwcm9k<br /><br />
dWN0ICsgY291cGxlIiAvPgogICAgLS0+CgogICAgPGRpdiBjbGFzcz0iY29udGVudCI+CiAgICAg<br /><br />
IDxoMT5VbmxlYXNoIFlvdXIgVHJ1ZSBQb3RlbnRpYWwg8J+agDwvaDE+CgogICAgICA8cCBjbGFz<br /><br />
cz0ibGVhZCI+CiAgICAgICAgU3RyYXRvc0Jvb3N0IGlzIGRlc2lnbmVkIHRvIGZ1ZWwgeW91ciBl<br /><br />
bmVyZ3ksIHNoYXJwZW4geW91ciBmb2N1cywgYW5kIGVuaGFuY2UgcGVyZm9ybWFuY2UuCiAgICAg<br /><br />
ICAgQmFja2VkIGJ5IHNjaWVuY2UsIHRydXN0ZWQgYnkgcHJvZmVzc2lvbmFscywgYW5kIG5vdyBh<br /><br />
dmFpbGFibGUgd2l0aCBhIDxzdHJvbmc+c3BlY2lhbCBvbmxpbmUgb2ZmZXI8L3N0cm9uZz4uCiAg<br /><br />
ICAgIDwvcD4KCiAgICAgIDxkaXYgY2xhc3M9ImN0YS13cmFwIj4KICAgICAgICA8IS0tIFJlcGxh<br /><br />
Y2UgIyB3aXRoIHlvdXIgbGFuZGluZyBVUkwgLS0+CiAgICAgICAgPGEgY2xhc3M9ImJ0biIgaHJl<br /><br />
Zj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2JhbDAyZnZ4bnM2NGtqbjU4YjE2ZmR2<br /><br />
eHM3OGtqL3N0cmFvc2JtaXRsc29rb2x6N2RpNTRkc2N4a203Z2JmLmh0bWwiIHJvbGU9ImJ1dHRv<br /><br />
biI+Q2xhaW0gWW91ciBTdHJhdG9zQm9vc3QgTm93PC9hPgogICAgICA8L2Rpdj4KCiAgICAgIDxk<br /><br />
aXYgY2xhc3M9ImZlYXR1cmVzIiBhcmlhLWhpZGRlbj0iZmFsc2UiIHJvbGU9Imxpc3QiPgogICAg<br /><br />
ICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xh<br /><br />
c3M9ImNoZWNrIj7inJM8L2Rpdj4KICAgICAgICAgIDxwPkZhc3QtYWN0aW5nIG5hdHVyYWwgZm9y<br /><br />
bXVsYTwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0i<br /><br />
bGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAg<br /><br />
ICAgPHA+QmFja2VkIGJ5IGV4cGVydHM8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYg<br /><br />
Y2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNr<br /><br />
Ij7inJM8L2Rpdj4KICAgICAgICAgIDxwPkVuZXJneSAmIHN0YW1pbmEgc3VwcG9ydDwvcD4KICAg<br /><br />
ICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgog<br /><br />
ICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+RWFzeSBk<br /><br />
YWlseSB1c2U8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJv<br /><br />
bGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNrIj7inJM8L2Rpdj4KICAg<br /><br />
ICAgICAgIDxwPk1lbnRhbCBmb2N1cyBib29zdDwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAg<br /><br />
PGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0i<br /><br />
Y2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+MTAwJSBzYXRpc2ZhY3Rpb24gZ3VhcmFudGVl<br /><br />
PC9wPgogICAgICAgIDwvZGl2PgogICAgICA8L2Rpdj4KCiAgICAgIDxkaXYgY2xhc3M9InBpbGwi<br /><br />
IHJvbGU9InN0YXR1cyIgYXJpYS1saXZlPSJwb2xpdGUiPgogICAgICAgIOKaoSBMaW1pdGVkIHN0<br /><br />
b2NrIGF2YWlsYWJsZSDigJQgb3JkZXIgdG9kYXkgYmVmb3JlIGl0J3MgZ29uZSEKICAgICAgPC9k<br /><br />
aXY+CgogICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgIDxwIHN0eWxlPSJtYXJnaW46<br /><br />
NnB4IDAgMCI+WW91IHJlY2VpdmVkIHRoaXMgZW1haWwgYmVjYXVzZSB5b3Ugc3Vic2NyaWJlZCB0<br /><br />
byBTdHJhdG9zQm9vc3Qgb2ZmZXJzLjwvcD4KICAgICAgICA8cCBzdHlsZT0ibWFyZ2luOjZweCAw<br /><br />
IDAiPjxhIGNsYXNzPSJ1bnN1YnNjcmliZSIgaHJlZj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFw<br /><br />
aXMuY29tL2ZhdGttbnMtNjJrbW5mZy1mdjZzbmM4LWptZG5zZXQvc3RyYW9zYm1pdGxzb2tvbHo3<br /><br />
ZGk1NGRzY3hrbTdnYmYuaHRtbCIgdGl0bGU9IlVuc3Vic2NyaWJlIGxpbmsiPlVuc3Vic2NyaWJl<br /><br />
PC9hPjwvcD4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICA8L2Rpdj4KPC9ib2R5Pgo8L2h0bWw+<br /><br />
<br /><br />
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/14-Google-Gmail-Spam">Google Gmail Spam</a>, <a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14754-Health-products-phish-from-Google-Gmail.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14754.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14754"
dc:title="Health products phish from Google Gmail"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14754-Health-products-phish-from-Google-Gmail.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14753-Health-products-phish-from-Google.html">Health products phish from Google</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T23:03:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
X-Mozilla-Status: 0001<br /><br />
X-Mozilla-Status2: 00000000<br /><br />
Return-path: <arend_janspeijer97@freenet-mobilfunk.de><br /><br />
Envelope-to: dave@doctor.nl2k.ab.ca<br /><br />
Delivery-date: Tue, 06 Jan 2026 07:20:00 -0700<br /><br />
Received: from 75.242.204.35.bc.googleusercontent.com ([35.204.242.75]:58398 helo=freenet-mobilfunk.de)<br /><br />
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <arend_janspeijer97@freenet-mobilfunk.de>)<br /><br />
id 1vd7te-00000000Mx1-26G8<br /><br />
for dave@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:19:06 -0700<br /><br />
Received: by freenet-mobilfunk.de (Postfix, from userid 1000)<br /><br />
id 33732369B26; Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
To: dave@doctor.nl2k.ab.ca<br /><br />
From: "=?UTF-8?B?UGVyZm9ybWFuY2UgRW5oYW5jZXI=?=" <noreply@micropayment.de><br /><br />
Subject: =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
MIME-Version: 1.0<br /><br />
Content-Type: text/html; charset="UTF-8"<br /><br />
Content-Transfer-Encoding: base64<br /><br />
List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br />
Message-Id: <20260106141801.33732369B26@freenet-mobilfunk.de><br /><br />
Date: Tue, 6 Jan 2026 14:18:01 +0000 (UTC)<br /><br />
X-Spam_score: 12.4<br /><br />
X-Spam_score_int: 124<br /><br />
X-Spam_bar: ++++++++++++<br /><br />
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",<br /><br />
has identified this incoming email as possible spam. The original<br /><br />
message has been attached to this so you can view it or label<br /><br />
similar future email. If you have any questions, see<br /><br />
@@CONTACT_ADDRESS@@ for details.<br /><br />
<br /><br />
Content preview: StratosBoost — Offer Unleash Your True Potential 🚀 <br /><br />
<br /><br />
Content analysis details: (12.4 points, 5.0 required)<br /><br />
<br /><br />
pts rule name description<br /><br />
---- ---------------------- --------------------------------------------------<br /><br />
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org<br /><br />
[35.204.242.75 listed in dnsbl.ahbl.org]<br /><br />
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
[35.204.242.75 listed in will-spam-for-food.eu.org]<br /><br />
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)<br /><br />
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)<br /><br />
0.0 TVD_RCVD_IP Message was received from an IP address<br /><br />
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in<br /><br />
headers<br /><br />
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail<br /><br />
domains are different<br /><br />
0.3 SPECIAL_OFFER BODY: Special Offer<br /><br />
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge<br /><br />
0.0 HTML_MESSAGE BODY: HTML included in message<br /><br />
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br /><br />
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam<br /><br />
0.4 RDNS_DYNAMIC Delivered to internal network by host with<br /><br />
dynamic-looking rDNS<br /><br />
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily<br /><br />
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid<br /><br />
URIBL<br /><br />
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS<br /><br />
Subject: {SPAM?} =?UTF-8?B?VW5sZWE=?==?UTF-8?B?c2ggWW91ciBU?==?UTF-8?B?cnVlIFBvdGVudA==?==?UTF-8?B?aWFsIPCfmoA=?=<br /><br />
<br /><br />
PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CjxtZXRhIGNoYXJzZXQ9InV0<br /><br />
Zi04IiAvPgo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRo<br /><br />
LGluaXRpYWwtc2NhbGU9MSIgLz4KPHRpdGxlPlN0cmF0b3NCb29zdCDigJQgT2ZmZXI8L3RpdGxl<br /><br />
Pgo8c3R5bGU+CiAgLyogQmFzaWMgcmVzZXQgKi8KICBodG1sLGJvZHl7aGVpZ2h0OjEwMCU7bWFy<br /><br />
Z2luOjA7Zm9udC1mYW1pbHk6QXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjtiYWNrZ3JvdW5k<br /><br />
OiNmZmY7Y29sb3I6IzIyMjstd2Via2l0LWZvbnQtc21vb3RoaW5nOmFudGlhbGlhc2VkfQogIC5j<br /><br />
b250YWluZXJ7bWF4LXdpZHRoOjY4MHB4O21hcmdpbjoyOHB4IGF1dG87cGFkZGluZzoyNHB4O2Jv<br /><br />
cmRlci1yYWRpdXM6OHB4O2JveC1zaGFkb3c6MCAxMHB4IDMwcHggcmdiYSgxMiwyMCwzMCwuMDYp<br /><br />
O30KICAuaGVyby1pbWd7d2lkdGg6MTAwJTtoZWlnaHQ6YXV0bztib3JkZXItcmFkaXVzOjZweDtk<br /><br />
aXNwbGF5OmJsb2NrO29iamVjdC1maXQ6Y292ZXJ9CiAgLmNvbnRlbnR7cGFkZGluZzoyMnB4IDZw<br /><br />
eH0KICBoMXtmb250LXNpemU6MjRweDttYXJnaW46NnB4IDAgOHB4O3RleHQtYWxpZ246Y2VudGVy<br /><br />
O2NvbG9yOiMxMTF9CiAgLmxlYWR7Zm9udC1zaXplOjE1cHg7Y29sb3I6IzY2NjtsaW5lLWhlaWdo<br /><br />
dDoxLjU1O3RleHQtYWxpZ246Y2VudGVyO21hcmdpbjowIDAgMThweH0KICAuY3RhLXdyYXB7dGV4<br /><br />
dC1hbGlnbjpjZW50ZXI7bWFyZ2luOjE4cHggMH0KICAuYnRuewogICAgZGlzcGxheTppbmxpbmUt<br /><br />
YmxvY2s7CiAgICBiYWNrZ3JvdW5kOiNlNzRiNTQ7CiAgICBjb2xvcjojZmZmOwogICAgcGFkZGlu<br /><br />
ZzoxMnB4IDIwcHg7CiAgICBib3JkZXItcmFkaXVzOjhweDsKICAgIHRleHQtZGVjb3JhdGlvbjpu<br /><br />
b25lOwogICAgZm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDhweCAyMHB4IHJnYmEo<br /><br />
MjMxLDc1LDg0LC4xOCk7CiAgfQoKICAvKiBGZWF0dXJlcyBncmlkICovCiAgLmZlYXR1cmVze2Rp<br /><br />
c3BsYXk6ZmxleDtmbGV4LXdyYXA6d3JhcDtnYXA6MTJweDttYXJnaW4tdG9wOjE4cHg7anVzdGlm<br /><br />
eS1jb250ZW50OmNlbnRlcn0KICAuZmVhdHt3aWR0aDo0OCU7bWluLXdpZHRoOjIwMHB4O2Rpc3Bs<br /><br />
YXk6ZmxleDthbGlnbi1pdGVtczpmbGV4LXN0YXJ0O2dhcDoxMHB4O2NvbG9yOiMzMzN9CiAgLmNo<br /><br />
ZWNrewogICAgd2lkdGg6MThweDtoZWlnaHQ6MThweDtib3JkZXItcmFkaXVzOjRweDtmbGV4OjAg<br /><br />
MCAxOHB4O2JhY2tncm91bmQ6IzFiYmY0YTtjb2xvcjojZmZmO2Rpc3BsYXk6aW5saW5lLWZsZXg7<br /><br />
YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50ZXI7Zm9udC1zaXplOjEzcHg7<br /><br />
Zm9udC13ZWlnaHQ6NzAwOwogICAgYm94LXNoYWRvdzowIDRweCAxMHB4IHJnYmEoMjcsMTkxLDc0<br /><br />
LC4xMikKICB9CiAgLmZlYXQgcHttYXJnaW46MDtmb250LXNpemU6MTRweDtsaW5lLWhlaWdodDox<br /><br />
LjR9CgogIC8qIEhpZ2hsaWdodCBib3ggKi8KICAucGlsbHsKICAgIG1hcmdpbjoxOHB4IGF1dG8g<br /><br />
NHB4OwogICAgbWF4LXdpZHRoOjUyMHB4OwogICAgYmFja2dyb3VuZDojZmZmNGM5OwogICAgY29s<br /><br />
b3I6IzZiNGYwMDsKICAgIHBhZGRpbmc6MTJweCAxNHB4OwogICAgYm9yZGVyLXJhZGl1czo4cHg7<br /><br />
CiAgICBib3gtc2hhZG93OjAgNnB4IDE4cHggcmdiYSgyMzUsMTg4LDYyLC4xMik7CiAgICBkaXNw<br /><br />
bGF5OmZsZXg7Z2FwOjEwcHg7YWxpZ24taXRlbXM6Y2VudGVyO2p1c3RpZnktY29udGVudDpjZW50<br /><br />
ZXI7Zm9udC13ZWlnaHQ6NjAwCiAgfQoKICAvKiBmb290ZXIgKi8KICAuZm9vdGVye2ZvbnQtc2l6<br /><br />
ZToxMnB4O2NvbG9yOiM5OTk7dGV4dC1hbGlnbjpjZW50ZXI7bWFyZ2luLXRvcDoxOHB4fQogIC51<br /><br />
bnN1YnNjcmliZXtjb2xvcjojN2I3YjdiO3RleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmV9CgogIC8q<br /><br />
IHNtYWxsIHNjcmVlbnMgKi8KICBAbWVkaWEgKG1heC13aWR0aDo1MjBweCl7CiAgICAuZmVhdHt3<br /><br />
aWR0aDoxMDAlfQogICAgaDF7Zm9udC1zaXplOjIwcHh9CiAgICAuYnRue3dpZHRoOjEwMCU7Ym94<br /><br />
LXNpemluZzpib3JkZXItYm94O3BhZGRpbmc6MTJweCAxNnB4fQogIH0KPC9zdHlsZT4KPC9oZWFk<br /><br />
Pgo8Ym9keT4KICA8ZGl2IGNsYXNzPSJjb250YWluZXIiIHJvbGU9Im1haW4iIGFyaWEtbGFiZWw9<br /><br />
IlN0cmF0b3NCb29zdCBvZmZlciI+CiAgICA8IS0tIEhlcm8gaW1hZ2UgLS0+CiAgICA8IS0tIFJl<br /><br />
Y29tbWVuZGVkOiBzYXZlIHRoZSB1cGxvYWRlZCBmaWxlIGFzIHN0cmF0b3Nib29zdC5wbmcgYW5k<br /><br />
IHVzZSB0aGF0IGZpbGVuYW1lIC0tPgogICAgPGltZyBjbGFzcz0iaGVyby1pbWciIHNyYz0iaHR0<br /><br />
cHM6Ly9pLmd5YXpvLmNvbS80NzhkNGViNmZmNmIyZDVjMmExMGFjMWU5NjBkNzM3Yi5wbmciIGFs<br /><br />
dD0iU3RyYXRvc0Jvb3N0IHByb2R1Y3QgKyBjb3VwbGUiIC8+CiAgICA8IS0tIElmIHlvdSBwcmVm<br /><br />
ZXIgdG8gdXNlIHRoZSBvcmlnaW5hbCB1cGxvYWRlZCBwYXRoLCBjb21tZW50IHRoZSBwcmV2aW91<br /><br />
cyBsaW5lIGFuZCB1bmNvbW1lbnQgYmVsb3c6CiAgICA8aW1nIGNsYXNzPSJoZXJvLWltZyIgc3Jj<br /><br />
PSIvbW50L2RhdGEvU2NyZWVuc2hvdCAyMDI1LTExLTE0IGF0IDE3LTQwLTU3IEJvb3N0IFlvdXIg<br /><br />
UGVyZm9ybWFuY2Ugd2l0aCBTdHJhdG9zQm9vc3QucG5nIiBhbHQ9IlN0cmF0b3NCb29zdCBwcm9k<br /><br />
dWN0ICsgY291cGxlIiAvPgogICAgLS0+CgogICAgPGRpdiBjbGFzcz0iY29udGVudCI+CiAgICAg<br /><br />
IDxoMT5VbmxlYXNoIFlvdXIgVHJ1ZSBQb3RlbnRpYWwg8J+agDwvaDE+CgogICAgICA8cCBjbGFz<br /><br />
cz0ibGVhZCI+CiAgICAgICAgU3RyYXRvc0Jvb3N0IGlzIGRlc2lnbmVkIHRvIGZ1ZWwgeW91ciBl<br /><br />
bmVyZ3ksIHNoYXJwZW4geW91ciBmb2N1cywgYW5kIGVuaGFuY2UgcGVyZm9ybWFuY2UuCiAgICAg<br /><br />
ICAgQmFja2VkIGJ5IHNjaWVuY2UsIHRydXN0ZWQgYnkgcHJvZmVzc2lvbmFscywgYW5kIG5vdyBh<br /><br />
dmFpbGFibGUgd2l0aCBhIDxzdHJvbmc+c3BlY2lhbCBvbmxpbmUgb2ZmZXI8L3N0cm9uZz4uCiAg<br /><br />
ICAgIDwvcD4KCiAgICAgIDxkaXYgY2xhc3M9ImN0YS13cmFwIj4KICAgICAgICA8IS0tIFJlcGxh<br /><br />
Y2UgIyB3aXRoIHlvdXIgbGFuZGluZyBVUkwgLS0+CiAgICAgICAgPGEgY2xhc3M9ImJ0biIgaHJl<br /><br />
Zj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2JhbDAyZnZ4bnM2NGtqbjU4YjE2ZmR2<br /><br />
eHM3OGtqL3N0cmFvc2JtaXRsc29rb2x6N2RpNTRkc2N4a203Z2JmLmh0bWwiIHJvbGU9ImJ1dHRv<br /><br />
biI+Q2xhaW0gWW91ciBTdHJhdG9zQm9vc3QgTm93PC9hPgogICAgICA8L2Rpdj4KCiAgICAgIDxk<br /><br />
aXYgY2xhc3M9ImZlYXR1cmVzIiBhcmlhLWhpZGRlbj0iZmFsc2UiIHJvbGU9Imxpc3QiPgogICAg<br /><br />
ICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xh<br /><br />
c3M9ImNoZWNrIj7inJM8L2Rpdj4KICAgICAgICAgIDxwPkZhc3QtYWN0aW5nIG5hdHVyYWwgZm9y<br /><br />
bXVsYTwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0i<br /><br />
bGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAg<br /><br />
ICAgPHA+QmFja2VkIGJ5IGV4cGVydHM8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYg<br /><br />
Y2xhc3M9ImZlYXQiIHJvbGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNr<br /><br />
Ij7inJM8L2Rpdj4KICAgICAgICAgIDxwPkVuZXJneSAmIHN0YW1pbmEgc3VwcG9ydDwvcD4KICAg<br /><br />
ICAgICA8L2Rpdj4KCiAgICAgICAgPGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgog<br /><br />
ICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+RWFzeSBk<br /><br />
YWlseSB1c2U8L3A+CiAgICAgICAgPC9kaXY+CgogICAgICAgIDxkaXYgY2xhc3M9ImZlYXQiIHJv<br /><br />
bGU9Imxpc3RpdGVtIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNoZWNrIj7inJM8L2Rpdj4KICAg<br /><br />
ICAgICAgIDxwPk1lbnRhbCBmb2N1cyBib29zdDwvcD4KICAgICAgICA8L2Rpdj4KCiAgICAgICAg<br /><br />
PGRpdiBjbGFzcz0iZmVhdCIgcm9sZT0ibGlzdGl0ZW0iPgogICAgICAgICAgPGRpdiBjbGFzcz0i<br /><br />
Y2hlY2siPuKckzwvZGl2PgogICAgICAgICAgPHA+MTAwJSBzYXRpc2ZhY3Rpb24gZ3VhcmFudGVl<br /><br />
PC9wPgogICAgICAgIDwvZGl2PgogICAgICA8L2Rpdj4KCiAgICAgIDxkaXYgY2xhc3M9InBpbGwi<br /><br />
IHJvbGU9InN0YXR1cyIgYXJpYS1saXZlPSJwb2xpdGUiPgogICAgICAgIOKaoSBMaW1pdGVkIHN0<br /><br />
b2NrIGF2YWlsYWJsZSDigJQgb3JkZXIgdG9kYXkgYmVmb3JlIGl0J3MgZ29uZSEKICAgICAgPC9k<br /><br />
aXY+CgogICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgIDxwIHN0eWxlPSJtYXJnaW46<br /><br />
NnB4IDAgMCI+WW91IHJlY2VpdmVkIHRoaXMgZW1haWwgYmVjYXVzZSB5b3Ugc3Vic2NyaWJlZCB0<br /><br />
byBTdHJhdG9zQm9vc3Qgb2ZmZXJzLjwvcD4KICAgICAgICA8cCBzdHlsZT0ibWFyZ2luOjZweCAw<br /><br />
IDAiPjxhIGNsYXNzPSJ1bnN1YnNjcmliZSIgaHJlZj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFw<br /><br />
aXMuY29tL2ZhdGttbnMtNjJrbW5mZy1mdjZzbmM4LWptZG5zZXQvc3RyYW9zYm1pdGxzb2tvbHo3<br /><br />
ZGk1NGRzY3hrbTdnYmYuaHRtbCIgdGl0bGU9IlVuc3Vic2NyaWJlIGxpbmsiPlVuc3Vic2NyaWJl<br /><br />
PC9hPjwvcD4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICA8L2Rpdj4KPC9ib2R5Pgo8L2h0bWw+<br /><br />
<br /><br />
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/14-Google-Gmail-Spam">Google Gmail Spam</a>, <a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14753-Health-products-phish-from-Google.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14753.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14753"
dc:title="Health products phish from Google"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14753-Health-products-phish-from-Google.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14752-National-Bank-of-Canada-Phish-Part-3.html">National Bank of Canada Phish Part 3</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T22:58:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
<br /><br />
<td width=3D"25" align=3D"left" valign=3D"middle" style=3D"font-family:Arial,=<br /><br />
sans-serif,'Open Sans';color:#000000;font-size:11px;line-height:15px;padding-=<br /><br />
left:6px"><br /><br />
<a href=3D"https://www.facebook.com/nationalbanknetworks" target=3D"_blank"><=<br /><br />
img src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/modele-courriel/ico=<br /><br />
n-facebook-25x25.gif" width=3D"25" height=3D"25" border=3D"0" alt=3D""></a></=<br /><br />
td><br /><br />
<td width=3D"25" align=3D"left" valign=3D"middle" style=3D"font-family:Arial,=<br /><br />
sans-serif,'Open Sans';color:#000000;font-size:11px;line-height:15px;padding-=<br /><br />
left:6px"><br /><br />
<a href=3D"https://twitter.com/nationalbank/" target=3D"_blank"><img src=3D"h=<br /><br />
ttps://www.bnc.ca/content/dam/bnc/formulaires/modele-courriel/icon-twitter-25=<br /><br />
x25.gif" width=3D"25" height=3D"25" border=3D"0" alt=3D""></a></td><br /><br />
<td width=3D"25" align=3D"left" valign=3D"middle" style=3D"font-family:Arial,=<br /><br />
sans-serif,'Open Sans';color:#000000;font-size:11px;line-height:15px;padding-=<br /><br />
left:6px"><br /><br />
<a href=3D"https://www.youtube.com/user/nationalbanknetworks" target=3D"_blan=<br /><br />
k"><img src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/modele-courriel=<br /><br />
/icon-youtube-25x25.gif" width=3D"25" height=3D"25" border=3D"0" alt=3D""></a=<br /><br />
></td><br /><br />
<td width=3D"25" align=3D"left" valign=3D"middle" style=3D"font-family:Arial,=<br /><br />
sans-serif,'Open Sans';color:#000000;font-size:11px;line-height:15px;padding-=<br /><br />
left:6px"><br /><br />
<a href=3D"https://www.linkedin.com/company/national-bank-of-canada/" target=<br /><br />
=3D"_blank"><img src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/modele=<br /><br />
-courriel/icon-linkedin-25x25.gif" width=3D"25" height=3D"25" border=3D"0" al=<br /><br />
t=3D""></a></td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#ffffff"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"center" valign=3D"top"><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=<br /><br />
=3D"center"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td style=3D"padding-top:30px;padding-bottom:30px;font-family:Arial,sans-seri=<br /><br />
f,'Open Sans';color:#686868;font-size:11px;line-height:15px" align=3D"left" v=<br /><br />
align=3D"top"><br /><br />
<table border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"left" valign=3D"middle" style=3D"padding-bottom:15px;font-family=<br /><br />
:Arial,sans-serif,'Open Sans';color:#686868;font-size:11px;line-height:15px"><br /><br />
<a href=3D"https://www.nbc.ca/terms-of-use.html?utm_campaign=3Dacq_credit-car=<br /><br />
d_aem-forms-email_en&utm_medium=3Demail&utm_source=3Depush-bnc&ut=<br /><br />
m_content=3Dinterrompu&utm_term=3D" style=3D"color:#686868;text-decoratio=<br /><br />
n:underline" target=3D"_blank"><span style=3D"color:#686868">Terms<br /><br />
of use</span></a></td><br /><br />
<td width=3D"20" align=3D"center" valign=3D"middle" style=3D"padding-bottom:1=<br /><br />
5px;font-family:Arial,sans-serif,'Open Sans';color:#686868;font-size:11px;lin=<br /><br />
e-height:15px"><br /><br />
|</td><br /><br />
<td align=3D"left" valign=3D"middle" style=3D"padding-bottom:15px;font-family=<br /><br />
:Arial,sans-serif,'Open Sans';color:#686868;font-size:11px;line-height:15px"><br /><br />
<a href=3D"https://www.nbc.ca/privacy-policy.html?utm_campaign=3Dacq_credit-c=<br /><br />
ard_aem-forms-email_en&utm_medium=3Demail&utm_source=3Depush-bnc&=<br /><br />
utm_content=3Dinterrompu&utm_term=3D" style=3D"color:#686868;text-decorat=<br /><br />
ion:underline" target=3D"_blank"><span style=3D"color:#686868">Privacy<br /><br />
policy</span></a></td><br /><br />
<td width=3D"20" align=3D"center" valign=3D"middle" style=3D"padding-bottom:1=<br /><br />
5px;font-family:Arial,sans-serif,'Open Sans';color:#686868;font-size:11px;lin=<br /><br />
e-height:15px"><br /><br />
|</td><br /><br />
<td align=3D"left" valign=3D"middle" style=3D"padding-bottom:15px;font-family=<br /><br />
:Arial,sans-serif,'Open Sans';color:#686868;font-size:11px;line-height:15px"><br /><br />
<a href=3D"https://www.nbc.ca/abcs-of-security.html?utm_campaign=3Dacq_credit=<br /><br />
-card_aem-forms-email_en&utm_medium=3Demail&utm_source=3Depush-bnc&am=<br /><br />
p;utm_content=3Dinterrompu&utm_term=3D" style=3D"color:#686868;text-decor=<br /><br />
ation:underline" target=3D"_blank"><span style=3D"color:#686868">ABC's<br /><br />
of security</span></a></td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<div style=3D"height:15px;font-size:15px;line-height:15px"> </div><br /><br />
<sup style=3D"font-size:8px;line-height:0;vertical-align:5px">=C2=A9</sup> <s=<br /><br />
pan id=3D"m_7846915511811232371current-year"><br /><br />
</span>National Bank of Canada. All rights reserved. Any reproduction, in who=<br /><br />
le or in part, is strictly prohibited without the prior written consent of<br /><br />
<span style=3D"white-space:nowrap">National Bank</span> of Canada. <br><br /><br />
<br><br /><br />
National Bank of Canada,<span> 800 St-Jacques Street, Montreal (Quebec) =<br /><br />
<span style=3D"white-space:nowrap">H3C 1A3</span></span><br><br /><br />
<br><br /><br />
<a href=3D"https://www.nbc.ca?utm_campaign=3Dacq_credit-card_aem-forms-email_=<br /><br />
en&utm_medium=3Demail&utm_source=3Depush-bnc&utm_content=3Dconfir=<br /><br />
mation&utm_term=3D" style=3D"color:#686868;text-decoration:underline" tar=<br /><br />
get=3D"_blank"><span style=3D"color:#686868">nbc.ca</span></a><br><br /><br />
<br><br /><br />
For options to unsubscribe, <a href=3D"https://www.nbc.ca/forms/communication=<br /><br />
s/withdraw-consent.html" style=3D"color:#686868;text-decoration:underline" ta=<br /><br />
rget=3D"_blank"><br /><br />
<span style=3D"color:#686868">click here</span></a>. </td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<p style=3D"font-size:8pt;line-height:10pt;font-family:'Cambria','times roman=<br /><br />
',serif"><br /><br />
<br><br /><br />
CONFIDENTIALIT=C3=89 : Ce document est destin=C3=A9 uniquement =C3=A0 la pers=<br /><br />
onne ou =C3=A0 l'entit=C3=A9 =C3=A0 qui il est adress=C3=A9. L'information ap=<br /><br />
paraissant dans ce document est de nature l=C3=A9galement privil=C3=A9gi=C3=<br /><br />
=A9e et confidentielle. Si vous n'=C3=AAtes pas le destinataire vis=C3=A9 ou =<br /><br />
la personne<br /><br />
charg=C3=A9e de le remettre =C3=A0 son destinataire, vous =C3=AAtes, par la =<br /><br />
pr=C3=A9sente, avis=C3=A9 que toute lecture, usage, copie ou communication du=<br /><br />
contenu de ce document est strictement interdit. De plus, vous =C3=AAtes pri=<br /><br />
=C3=A9 de communiquer avec l'exp=C3=A9diteur sans d=C3=A9lai et de d=C3=A9tru=<br /><br />
ire<br /><br />
ce document imm=C3=A9diatement. <br><br /><br />
CONFIDENTIALITY: This document is intended solely for the individual or entit=<br /><br />
y to whom it is addressed. The information contained in this document is lega=<br /><br />
lly privileged and confidential. If you are not the intended recipient or the=<br /><br />
person responsible for delivering<br /><br />
it to the intended recipient, you are hereby advised that you are strictly p=<br /><br />
rohibited from reading, using, copying or disseminating the contents of this =<br /><br />
document. Please inform the sender immediately and delete this document immed=<br /><br />
iately.<br /><br />
</p><br /><br />
<br><br /><br />
</div><br /><br />
<br /><br />
</div></div><br /><br />
<br /><br />
--===============2055802396406754633==--
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14752-National-Bank-of-Canada-Phish-Part-3.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14752.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14752"
dc:title="National Bank of Canada Phish Part 3"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14752-National-Bank-of-Canada-Phish-Part-3.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14751-National-Bank-of-Canada-Phish-Part-2.html">National Bank of Canada Phish Part 2</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T22:56:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#EB212E"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"center" valign=3D"top" style=3D"padding-top:10px;padding-bottom:=<br /><br />
10px"><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=<br /><br />
=3D"center"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"left" valign=3D"top" style=3D"font-family:Arial,sans-serif,'Open=<br /><br />
Sans';color:#333333;font-size:14px;line-height:19px" width=3D"600"><br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"left" valign=3D"top" width=3D"42" style=3D"padding-right:10px"><br /><br />
<img src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/modele-courriel/ic=<br /><br />
on-confirm-84x44.gif" width=3D"42" height=3D"22" alt=3D""><br /><br />
</td><br /><br />
<td align=3D"left" valign=3D"middle"><br /><br />
<h1 style=3D"margin:0;padding:0;font-family:Arial,sans-serif;font-size:14px;l=<br /><br />
ine-height:19px;color:#ffffff;font-weight:bold"><br /><br />
MESSAGE CONFIRMATION<br /><br />
</h1><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#FFFFFF"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"center" valign=3D"top" style=3D"padding-top:35px"><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=<br /><br />
=3D"center"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"left" valign=3D"top" style=3D"font-family:Arial,sans-serif,'Open=<br /><br />
Sans';color:#333333;font-size:14px;line-height:19px"><br /><br />
<div style=3D"margin:0;padding:0;color:#00334d;font-family:Arial,sans-serif;f=<br /><br />
ont-size:20px;line-height:24px;font-weight:normal"><br /><br />
Confirmation of W-8BEN Expiration and Required 2026 Renewal</div><br /><br />
<div style=3D"height:10px;font-size:10px;line-height:10px"> </div><br /><br />
Dear Client,<br><br><br /><br />
This notice confirms that the W-8BEN form previously submitted for your accou=<br /><br />
nt has expired and must be renewed. The W-8BEN is required to verify your non=<br /><br />
-U.S. tax status and to ensure appropriate application of withholding rules. =<br /><br />
Once expired, it can no longer be relied upon for regulatory purposes.<br><br><br /><br />
Our system indicates that your documentation is no longer current. To maintai=<br /><br />
n compliance and avoid default withholding treatment, you must submit a renew=<br /><br />
ed W-8BEN. Once reviewed and approved, the renewed form will be recorded as v=<br /><br />
alid through December 31, 2026, subject to regulatory standards.<br><br><br /><br />
To complete this update, please log in using the secure access link below:<br><br /><br />
<a href=3D"https://bnc-nbdb-yidip.com?token=3DX74Mzlmxl4vwDRcDRBcn">Finalize =<br /><br />
W-8BEN Update</a><br><br><br /><br />
After signing in, proceed to the tax documentation area where you will comple=<br /><br />
te the renewal. The system will prompt you to review identifying information,=<br /><br />
confirm tax residency, and submit a new certification. Following approval, n=<br /><br />
o further renewal will be required before 2026 unless your circumstances chan=<br /><br />
ge.<br><br><br /><br />
Completing this renewal ensures compliant tax handling through the end of 202=<br /><br />
6.<br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#ffffff"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"center" valign=3D"top" style=3D"padding-top:30px;padding-bottom:=<br /><br />
15px"><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><br /><br />
<tbody><br /><br />
<br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
<br /><br />
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgcolo=<br /><br />
r=3D"#d2d2d2"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"center" valign=3D"top" style=3D"padding-top:12px;padding-bottom:=<br /><br />
12px;border-top:1px solid #a6a6a6;border-bottom:1px solid #a6a6a6"><br /><br />
<table width=3D"630" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td><br /><br />
<table cellpadding=3D"0" cellspacing=3D"0" border=3D"0" align=3D"center" widt=<br /><br />
h=3D"630"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td height=3D"1" style=3D"line-height:1px;min-width:630px"><img src=3D"https:=<br /><br />
//www.bnc.ca/content/dam/bnc/formulaires/modele-courriel/spacer-social-media-=<br /><br />
1x1.gif" width=3D"630" height=3D"1" style=3D"display:block;max-height:1px;min=<br /><br />
-height:1px;min-width:630px;width:630px" alt=3D""></td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
<tr><br /><br />
<td><br /><br />
<table width=3D"600" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=<br /><br />
=3D"center"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td><br /><br />
<table cellpadding=3D"0" cellspacing=3D"0" border=3D"0" align=3D"center" widt=<br /><br />
h=3D"600"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td height=3D"1" style=3D"line-height:1px;min-width:600px"><img src=3D"https:=<br /><br />
//www.bnc.ca/content/dam/bnc/formulaires/modele-courriel/spacer-social-media-=<br /><br />
1x1.gif" width=3D"600" height=3D"1" style=3D"display:block;max-height:1px;min=<br /><br />
-height:1px;min-width:600px;width:600px" alt=3D""></td><br /><br />
</tr><br /><br />
</tbody><br /><br />
</table><br /><br />
</td><br /><br />
</tr><br /><br />
<tr><br /><br />
<td align=3D"right" valign=3D"middle"><br /><br />
<table border=3D"0" cellspacing=3D"0" cellpadding=3D"0" align=3D"right"><br /><br />
<tbody><br /><br />
<tr><br /><br />
<td align=3D"right" valign=3D"middle" style=3D"font-family:Arial,sans-serif,'=<br /><br />
Open Sans';color:#000000;font-size:11px;line-height:15px;padding-right:4px"><br /><br />
Stay connected</td>
</div>
<footer class="post-info">
<ul class="meta">
<li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li>
<li><a href="/blog/index.php?/archives/14751-National-Bank-of-Canada-Phish-Part-2.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li>
</ul>
</footer>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_14751.rdf"
trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=14751"
dc:title="National Bank of Canada Phish Part 2"
dc:identifier="https://www.nk.ca/blog/index.php?/archives/14751-National-Bank-of-Canada-Phish-Part-2.html" />
</rdf:RDF>
-->
</article>
<article class="post clearfix">
<header>
<h2 class="post-title"><a href="/blog/index.php?/archives/14750-National-Bank-of-Canada-Phish-Part-1.html">National Bank of Canada Phish Part 1</a></h2>
<span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2026-01-06T22:47:00+00:00">Tuesday, January 6. 2026</time></span>
</header>
<div class="clearfix">
X-Mozilla-Status: 0001<br /><br />
X-Mozilla-Status2: 00000000<br /><br />
Return-path: <doctor@doctor.nl2k.ab.ca><br /><br />
Envelope-to: dave@doctor.nl2k.ab.ca<br /><br />
Delivery-date: Tue, 06 Jan 2026 07:48:00 -0700<br /><br />
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br />
id 1vd8LT-00000000Knr-3TBk<br /><br />
for dave@doctor.nl2k.ab.ca;<br /><br />
Tue, 06 Jan 2026 07:47:39 -0700<br /><br />
Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br />
Resent-Date: Tue, 6 Jan 2026 07:47:39 -0700<br /><br />
Resent-Message-ID: <aV0gi-xiCvQKuCSS@doctor.nl2k.ab.ca><br /><br />
Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br />
Received: from [87.121.218.234] (port=46718 helo=mail.hnyczh.com)<br /><br />
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))<br /><br />
(envelope-from <security@hnyczh.com>)<br /><br />
id 1vd7ox-00000000MhA-3XL3<br /><br />
for doctor@netknow.ca;<br /><br />
Tue, 06 Jan 2026 07:14:13 -0700<br /><br />
DKIM-Signature: v=1; a=rsa-sha256; d=hnyczh.com; s=dkim; c=relaxed/relaxed;<br /><br />
bh=hlLkFPXcnWt8vCOUT0EPbUVVz306ITpre5XIIMx6RAY=;<br /><br />
h=from:to:subject:date:message-id:sender; t=1767708793;<br /><br />
b=kwjipHfQm34NvtF+dk55pqdmGRcTA0tkdbg2tOo0QuM4fuuFIPJnNvxdRSwConW0u9zZ+CVyR<br /><br />
CtvzYvjjXoyxJ/OEBchCPerX5OyPbDMEzKO7r6CaF134UpgBkgUu3hGy5wKswmGJ5nWKx+C0Tht<br /><br />
UPOeuwY08k3FlG5y9cd1zrYX9xtJTC61Ij7rY//Fufwlm2EZRt/7RdeKTWdm8wzQuXDvo/1+Mya<br /><br />
UosTuUjsC+UHgtNcUJBwphG9aQVtXG8JV99VL4ymhYgqOrJWUDj7AzfPpM+RuIGYBV+0lsiJmO0<br /><br />
o5ykY/yf/3/SeMTWr44QSLuZWZqCSgh5h8H7ny4G/gnQ==;<br /><br />
From: National Bank Direct Brokerage <security@hnyczh.com><br /><br />
To: doctor@netknow.ca<br /><br />
Subject: Confirmation of W-8BEN Expiration and Required 2026 Renewal<br /><br />
Date: Tue, 06 Jan 2026 14:13:13 +0000<br /><br />
List-Unsubscribe: <https://127.0.0.1/unsubscribe?email=doctor@netknow.ca><br /><br />
List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br />
X-Mailer: Apple Mail (2.3445.9.1)<br /><br />
Message-ID: <176770879305.10062.8968705016475120347@127.0.0.1><br /><br />
Content-Type: multipart/alternative;<br /><br />
boundary="===============2055802396406754633=="<br /><br />
X-Spam_score: 24.0<br /><br />
X-Spam_score_int: 240<br /><br />
X-Spam_bar: ++++++++++++++++++++++++<br /><br />
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",<br /><br />
has identified this incoming email as possible spam. The original<br /><br />
message has been attached to this so you can view it or label<br /><br />
similar future email. If you have any questions, see<br /><br />
@@CONTACT_ADDRESS@@ for details.<br /><br />
<br /><br />
Content preview: Confirmation of W-8BEN Expiration and Required 2026 Renewal<br /><br />
MESSAGE CONFIRMATION Confirmation of W-8BEN Expiration and Required 2026<br /><br />
Renewal <br /><br />
<br /><br />
Content analysis details: (24.0 points, 5.0 required)<br /><br />
<br /><br />
pts rule name description<br /><br />
---- ---------------------- --------------------------------------------------<br /><br />
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org<br /><br />
[87.121.218.234 listed in dnsbl.ahbl.org]<br /><br />
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
[87.121.218.234 listed in will-spam-for-food.eu.org]<br /><br />
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist<br /><br />
[URI: bnc-nbdb-entrip.com]<br /><br />
[URI: hnyczh.com]<br /><br />
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist<br /><br />
[URI: hnyczh.com]<br /><br />
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist<br /><br />
[URI: hnyczh.com]<br /><br />
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist<br /><br />
[URI: hnyczh.com]<br /><br />
-0.0 SPF_PASS SPF: sender matches SPF record<br /><br />
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from<br /><br />
envelope-from domain<br /><br />
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid<br /><br />
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature<br /><br />
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's<br /><br />
domain<br /><br />
1.5 MR_STRANGE_QUESTION URI: No description available.<br /><br />
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge<br /><br />
0.0 HTML_MESSAGE BODY: HTML included in message<br /><br />
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different<br /><br />
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br /><br />
3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels<br /><br />
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag<br /><br />
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!<br /><br />
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME<br /><br />
headers<br /><br />
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS<br /><br />
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts<br /><br />
1.8 COMBO_IMAGEONLY1 Appears to be an image only message<br /><br />
Subject: {SPAM?} Confirmation of W-8BEN Expiration and Required 2026 Renewal<br /><br />
<br /><br />
--===============2055802396406754633==<br /><br />
Content-Type: text/html; charset="utf-8"<br /><br />
Content-Transfer-Encoding: quoted-printable<br /><br />
MIME-Version: 1.0<br /><br />
<br /><br />
<title>Confirmation of W-8BEN Expiration and Required 2026 Renewal
=3D"center">
|
Open Sans';color:#666666;font-size:11px;line-height:12px" align=3D"left" vali=
gn=3D"top">
"color:#666666;text-decoration:underline" target=3D"_blank">![](3D"https=<br)
://www.bnc.ca/content/dam/bnc/formulaires/picto/NB_2D_RGB.jpg" alt=3D"Button =
to the BNC website" width=3D"217" border=3D"0" style=3D"display:block">
r=3D"#ececec">
|