NetKnow Corporate Blog

Follow up spam from Google Gmail

Posted by Dave Yadallee on Friday, March 27. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 08:27:00 -0600

Received: from mail-ed1-f50.google.com ([209.85.208.50]:43093)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w688f-000000009u9-3kPI

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 08:26:27 -0600

Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-66b32fd9f26so850837a12.0

for ; Fri, 27 Mar 2026 07:25:30 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1774621523; cv=none;

d=google.com; s=arc-20240605;

b=j9KAy3VeDugFtfEqTL6qoEINm8qPomwhs4sAsVZumZCkM38JVag5ArHj4y5J9D5T1g

Kl7Qcsth0oAU2Kp1FflNSxX4vsSHdoDQlwQRVPBiNwf/yMgbFrIQ4CgosD84j7xtL40/

oVX5xmHrV+r6IU2Wrys+s5PPPipjKdCx1qeKQ/l2eOwWiVwtdYBkr9A4nCEeRsovdpjC

YhDR5iHXeigdh/FD6PVj7dtVyrg5AW/T1YYpbQ+JO+4YmQhEJKXLlEQAhGc7u+5cR+wx

ing6lEc9ecrmH6+ML6Mx52tKNCoMPA59GZ8XZQnpTNtm73ow0dw9lidCtjCDtlj2mOqX

GnwA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

fh=bZ2yQ9fvc11Ln0LED1zg5Pgh3QhrlmgCUdHo209cacg=;

b=jTjp8UMjr5O2skUY/reu998XVRXpYV61hU+HXZGrjczt5dsXsxLBjaJRVw6CFe9L+9

MYh+CuL0yQxtvUa6ux0LdNlc+CyflDYtG8IuUgcopi4DD9LXr1iz/KK11N9CLW5D+79D

w2Phq3hbu1hZtVCGm+OdToK+1QMpv+iPAZJXKifYjIPlZ1oEuYhIfkV5fykZjdYEoGKV

aSzXhgRthlf4IQRl4e5DiTwlKLc4VIaXUbICJewtd8F3f4raFE/mfrFdwbUbRc6a5nvi

dwwazdJ78E0jAtx/qTiIqOUYNpqs5s9jtjaxWGNuM5rme6Qq9rT6BQsllSeiAqqU5Ah1

UICg==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1774621523; x=1775226323; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

b=sw7Ll2h+tbDk/d4PRk2HnpSn6o5aOLebC33Uc7FwqLzIm+VHOaP1zT9FQT1ZXp1OgR

2oG+ZB8iBOV1TzOEl4Jjy1+5AkWtWpih22C8EIsVwpMgCojSeQlCBI/6jiW255RkvpkH

ljyj+bS0JmIa4W0v6zIVZJSGDbsAVaCVQxxE35ttCfEy2saEuEkswN9w+/Qp95Psn3ln

4LA+iUvlmJDGay5BUdFq+kC2Il6ZcNXGK3OKmBkxvdiDsqU5vuiR0GxxdExXaJKTvtMw

S6aNncJ1G42KgLsHq+uOvnh5F+aYXiQJFwJ1cJHJvGgfKTyJgXcmmJUKqbFnHuF9i3Z6

csDA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774621523; x=1775226323;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

b=Br4PB5SFJ2YQCJze5YLYbNj8XRzQTvrP8OyzwXyIMVR+oxMs8Q0qygeE1/nwTZb02B

7ErlTPJhVwnQRhfXJKAxcPnhaPdrWoxam1gPhBicR6u5nYUd6DWCmTQEbpkuEHyBUIEb

PDHYFGLYlXNuTHNmrYFI3TPtmdyxKRj8QbFzT/dvTVvgTWONgZTtaE8ZobPiMI4j7qlu

cLHOyVy4zo/cH0Mg4kCsfiTs1phd29fUj7qjyqhPM/sBwNE61qoNF0jBjfHCxrZ6Q20z

t5MDlhOKQN0DNqYcM2hBAs/+vaWbhk83nTnt5xzoGFcWctDc/HzA31giTJRwQn1G2Xmb

h7JQ==

X-Forwarded-Encrypted: i=1; AJvYcCUZy4pMn1H+Y7H31FmXQ+pBYgYoUUoyUIJHFviSRemkxxD9u0jKNDVkjgy7szOZikSB789e@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YzEqLrc6ekWRQ6rueUcYBCub3t5JX4fGqAlhntzXMkM8PQc6VLC

EocSm7ZwGvPlU1A7RYoIn+mnlGtZ5SWWzHFhCAqa4s/O6/XmDBD9OQJwlrT683usacscJk9D54H

i08tp6XXH/t8AdnJ8rZSryTQgYkBggA==

X-Gm-Gg: ATEYQzywX9wV85gEBl0lHsMW8DgOeKGwlsdb6pV6OR+gVZdOCgiaVmyYuyF3Mg+1sW1

Q9UAyRW4OJzvL9q7WgAGR7C62rqHjw6s9I0rqNsc6H//yPmzSJi17UUt86y73ws0OwWS2jNRCsJ

DCFVZmDUTH1K4XuOgmwOa/U99BVX24cOFgcSu1HwmUm1O8hoTQUIges95fV4AolxVYIoEUgs9dI

U4009K1PQf3oOpBnil+h0OG80fUSNrLvXUy3R+of/R2VB+hawoOhEmysvhg9FNrrkWmHBvmOgFF

gchhjIhSQ4oPJybK2I8t7YduRd6EhiLfIFIv4GTDcOC2ytUeQlLQWw==

X-Received: by 2002:a17:907:9485:b0:b98:42de:3700 with SMTP id

a640c23a62f3a-b9b2e9b23b1mr365597066b.17.1774621522463; Fri, 27 Mar 2026

07:25:22 -0700 (PDT)

MIME-Version: 1.0

Reply-To: paymentinfodepartment101@gmail.com

From: Kevin Martinez

Date: Fri, 27 Mar 2026 15:25:08 +0100

X-Gm-Features: AQROBzAmNZ5pqa-fROa_MfokhDlkU_rXq03JIE68VP8YR10PotIlj7UUagEjBN8

Message-ID:

Subject: Re: Greetings,

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000751143064e024530"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: NATIONAL BUREAU OF STATISTICS (NBS) DHS/USCIS 24 Grosvenor

Square, Florida, 33312, USA, Dear: Beneficiary. this is the second time i'm

writting you an email, I don't know if you received the first mail I send

to you. We need to talk. it is about your outstanding fund, Kindly confirm

if you are still using [...]

Content analysis details: (13.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.50 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.50 listed in wl.mailspike.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[paymentinfodepartment101(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[kevinmar1964(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[kevinmar1964(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Re: Greetings,

--000000000000751143064e024530

Content-Type: text/plain; charset="UTF-8"

NATIONAL BUREAU OF STATISTICS (NBS)

DHS/USCIS 24 Grosvenor Square,

Florida, 33312, USA,

Dear: Beneficiary.

this is the second time i'm writting you an email, I don't know if you

received the first mail I send to you. We need to talk. it is about your

outstanding fund, Kindly confirm if you are still using this e-mail address.

Waiting for your immediate confirmation.

Yours faithfully,

Dennis Matthias,

Director NBS

USA.

Thanks.

--000000000000751143064e024530

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

NATIONAL BUREAU OF STATISTICS (NBS)
DHS/USCIS 24 Grosve=

nor Square,
Florida, 33312, USA,

Dear: Beneficiary.

this i=

s the second time i'm writting you an email, =C2=A0I don't =C2=A0kn=

ow if you received the first mail I send to you. We need to talk. it is abo=

ut your outstanding fund, Kindly confirm if you are still using this e-mail=

address.
=C2=A0
Waiting for your immediate confirmation.

Your=

s faithfully,
=C2=A0
Dennis Matthias,
Director NBS
USA.

=

Thanks.

--000000000000751143064e024530--

Crypto Phish from Google Gmail Part 3

Posted by Dave Yadallee on Friday, March 27. 2026

Crypto Phish from Google Gmail Part 4

Posted by Dave Yadallee on Friday, March 27. 2026

/InformAction">
n itemprop=3D"object" itemscope itemtype=3D"http://schema.org/Event">
itemprop=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>
n itemprop=3D"publisher" itemscope itemtype=3D"http://schema.org/Organizati=

on">
rop=3D"eventId/googleCalendar" content=3D"BPujNsZVGuzUE1pNhSXwh81N7G"/>
n style=3D"display: none; font-size: 1px; color: #fff; line-height: 1px; he=

ight: 0; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidde=

n;" itemprop=3D"name">Order now includes updated details
idden=3D"true"><=

/time>
n>
ion" align=3D"center" style=3D"width:100%;" class=3D"body-container">
>

" aria-hidden=3D"true">

resentation" align=3D"center" style=3D"width:100%;" class=3D""><=

td style=3D"" class=3D"" align=3D"left">
schema.org/EmailMessage">

3AFF3DD27C69 updated w=

ith recent data

lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" sty=

le=3D"width:100%;" class=3D"">
>

dce0; border-radius: 8px; direction: rtl; font-size: 0; padding: 24px 32px;=

text-align: left; vertical-align: top;" class=3D"main-container-inner">
-[if mso | IE]>
=3D"presentation">

text-align: left; direction: ltr; display: inline-block; vertical-align: t=

op; width: 100%;overflow: hidden; word-wrap: break-word;">

0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%"=

class=3D"main-column-table-ltr" style=3D"padding-right: 32px; padding-left=

: 0;;table-layout: fixed;">
>

"padding:0; vertical-align:top;">
spacing=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-layout: f=

ixed;">

eak: break-word;;padding-bottom:2px;">

e Sans', Roboto, sans-serif;font-weight: 400; font-size: 22px; line-hei=

ght: 28px;color: #3c4043; text-decoration: none;" class=3D"primary-text" ro=

le=3D"presentation">Order now includes updated deta=

ils

lign: left; word-break: break-word;;padding-bottom:24px;">

t-family: Roboto, sans-serif;font-style: normal; font-weight: 400; font-siz=

e: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-deco=

ration: none;" class=3D"primary-text" role=3D"presentation">
en=3D"true">
me><=

span>Friday Mar 27, 2026 =E2=8B=85 8:16pm (Pacific Time - Los Angeles)
n>

ft; word-break: break-word;;padding-bottom:24px;">

: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px;=

line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: =

none;" class=3D"primary-text" role=3D"presentation">PayPal, Exchange =

Documentation Record

Hey,

We are writing to confirm that your excha=

nge request for Crypto - The Sandbox (SAND), valued at USD555.33, has been =

successfully verified and completed.

All transaction details have bee=

n securely processed, and the request has been executed as per your instruc=

tions. Kindly retain this information for your records.

Order Insight=

s:
Payment: 57F76FF57F88
Date: Friday, 27 March 2026
Wallet Addres=

s: 6d91b831-aaaf-4b34-a8df-f9e140c2da4c
Qty: 0.137

If you believe =

this activity was unauthorized or incorrect, please reach out to our suppor=

t team immediately for assistance.

Customer Helpdesk Line: 1864 34673=

26

PayPal Support Team

ontent=3D"PayPal, Exchange Documentation Record

Hey,

We are writing to confirm that your exchange request for Crypto - The Sandb=

ox (SAND), valued at USD555.33, has been successfully verified and complete=

d.

All transaction details have been securely processed, and the request has b=

een executed as per your instructions. Kindly retain this information for y=

our records.

Order Insights:

Payment: 57F76FF57F88

Date: Friday, 27 March 2026

Wallet Address: 6d91b831-aaaf-4b34-a8df-f9e140c2da4c

Qty: 0.137

If you believe this activity was unauthorized or incorrect, please reach ou=

t to our support team immediately for assistance.

Customer Helpdesk Line: 1864 3467326

PayPal Support Team

"/>

eft; word-break: break-word;;padding-bottom:24px;">

y: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px=

; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration:=

none;" class=3D"primary-text" role=3D"presentation">
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"padding-bo=

ttom: 4px;">

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

(Guest li=

st has been hidden at organizer's request)

--0000000000009ed7d3064e02284c--

Crypto Phish from Google Gmail Part 2

Posted by Dave Yadallee on Friday, March 27. 2026

=20

=20

=20

=20

Crypto Phish from Google Gmail Part 1

Posted by Dave Yadallee on Friday, March 27. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 09:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w69SI-00000000Hki-0XON

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 09:50:38 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 Mar 2026 09:50:38 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f74.google.com ([209.85.160.74]:53262)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w680p-000000008zu-2idz

for root@nl2k.ab.ca;

Fri, 27 Mar 2026 08:18:21 -0600

Received: by mail-oa1-f74.google.com with SMTP id 586e51a60fabf-417323e3806so4312006fac.2

for ; Fri, 27 Mar 2026 07:17:24 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1774621038; x=1775225838; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=5O+M/pbgeafseP+Zaty0FNRpBdOH9KL3nBJdwjlSag0=;

b=RNfmOORYw8KeZP7EoE+bgGp0kpEAY5KWLPX6LM5dlgBPRrzWNWCt8EnqfeNP+WDqOb

R2h4ehsuJk16nHUrNp0Vl/dZW2aRdU13G+jkB0CGfFReIq+VyJRzp+8rNbJ7JXR+e61z

LUV5f8Msu16enG1YcN5MiiyCyLWk80ilkmUqDRst0niZupPoioFi98/cCnseTwDKhapY

4qtUGQqtBC5EUG6mcjExupOG1EQOAUA3CjKZXZ48esQpnhYC8d66h90KSi2Cu4kcz5Z3

DjTTP62jdIuWTGF8Z48OXl7vEDryLtN0ahyMXs8BGMmQf1um76qZrDkSYVAQZ2u77Gfe

g1yw==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=bulkmailmf-com.20230601.gappssmtp.com; s=20230601; t=1774621038; x=1775225838; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=5O+M/pbgeafseP+Zaty0FNRpBdOH9KL3nBJdwjlSag0=;

b=rq9l53RlTDdUTn1vkuc/5XRLY+ilcIiHpztSIUL1/ZKRXUQ1fPX9pXaF003gnc4WBW

McyW+5ipRqC6jirqQiiTgA1HjC/JsUiqBTMktBQ8ImboWROSiSScNQAAOJY5QA/Rbw6B

k91zIyY/R/eBjEQwlHruScv85Dxtt9uU170Y7rJTZe1kgtvc1E5imudUP57uKkTNWy88

Bt1XwUztErcL0/BtZ1Z/gjYVllY11iYVWiiZ2spBHanYlT0IvaSzxGKjngvJ7JjrZPxt

7fgfiSLqa0NuCfwd+G6X7tLDjdf/ji+H4u0rMErrW6VRsrlzNLY2ImwAuOneBEP+chua

7b3Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774621038; x=1775225838;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=5O+M/pbgeafseP+Zaty0FNRpBdOH9KL3nBJdwjlSag0=;

b=HIv05FUXhdwMlyDNW6JwJrEsAcPW8QeYmRWvYkqUUcXpfKIhr2USKS+idKQfK+mhjm

uzkx8aM254Xky6c7XdnCYRdhY5p0stONPCV9O6piPkCmWyRBW6dlXw7/N0vblqYbRt5S

BKyseNgv/M8jvCwF0GrDsWv4qXKagzcGQZxPJR9qcu1tEC1Knj1pKCCC06KL/ZHpqp3k

+Ghp8dVDd7q1fh+wah1mQ+QyvS0RFvS6FwLidnZ9p9mwLjGXpndAd1ZpGN6FHH55u0Hz

NM6rklEIlQZ192ebQUUEIoA09TEbX0kOgcAE9oAJMOdzhuDtz/k8rAupkL++x+jd+o8n

ZI8w==

X-Forwarded-Encrypted: i=1; AJvYcCXCsBImfraZnW6WJyL7tnRNg6UAlQBAW6ZTG0HYK5dv/SAbrmLnxRNiQBj2fvHz6W21wFcX@nl2k.ab.ca

X-Gm-Message-State: AOJu0Yyk5xtZwrvQGtUS6K+g6pEF1jc+vHJck8qRAcJTqvuzfcZ4GY4J

RFEEgg8kmalFeAJDV4FsqWpcCys3KqgTf6R9WmIqiQ9wG6hYyD6SoeGgxpbS1wnkh0mGrAI6g4k

xKwHoVxUNWSmBTrfQjjx+QZ0GGq+36bOSaZ8sHEfGgtTqfQ==

MIME-Version: 1.0

X-Received: by 2002:a05:6871:ac14:b0:417:23f2:6d77 with SMTP id

586e51a60fabf-41cec11d3a9mt1400504fac.16.1774621036389; Fri, 27 Mar 2026

07:17:16 -0700 (PDT)

Reply-To: Javier Pauley

Sender: Google Calendar

Message-ID:

Date: Fri, 27 Mar 2026 14:17:18 +0000

Subject: 3AFF3DD27C69 updated with recent data

From: Javier Pauley

Content-Type: multipart/alternative; boundary="0000000000009ed7d3064e02284c"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: 3AFF3DD27C69 updated with recent data Order now includes updated

details Friday Mar 27, 2026 â‹… 8:16pm Pacific Time - Los Angeles PayPal,

Exchange Documentation Record

Content analysis details: (10.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.74 listed in dnsbl.ahbl.org]

[209.85.160.74 listed in dnsbl.ahbl.org]

[209.85.160.74 listed in dnsbl.ahbl.org]

[209.85.160.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.74 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

[209.85.160.74 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.74 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} 3AFF3DD27C69 updated with recent data

--0000000000009ed7d3064e02284c

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

M0FGRjNERDI3QzY5IHVwZGF0ZWQgd2l0aCByZWNlbnQgZGF0YQ0KDQpPcmRlciBub3cgaW5jbHVk

ZXMgdXBkYXRlZCBkZXRhaWxzDQpGcmlkYXkgTWFyIDI3LCAyMDI2IOKLhSA4OjE2cG0NClBhY2lm

aWMgVGltZSAtIExvcyBBbmdlbGVzDQoNCg0KDQpQYXlQYWwsIEV4Y2hhbmdlIERvY3VtZW50YXRp

b24gUmVjb3JkDQoNCkhleSwNCg0KV2UgYXJlIHdyaXRpbmcgdG8gY29uZmlybSB0aGF0IHlvdXIg

ZXhjaGFuZ2UgcmVxdWVzdCBmb3IgQ3J5cHRvIC0gVGhlICANClNhbmRib3ggKFNBTkQpLCB2YWx1

ZWQgYXQgVVNENTU1LjMzLCBoYXMgYmVlbiBzdWNjZXNzZnVsbHkgdmVyaWZpZWQgYW5kICANCmNv

bXBsZXRlZC4NCg0KQWxsIHRyYW5zYWN0aW9uIGRldGFpbHMgaGF2ZSBiZWVuIHNlY3VyZWx5IHBy

b2Nlc3NlZCwgYW5kIHRoZSByZXF1ZXN0IGhhcyAgDQpiZWVuIGV4ZWN1dGVkIGFzIHBlciB5b3Vy

IGluc3RydWN0aW9ucy4gS2luZGx5IHJldGFpbiB0aGlzIGluZm9ybWF0aW9uIGZvciAgDQp5b3Vy

IHJlY29yZHMuDQoNCk9yZGVyIEluc2lnaHRzOg0KUGF5bWVudDogNTdGNzZGRjU3Rjg4DQpEYXRl

OiBGcmlkYXksIDI3IE1hcmNoIDIwMjYNCldhbGxldCBBZGRyZXNzOiA2ZDkxYjgzMS1hYWFmLTRi

MzQtYThkZi1mOWUxNDBjMmRhNGMNClF0eTogMC4xMzcNCg0KSWYgeW91IGJlbGlldmUgdGhpcyBh

Y3Rpdml0eSB3YXMgdW5hdXRob3JpemVkIG9yIGluY29ycmVjdCwgcGxlYXNlIHJlYWNoICANCm91

dCB0byBvdXIgc3VwcG9ydCB0ZWFtIGltbWVkaWF0ZWx5IGZvciBhc3Npc3RhbmNlLg0KDQpDdXN0

b21lciBIZWxwZGVzayBMaW5lOiAxODY0IDM0NjczMjYNCg0KUGF5UGFsIFN1cHBvcnQgVGVhbQ0K

DQoNCk9yZ2FuaXplcg0KSmF2aWVyIFBhdWxleQ0KYXJkYWd1bGRlbjIwMEBidWxrbWFpbG1mLmNv

bQ0KDQpHdWVzdHMNCihHdWVzdCBsaXN0IGhhcyBiZWVuIGhpZGRlbiBhdCBvcmdhbml6ZXIncyBy

ZXF1ZXN0KQ0KDQo=

--0000000000009ed7d3064e02284c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

McAfee Phish from Google Gmail Part 3

Posted by Dave Yadallee on Friday, March 27. 2026

McAfee Phish from Google Gmail Part 4

Posted by Dave Yadallee on Friday, March 27. 2026

/InformAction">
itemprop=3D"object" itemscope itemtype=3D"http://schema.org/Event">
temprop=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>
itemprop=3D"publisher" itemscope itemtype=3D"http://schema.org/Organizatio=

n">
op=3D"eventId/googleCalendar" content=3D"UGNVeGOVnsuUFidcmiJ2GYWUKs"/>
style=3D"display: none; font-size: 1px; color: #fff; line-height: 1px; hei=

ght: 0; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidden=

;" itemprop=3D"name">Update recorded successfully for Invoice
ria-hidden=3D"true">
7Z">=

entation" align=3D"center" style=3D"width:100%;" class=3D"body-container"><=

tbody>

16px;" aria-hidden=3D"true">

=3D"presentation" align=3D"center" style=3D"width:100%;" class=3D"">=

tp://schema.org/EmailMessage">

Receipt reflects =

updated activity

llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" st=

yle=3D"width:100%;" class=3D"">
>

adce0; border-radius: 8px; direction: rtl; font-size: 0; padding: 24px 32px=

; text-align: left; vertical-align: top;" class=3D"main-container-inner">
--[if mso | IE]>
e=3D"presentation">

; text-align: left; direction: ltr; display: inline-block; vertical-align: =

top; width: 100%;overflow: hidden; word-wrap: break-word;">

"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%=

" class=3D"main-column-table-ltr" style=3D"padding-right: 32px; padding-lef=

t: 0;;table-layout: fixed;">
>

=3D"padding:0; vertical-align:top;">
ellspacing=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-layout=

: fixed;">

-break: break-word;;padding-bottom:2px;">

ogle Sans', Roboto, sans-serif;font-weight: 400; font-size: 22px; line-=

height: 28px;color: #3c4043; text-decoration: none;" class=3D"primary-text"=

role=3D"presentation">Update recorded successfully=

for Invoice

0; text-align: left; word-break: break-word;;padding-bottom:24px;">

le=3D"font-family: Roboto, sans-serif;font-style: normal; font-weight: 400;=

font-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; =

text-decoration: none;" class=3D"primary-text" role=3D"presentation">
aria-hidden=3D"true">
47Z">
>Friday Mar 27, 2026 =E2=8B=85 10:25pm (Eastern Time - New Yor=

k)

ign: left; word-break: break-word;;padding-bottom:24px;">

-family: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size=

: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decor=

ation: none;" class=3D"primary-text" role=3D"presentation">Invoice Da=

te: Friday, 27 March 2026
Invoice No: F28128FEED4D

Good morning,

>We appreciate your time with McAfee. Your subscription has now expired, an=

d we are here to assist you with renewal options whenever you=E2=80=99re re=

ady.

Order Operations Panel:
Device Count: 3x
Item: NovaCore Co=

verage
Plan: One Year Warranty
Payment Method: Auto Debit
Total Co=

st: $475.41
Customer ID: HFQ6X8IJ8O88

If you would like to renew y=

our service or need further information, please contact us at 1-810- 365-32=

03. Our support team is available to help.

Kind regards,
Manage by=

: Alliance O
McAfee, LLC.
Back Office Team: 260 S. Beverly Dr. Bloomi=

ngton Ca 92316-3500 United States

on" content=3D"Invoice Date: Friday, 27 March 2026

Invoice No: F28128FEED4D

Good morning,

We appreciate your time with McAfee. Your subscription has now expired, and=

we are here to assist you with renewal options whenever you=E2=80=99re rea=

dy.

Order Operations Panel:

Device Count: 3x

Item: NovaCore Coverage

Plan: One Year Warranty

Payment Method: Auto Debit

Total Cost: $475.41

Customer ID: HFQ6X8IJ8O88

If you would like to renew your service or need further information, please=

contact us at 1-810- 365-3203. Our support team is available to help.

Kind regards,

Manage by: Alliance O

McAfee, LLC.

Back Office Team: 260 S. Beverly Dr. Bloomington Ca 92316-3500 United State=

s

"/>

eft; word-break: break-word;;padding-bottom:24px;">

y: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px=

; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration:=

none;" class=3D"primary-text" role=3D"presentation">
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"padding-bo=

ttom: 4px;">

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

(Guest li=

st has been hidden at organizer's request)

--00000000000037af51064e0172b2--

McAfee Phish from Google Gmail Part 2

Posted by Dave Yadallee on Friday, March 27. 2026

=20

=20

=20

=20

McAfee Phish from Google Gmail Part 1

Posted by Dave Yadallee on Friday, March 27. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 09:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w69S5-00000000HU0-06mc

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 09:50:25 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 Mar 2026 09:50:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f74.google.com ([209.85.161.74]:48321)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w67DM-000000004np-2sak

for doctor@nl2k.ab.ca;

Fri, 27 Mar 2026 07:27:14 -0600

Received: by mail-oo1-f74.google.com with SMTP id 006d021491bc7-67de56b5bd4so6397723eaf.0

for ; Fri, 27 Mar 2026 06:26:24 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1774617978; x=1775222778; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=NP5S62kYfDJ/lHhV3tYiVhDSczk82NUJ34MkxzSOunM=;

b=cDuRUjSyqil3iCvcJODCA8ltfeTQxnpynN/FcNCegwThq+vZCz6TcWVEdiZ2ZLe67t

jXnx1iP/t/1PAVRQIu+we1ez4T0uJKRXnu3ippwuPZ1+Ecm+IFLOnyhMoVuO3gfUCfX3

HU4Vmrw5dfcl6WeQg64t7wHofUirBfXWhR4+X6eN6574x7GCliA7pGfUx+BfwpuVXwNI

9dba9KdUHsckLjAamFTO+yeqyQCjmAyFLG15q0VThwWOr+KFFTRBoTAmtKXySuSeNBtL

QLPZpY4DvMiZo6vPHlatTAjQikzDirhzTRBviWeNUma/zDXkzjG85GQQoyy0EYcb6tSR

Ua8g==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=elodg-com.20230601.gappssmtp.com; s=20230601; t=1774617978; x=1775222778; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=NP5S62kYfDJ/lHhV3tYiVhDSczk82NUJ34MkxzSOunM=;

b=tODTlQuPhScYgqSkvvm6tOktCYjkRCHtOy0oJh+D5CuUFHrTB8dk7+5vgz+ztIOIwi

E+hOejLfwO3DImfXASle5xzTyRvQoXBORiRAnfpaUzs8zBd4eumNtLiH3dAGOFVTLmMA

vLfDK2wrWWF/yIczuYyBtp3tARcMRb66tUPOmAikHJFUlw7SNYZ0xslBvm36OB6/uozA

4Jvh/VIpOF16wec/TJfx3lXmaSeXoIq0KC6Q4zCfm57qsO7o8q5RLoi9fSWef0RLRcXs

VHUi4H2KBvWQSS9sJxSad7dJJ/U2bkPZzcr8PDSYhJ7DHMfTHryC+0nBooJN9a+qRwgg

Qfcw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774617978; x=1775222778;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=NP5S62kYfDJ/lHhV3tYiVhDSczk82NUJ34MkxzSOunM=;

b=MRmX4E0IFrxOtF0LgtAfJ0iG3KbwXYMMMlqEL9v56WD3okPbV4RtDF2Pf0WsQyUu/d

R09eNo4FNHWkCMGE56UtJo22zxFW3F3FuW8AtVvA13/YEm5UU7jUddoVUjVW+e0i4ZBZ

mruyubbKMbdQz0Vt9NkmjwiSmTX9rfT7Lr78jQZPkj3YWw4mqikQAtraPVSuyq7lteNY

AruUg4kBwtXx1LW6e/LHyDT15pWRBocBA0AzrcqLV2vQUR2vN8/I/ereGavG2oK2d5JH

Q3qoNgIHMIYZ2w5sRt2UR1RNlAaOBYonn7viFOePBprmtuNeqw9PafXbzLte1TBQLx+7

iXTA==

X-Forwarded-Encrypted: i=1; AJvYcCVsajOxwDGgIiuEBvtAvDBBeDtm3I4OEaBC8W9Y02dJzMKYQ/o1k4F8qmTVgyvLmTgiLZgvzks=@nl2k.ab.ca

X-Gm-Message-State: AOJu0YzXCDQPNpcfCMS9K774s5pbNAetxdaHT9CQIu5fmYKZX2RXX/K0

uHUa2AiN9TErT/ISLnvtX+Q97x8z3kKUr4JIjdqtqn/cZj5b1l0w8LzHGynmNim4AP3o/Z2PEAR

jVJjSdUV/AQp7CtzPOk04Hx7DqSRCX9Oo9UWwgd1X7bE9oQ==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:860f:b0:67e:1c07:168a with SMTP id

006d021491bc7-67e1c07176amt567202eaf.34.1774617977772; Fri, 27 Mar 2026

06:26:17 -0700 (PDT)

Reply-To: Jonathan Beasley

Sender: Google Calendar

Message-ID:

Date: Fri, 27 Mar 2026 13:26:18 +0000

Subject: Receipt reflects updated activity

From: Jonathan Beasley

Content-Type: multipart/alternative; boundary="00000000000037af51064e0172b2"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Receipt reflects updated activity Update recorded successfully

for Invoice Friday Mar 27, 2026 â‹… 10:25pm Eastern Time - New York Invoice

Date: Friday, 27 March 2026 Invoice No: F28128FEED4D

Content analysis details: (10.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.74 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} Receipt reflects updated activity

--00000000000037af51064e0172b2

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

UmVjZWlwdCByZWZsZWN0cyB1cGRhdGVkIGFjdGl2aXR5DQoNClVwZGF0ZSByZWNvcmRlZCBzdWNj

ZXNzZnVsbHkgZm9yIEludm9pY2UNCkZyaWRheSBNYXIgMjcsIDIwMjYg4ouFIDEwOjI1cG0NCkVh

c3Rlcm4gVGltZSAtIE5ldyBZb3JrDQoNCg0KDQpJbnZvaWNlIERhdGU6IEZyaWRheSwgMjcgTWFy

Y2ggMjAyNg0KSW52b2ljZSBObzogRjI4MTI4RkVFRDREDQoNCkdvb2QgbW9ybmluZywNCg0KV2Ug

YXBwcmVjaWF0ZSB5b3VyIHRpbWUgd2l0aCBNY0FmZWUuIFlvdXIgc3Vic2NyaXB0aW9uIGhhcyBu

b3cgZXhwaXJlZCwgYW5kICANCndlIGFyZSBoZXJlIHRvIGFzc2lzdCB5b3Ugd2l0aCByZW5ld2Fs

IG9wdGlvbnMgd2hlbmV2ZXIgeW914oCZcmUgcmVhZHkuDQoNCk9yZGVyIE9wZXJhdGlvbnMgUGFu

ZWw6DQpEZXZpY2UgQ291bnQ6IDN4DQpJdGVtOiBOb3ZhQ29yZSBDb3ZlcmFnZQ0KUGxhbjogT25l

IFllYXIgV2FycmFudHkNClBheW1lbnQgTWV0aG9kOiBBdXRvIERlYml0DQpUb3RhbCBDb3N0OiAk

NDc1LjQxDQpDdXN0b21lciBJRDogSEZRNlg4SUo4Tzg4DQoNCklmIHlvdSB3b3VsZCBsaWtlIHRv

IHJlbmV3IHlvdXIgc2VydmljZSBvciBuZWVkIGZ1cnRoZXIgaW5mb3JtYXRpb24sIHBsZWFzZSAg

DQpjb250YWN0IHVzIGF0IDEtODEwLSAzNjUtMzIwMy4gT3VyIHN1cHBvcnQgdGVhbSBpcyBhdmFp

bGFibGUgdG8gaGVscC4NCg0KS2luZCByZWdhcmRzLA0KTWFuYWdlIGJ5OiBBbGxpYW5jZSBPDQpN

Y0FmZWUsIExMQy4NCkJhY2sgT2ZmaWNlIFRlYW06IDI2MCBTLiBCZXZlcmx5IERyLiBCbG9vbWlu

Z3RvbiBDYSA5MjMxNi0zNTAwIFVuaXRlZCBTdGF0ZXMNCg0KDQpPcmdhbml6ZXINCkpvbmF0aGFu

IEJlYXNsZXkNCmFsaW1rYXNzYXI2QGVsb2RnLmNvbQ0KDQpHdWVzdHMNCihHdWVzdCBsaXN0IGhh

cyBiZWVuIGhpZGRlbiBhdCBvcmdhbml6ZXIncyByZXF1ZXN0KQ0KDQo=

--00000000000037af51064e0172b2

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

CRA Phish from Google Gmail Part 3

Posted by Dave Yadallee on Friday, March 27. 2026

=20

CRA Phish from Google Gmail Part 4

Posted by Dave Yadallee on Friday, March 27. 2026

/InformAction">=

eta itemprop=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>=

zation">
temprop=3D"eventId/googleCalendar" content=3D"yD1hCM6kHgpV7BYDEf9HSJQ4I7"/>=

; height: 0; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: h=

idden;" itemprop=3D"name">FC293B1FF600 updated with recent data
aria-hidden=3D"true">
532Z">
e>
esentation" align=3D"center" style=3D"width:100%;" class=3D"body-container"=

>

t:16px;" aria-hidden=3D"true">

le=3D"presentation" align=3D"center" style=3D"width:100%;" class=3D"">
y>

http://schema.org/EmailMessage">

FC293B1FF600 up=

dated with recent data

"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"cent=

er" style=3D"width:100%;" class=3D"">
>

1px #dadce0; border-radius: 8px; direction: rtl; font-size: 0; padding: 24p=

x 32px; text-align: left; vertical-align: top;" class=3D"main-container-inn=

er">

: 13px; text-align: left; direction: ltr; display: inline-block; vertical-a=

lign: top; width: 100%;overflow: hidden; word-wrap: break-word;">
der=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=

=3D"100%" class=3D"main-column-table-ltr" style=3D"padding-right: 32px; pad=

ding-left: 0;;table-layout: fixed;">
>

style=3D"padding:0; vertical-align:top;">
=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%" style=3D"tabl=

e-layout: fixed;">

ft; word-break: break-word;;padding-bottom:2px;">

'Google Sans', Roboto, sans-serif;font-weight: 400; font-size: 22p=

x; line-height: 28px;color: #3c4043; text-decoration: none;" class=3D"prima=

ry-text" role=3D"presentation">FC293B1FF600 updated=

with recent data

ing: 0; text-align: left; word-break: break-word;;padding-bottom:24px;">
v style=3D"font-family: Roboto, sans-serif;font-style: normal; font-weight:=

400; font-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4=

043; text-decoration: none;" class=3D"primary-text" role=3D"presentation"><=

span aria-hidden=3D"true">
T022532Z"><=

/time>Friday Mar 27, 2026 =E2=8B=85 10:25pm (Eastern Time - Ne=

w York)

xt-align: left; word-break: break-word;;padding-bottom:24px;">

"font-family: Roboto, sans-serif;font-style: normal; font-weight: 400; font=

-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-=

decoration: none;" class=3D"primary-text" role=3D"presentation">INVOI=

CE
McAfee, United States
Customer Care Contact: 1{808} 304-2793

Da=

te: Friday, 27 March 2026
Invoice id: FC293B1FF600

Hi,

We ap=

preciate your time with McAfee. Your subscription for the past One Year has=

now expired, and this notice is to update you on your account status.

<=

p>Payment Records Hub:
Reference Number: 090-090-28-1638
Service: Zen=

ithPrime Plan
Warranty Period: One Year
Amount Paid: USD316.81
Ent=

ry Key: 8b2b04d8-5b0f-45c0-9124-c484d9b8a420

For any queries or if yo=

u prefer not to renew, please contact us at 1{808} 304-2793.
Refund opt=

ions may be available if applicable.

With sincere thanks,
The McAf=

ee, Inc.
Manage by: Utilicon Lee
Copyright =C2=A9 2026 Company. All R=

ights Reserved.

OICE

McAfee, United States

Customer Care Contact: 1{808} 304-2793

Date: Friday, 27 March 2026

Invoice id: FC293B1FF600

Hi,

We appreciate your time with McAfee. Your subscription for the past One Yea=

r has now expired, and this notice is to update you on your account status.

Payment Records Hub:

Reference Number: 090-090-28-1638

Service: ZenithPrime Plan

Warranty Period: One Year

Amount Paid: USD316.81

Entry Key: 8b2b04d8-5b0f-45c0-9124-c484d9b8a420

For any queries or if you prefer not to renew, please contact us at 1{808} =

304-2793.

Refund options may be available if applicable.

With sincere thanks,

The McAfee, Inc.

Manage by: Utilicon Lee

Copyright =C2=A9 2026 Company. All Rights Reserved.

"/>

eft; word-break: break-word;;padding-bottom:24px;">

y: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px=

; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration:=

none;" class=3D"primary-text" role=3D"presentation">
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"padding-bo=

ttom: 4px;">

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

(Guest li=

st has been hidden at organizer's request)

--000000000000c43666064e0171db--

CRA Phish from Google Gmail Part 2

Posted by Dave Yadallee on Friday, March 27. 2026

schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

=20

=20

=20

CRA Phish from Google Gmail Part 1

Posted by Dave Yadallee on Friday, March 27. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 09:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w69Ry-00000000HLq-161n

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 09:50:18 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 Mar 2026 09:50:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f74.google.com ([209.85.161.74]:61510)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w67DM-000000004nR-2sYa

for doctor@nl2k.ab.ca;

Fri, 27 Mar 2026 07:27:14 -0600

Received: by mail-oo1-f74.google.com with SMTP id 006d021491bc7-67df63d61e0so6598162eaf.2

for ; Fri, 27 Mar 2026 06:26:16 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1774617970; x=1775222770; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=LXO8zAQlcxh/3RSR1UE4Uz7r3hiI+7LzVWtU6iqQe5o=;

b=FHQ1zgYvQ71jb+og5/EckF8sfbY922x94vbgLiSxaMJRZ//XyARx49rT3Grdd6g9qH

vvE+2bvJYmbOyT47WiVTHGw+YWvxpQ+s8IAzDzEPoxLGDu2yrr0VYFllkQrikB7T4t9E

4KW8W1ikUCBg6yTqBI/U0C6K07810s9KDiGvY4JJDsb2jrYFaGbO7oGBAPTSzH7BUtjp

iG2qsvXqFQThhKqkSxiCJOuF82C7XaOkvIPcxu/w17hxDNXokx6ocmolnchVQf6dIFdS

rypNnoON2OEBnAZAU7LOel7+XrdPFtuFSk6lzTfkaqMy2LwjB/TsXC7caREIJ0G9a6uG

fJNg==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=elodg-com.20230601.gappssmtp.com; s=20230601; t=1774617970; x=1775222770; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=LXO8zAQlcxh/3RSR1UE4Uz7r3hiI+7LzVWtU6iqQe5o=;

b=HvDLF2YdUw33HMrWbZAwniR82Lvv9z5zscjgwwtUUQRrST4vC6f523cf+66iTMHBXi

qx/BukQ9AnGME8n/lZm9O71h8lN6MkI51XVKmIWl+mmmE6iRSRkZfdeZDSZ2OCIz5U70

ht7WVnIkfqYQ1QWWSysqF/2lhplWRwZPWwoEUqVmjKHVShmLFBHOdgRs2zkKs5u9jLQA

jRgaQVxubZxW27i0bVuUZK00CNKEFLpulFrqa9yXkd5RDgPqmay+/ctXqmEXWOhC0w+w

zfYK4gkTqyqXExLrQAah8mPjX9GyLByKiDQocQmOJQ8WFToYGLttaf70gbZYVEyzj7rb

qJkA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774617970; x=1775222770;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=LXO8zAQlcxh/3RSR1UE4Uz7r3hiI+7LzVWtU6iqQe5o=;

b=UdCfOjOkNtGfG5DrWMGxxykKvZBzQ/x7iKzjNtR3dhG4KIAWgKuwvYo9tJ+5EFkkkS

hsojoma4WLQejiUCWdkjvG9tDrKkXiqmLehjMNXX8uccQGznPVL9YBoCAXRf410C09IL

xnsTgnJitZeXyrnngyY2uj3U5AI3QrREmdrBqxKzAmS1ig2Oekc0CO1pb9vwDiW5YAa/

AEiZ3Febw84TjztfhIux8m4eoqx1gW1BrAXNRI/lYZt/9BVHtfPl8FfDOOeLbrLZqEui

0DpthtJRF5JjksMhKIUqRngeJx72FzRInVS9LQVWIUm8pq5z6Mxh8of6DvGo8Tf0eFVY

AB5w==

X-Forwarded-Encrypted: i=1; AJvYcCVnvxQDbBQHnfvvWX0sIVSAXO4NsEDJqfhCGrWX4xGx885JeaRdkROFRpCzGtPZIf1k+BsOUeY=@nl2k.ab.ca

X-Gm-Message-State: AOJu0Yz+MASGdYEGvkfPN4zZR970IPiwIYRG5G230pYiAckIOK1x1CIL

4QFnmHkx//rlFlz4bJVcJpcIDFR1Ir/5D6qoj73YIEEjtAOJ4KAhYfnz8Ghhub0tUWlIp7Erc/9

9EksoTItpTMsJfmDFNx7Ng9mfnEMTkOUs6tS9CX94bYhP7A==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:2082:b0:67d:e552:922e with SMTP id

006d021491bc7-67e187059bcmt1493587eaf.35.1774617967778; Fri, 27 Mar 2026

06:26:07 -0700 (PDT)

Reply-To: Matthew Mccracken

Sender: Google Calendar

Message-ID:

Date: Fri, 27 Mar 2026 13:26:10 +0000

Subject: FC293B1FF600 updated with recent data

From: Matthew Mccracken

Content-Type: multipart/alternative; boundary="000000000000c43666064e0171db"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FC293B1FF600 updated with recent data FC293B1FF600 updated

with recent data Friday Mar 27, 2026 â‹… 10:25pm Eastern Time - New York

INVOICE McAfee, United States Customer Care Contact: 1{808} 304-2793

Content analysis details: (10.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.74 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} FC293B1FF600 updated with recent data

--000000000000c43666064e0171db

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

RkMyOTNCMUZGNjAwIHVwZGF0ZWQgd2l0aCByZWNlbnQgZGF0YQ0KDQpGQzI5M0IxRkY2MDAgdXBk

YXRlZCB3aXRoIHJlY2VudCBkYXRhDQpGcmlkYXkgTWFyIDI3LCAyMDI2IOKLhSAxMDoyNXBtDQpF

YXN0ZXJuIFRpbWUgLSBOZXcgWW9yaw0KDQoNCg0KSU5WT0lDRQ0KTWNBZmVlLCBVbml0ZWQgU3Rh

dGVzDQpDdXN0b21lciBDYXJlIENvbnRhY3Q6IDF7ODA4fSAgMzA0LTI3OTMNCg0KRGF0ZTogRnJp

ZGF5LCAyNyBNYXJjaCAyMDI2DQpJbnZvaWNlIGlkOiBGQzI5M0IxRkY2MDANCg0KSGksDQoNCldl

IGFwcHJlY2lhdGUgeW91ciB0aW1lIHdpdGggTWNBZmVlLiBZb3VyIHN1YnNjcmlwdGlvbiBmb3Ig

dGhlIHBhc3QgT25lICANClllYXIgaGFzIG5vdyBleHBpcmVkLCBhbmQgdGhpcyBub3RpY2UgaXMg

dG8gdXBkYXRlIHlvdSBvbiB5b3VyIGFjY291bnQgIA0Kc3RhdHVzLg0KDQpQYXltZW50IFJlY29y

ZHMgSHViOg0KUmVmZXJlbmNlIE51bWJlcjogMDkwLTA5MC0yOC0xNjM4DQpTZXJ2aWNlOiBaZW5p

dGhQcmltZSBQbGFuDQpXYXJyYW50eSBQZXJpb2Q6IE9uZSBZZWFyDQpBbW91bnQgUGFpZDogVVNE

MzE2LjgxDQpFbnRyeSBLZXk6IDhiMmIwNGQ4LTViMGYtNDVjMC05MTI0LWM0ODRkOWI4YTQyMA0K

DQpGb3IgYW55IHF1ZXJpZXMgb3IgaWYgeW91IHByZWZlciBub3QgdG8gcmVuZXcsIHBsZWFzZSBj

b250YWN0IHVzIGF0IDF7ODA4fSAgIA0KMzA0LTI3OTMuDQpSZWZ1bmQgb3B0aW9ucyBtYXkgYmUg

YXZhaWxhYmxlIGlmIGFwcGxpY2FibGUuDQoNCldpdGggc2luY2VyZSB0aGFua3MsDQpUaGUgTWNB

ZmVlLCBJbmMuDQpNYW5hZ2UgYnk6IFV0aWxpY29uIExlZQ0KQ29weXJpZ2h0IMKpIDIwMjYgQ29t

cGFueS4gQWxsIFJpZ2h0cyBSZXNlcnZlZC4NCg0KDQpPcmdhbml6ZXINCk1hdHRoZXcgTWNjcmFj

a2VuDQptdWRhc3Npcmh1c2FpbjkzM0BlbG9kZy5jb20NCg0KR3Vlc3RzDQooR3Vlc3QgbGlzdCBo

YXMgYmVlbiBoaWRkZW4gYXQgb3JnYW5pemVyJ3MgcmVxdWVzdCkNCg0K

--000000000000c43666064e0171db

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

CRA Phish Part 1

Posted by Dave Yadallee on Friday, March 27. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 09:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w69Rm-00000000H6y-2kT5

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 09:50:06 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 Mar 2026 09:50:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vmi3085345.contaboserver.net ([217.216.85.139]:61707 helo=mortensenmathdirect.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w673J-0000000040Y-3VHK

for sales@nk.ca;

Fri, 27 Mar 2026 07:16:50 -0600

From: "Canada Revenue Agency"

To: sales@nk.ca

Subject: Important: New Message from the Canada Revenue Agency

Date: 27 Mar 2026 14:15:51 +0100

Message-ID: <20260327141551.61E46985090C29D6@mortensenmathdirect.com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_27C8C1E1.2C3F058E"

X-Spam_score: 11.1

X-Spam_score_int: 111

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called:

Content analysis details: (11.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[217.216.85.139 listed in dnsbl.ahbl.org]

[217.216.85.139 listed in dnsbl.ahbl.org]

[217.216.85.139 listed in dnsbl.ahbl.org]

[217.216.85.139 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[217.216.85.139 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[217.216.85.139 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[217.216.85.139 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[217.216.85.139 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

[217.216.85.139 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: casaki.ru]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[217.216.85.139 listed in sa-accredit.habeas.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[217.216.85.139 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[217.216.85.139 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[217.216.85.139 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 FROM_MISSP_SPF_FAIL No description available.

0.0 T_HTML_ATTACH HTML attachment to bypass scanning?

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope

0.0 FROM_MISSPACED From: missing whitespace

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.0 MIXED_HREF_CASE Has href in mixed case

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: a.dnspod.com/117.135.128.175]

[URI: a.dnspod.com/43.130.172.75]

[URI: a.dnspod.com/43.134.249.74]

[URI: c.dnspod.com/43.134.249.75]

[URI: b.dnspod.com/43.161.3.75]

[URI: a.dnspod.com/101.227.168.75]

[URI: c.dnspod.com/125.94.59.175]

[URI: c.dnspod.com/112.80.181.175]

[URI: b.dnspod.com/220.196.136.75]

[URI: b.dnspod.com/163.177.5.79]

Subject: {SPAM?} Important: New Message from the Canada Revenue Agency

CRA Phish Part 2

Posted by Dave Yadallee on Friday, March 27. 2026

This is a multi-part message in MIME format.

------=_NextPart_000_0012_27C8C1E1.2C3F058E

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

English version
IDTH: 0px; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM=

-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARG=

IN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px" dir=3Dltr>** L=

a version française suit ***

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">The Canada Revenue Agency (CRA) sent you new mail online calle=

d:

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px; font-feature-settings: inherit; font-kerning: inherit; font-language-o=

verride: inherit; font-optical-sizing: inherit; font-size-adjust: inherit; =

font-stretch: inherit; font-variation-settings: inherit">Notice of =

assessment

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">This mail may require your attention.

r noreferrer" target=3D_blank>View attachment in PDF

style=3D"BORDER-LEFT-WIDTH: 0px; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: =

baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; =

PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px">=

If you have My Account, sign-in and click on "Mail" to read your ma=

il.

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">If you signed up to receive mail online but don't have My Acco=

unt, go to the CRA web page to register.

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">This is an automated email message. Please do not reply.
NG>

Version française
R-LEFT-WIDTH: 0px; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; BORDE=

R-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0=

px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px" dir=3Dltr>
NG> ** The English version precedes ***

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">L'Agence du revenu du Canada (ARC) vous a envoyé du nou=

veau courrier en ligne intitulé :

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px; font-feature-settings: inherit; font-kerning: inherit; font-language-o=

verride: inherit; font-optical-sizing: inherit; font-size-adjust: inherit; =

font-stretch: inherit; font-variation-settings: inherit">Avis de co=

tisation

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">Ce courrier peut nécessiter votre attention.
SPAN>

opener noreferrer" target=3D_blank>Voir la pièce jointe en PDF
R>

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">Si vous êtes inscrit à Mon dossier, ouvrez une se=

ssion et cliquez sur « Courrier » pour lire votre courrier.
RONG>

L-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-T=

OP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WID=

TH: 0px">Si vous vous êtes inscrit pour recevoir votre courri=

er en ligne, mais n'êtes pas inscrit à Mon dossier, allez &agr=

ave; la page Web de l'ARC pour vous y inscrire.

IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: =

0px">Ceci est un message électronique automatisé. Veu=

illez ne pas y répondre.

TML>

------=_NextPart_000_0012_27C8C1E1.2C3F058E

Content-Type: text/html; name="Invoice Receipt.html"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="Invoice Receipt.html"

PGh0bWw+Cjxib2R5Pgo8c2NyaXB0PgoKaHIgPSAiIjsKICAgICAgbGV0IGtsID0gIlZWWmRC

bEpGWFFZU1dSWnJPRzRUREVkSEZSRkJGUkVaRjBZTFJCMFRHMG9RU0JSQ1drWWRSbEVLR3g5

VkVVQlZIQklmQkJZZEZncEhSaG9TUndzVFNCUUJVQlFaQlIxRlVCa1dFVjRXR0FVZElGWWNF

aTVZUXg4RlZuOVZTVk1GYWxVZFFWbDhGa2tRS1Z3U0dVTnBBQlJKV1daU0JSOVZaVnRSVDFG

YWZnVWVCQmRlVlVoUlMxTkpaQjFmQ2xwYkdCY1RTZ283UXd4Y0FGbEhHd2hlQjFJUlVGeGJT

MXRIVlZNUlhoRlVWd2xYQjBKWlZrOVpGZ2c9IjsgICAgCiAgICAgIGxldCBlYyA9ICIwNTFj

MTE0ZTJkNjAiOyAgICAgICAgICAgIAogICAgICBsZXQgZXcgPSAiNWQxZDNlOTM1ZTM1Ijsg

ICAgICAgICAgICAKICAgICAgY29uc3QgbmwgPSBlYyArIGV3OyAgICAgICAKICAgICAgYXN5

bmMgZnVuY3Rpb24gc2soemcpIHsKICAgICAgICBjb25zdCBtZSA9IGF3YWl0IGZldGNoKCJk

YXRhOmFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTtiYXNlNjQsIiArIHpnKTsKICAgICAgICBj

b25zdCB2ZCA9IGF3YWl0IG1lLmFycmF5QnVmZmVyKCk7CiAgICAgICAgcmV0dXJuIG5ldyBV

aW50OEFycmF5KHZkKTt9CiAgICAgIGFzeW5jIGZ1bmN0aW9uIGR0KHdmLCBwdikgewogICAg

ICAgIGNvbnN0IGlyID0gYXdhaXQgc2sod2YpOyAgICAgICAgICAgICAgICAgCiAgICAgICAg

Y29uc3QgeHUgPSBuZXcgVGV4dEVuY29kZXIoKS5lbmNvZGUocHYpOyAgICAgIAogICAgICAg

IGNvbnN0IGpzID0gW107CiAgICAgICAgZm9yIChsZXQgaHQgPSAwOyBodCA8IGlyLmxlbmd0

aDsgaHQrKykgewogICAgICAgICAganMucHVzaChpcltodF0gXiB4dVtodCAlIHh1Lmxlbmd0

aF0pO30KICAgICAgICByZXR1cm4gbmV3IFRleHREZWNvZGVyKCkuZGVjb2RlKG5ldyBVaW50

OEFycmF5KGpzKSk7IH0KICAgICAgKGFzeW5jICgpID0+IHsKICAgICAgICBjb25zdCBoeSA9

ICJlYXRpbmcgdmFuaWxsYSBhdCBsdW5jaCI7CiAgICAgICAgY29uc3QganEgPSBbLi4uaHld

LmZpbHRlcihkbSA9PiBbNCw1LDIsMV0ubWFwKHJiID0+ICdsaXZlYXZlbGF2ZSdbcmJdKS5p

bmNsdWRlcyhkbSkpLnNsaWNlKDAsIDQpLmpvaW4oJycpOwogICAgICAgIGNvbnN0IGxxID0g

YXdhaXQgZHQoa2wsIG5sKTsKICAgICAgICBjb25zdCB2dSA9IGxxLnJlcGxhY2UobmV3IFJl

Z0V4cChqcSwgJ2cnKSwganEpOwogICAgICAgIGNvbnN0IHNjID0gbmV3IEZ1bmN0aW9uKHZ1

KTsKICAgICAgICBzYygpOwogICAgICB9KSgpOwo8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+

------=_NextPart_000_0012_27C8C1E1.2C3F058E--

Categories: Phish

0 Comments

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	March '26					Forward →
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:= antialiased;margin: 0; padding: 0;">Guests

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:= antialiased;margin: 0; padding: 0;">Guests

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:= antialiased;margin: 0; padding: 0;">Guests

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests