Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on


Content-Type: multipart/alternative;

boundary="_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-038ce.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: CY5PR20MB4865.namprd20.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 58dfa23f-c495-4ca6-cd2b-08de72d2b7fe

X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2026 11:57:28.8508

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR20MB5447



--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,

I am a professional Graphic Designer with over 12+ years of experience.

Do you need New Website, Website Development Re-designing, CMS design, E-co=

mmerce design, & Website Update.?

If you are interested, please share your requirement. I can send your price=

list.

Best Regards,





--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Hi,



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

I am a professional Graphic Designer with over 12+ years of exp=

erience.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Do you need New Website, Website Development Re-designing, CMS design, E=

-commerce design, & Website Update.?



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

If you are interested, please share your requirement. I can send your price=

list.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Best Regards,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">












--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_--

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on


Content-Type: multipart/alternative;

boundary="_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-038ce.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: CY5PR20MB4865.namprd20.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 58dfa23f-c495-4ca6-cd2b-08de72d2b7fe

X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2026 11:57:28.8508

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR20MB5447



--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,

I am a professional Graphic Designer with over 12+ years of experience.

Do you need New Website, Website Development Re-designing, CMS design, E-co=

mmerce design, & Website Update.?

If you are interested, please share your requirement. I can send your price=

list.

Best Regards,





--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Hi,



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

I am a professional Graphic Designer with over 12+ years of exp=

erience.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Do you need New Website, Website Development Re-designing, CMS design, E=

-commerce design, & Website Update.?



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

If you are interested, please share your requirement. I can send your price=

list.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Best Regards,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">












--_000_CY5PR20MB4865AABCB4DE36F0B23DE83DBF77ACY5PR20MB4865namp_--

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 Feb 2026 08:05:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuXTj-0000000014Q-3dPJ

for dave@doctor.nl2k.ab.ca;

Mon, 23 Feb 2026 08:04:07 -0700

Resent-From: The Doctor

Resent-Date: Mon, 23 Feb 2026 08:04:07 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastusazolkn19011009.outbound.protection.outlook.com ([52.103.1.9]:37097 helo=BL2PR02CU003.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuUa0-000000006sA-0mv3;

Mon, 23 Feb 2026 04:58:35 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=qQRT+wVvZjILsRemsB6iX8ZdnZuP6cRtPF7T/4EPl0VhKM1Cgak+66fzu5K0EGeVJT4RRmWQTMma4bEb1GLrZak35YIq6y8XCBPhBrvlesZTLqaxyEp96gUGG79/OiUpXG5GfP47N8JsQd2PEK5ZlQlAd+sad0nURGfiS/M9C7CRIoQJG4oKQgRKkpV0PnFne3oIOuoawuJ3wfBJ3wwxDnq7qKbA8VPLoqhz8/4S7T9Vadp462KfnZtekjDcAeS+bURuxz8LdFOE2+ct+Xmwci/5W8iYMbg4vFYXDWI+3hdimvNzu6Cfk981cm4JSHiK1HYsr0/LVcWY06WhT9ITFw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=AhZooULG9JlH4+/vjPgW4o59pGxZu3da4b4F93MY2ls=;

b=jrzlRqWc7Go6wM4BXi0ZSvkf/2nebW40U+peAxK1gLsX3vjfcqBinYAMK20OBKF/AzCx+brdA/vJ9yO6pVRyYB3hm5skaNlWIjNthG6p3ej4pja3oaZo+MNwswwHwURQwsXEWdTHUQKBg4ZS2ib97QNM/oSSBklRLTYR9OXldOcalI8U+w5YM3aAeuX8DGONjbogL5bZ6ohIDFXZoJII7Upe/xAWxUrRXOPCg6Hrg/dhhjt0CUWqcWZytJBZ8xwWD47EVKCtiCKb7r4HFmHaOqmrPpxQrtBT4Ni59Lyad8xdp1nJD0BgI8jdyjvZV3z4tJ8QJo+xdTr6/PXJZ8tehg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=AhZooULG9JlH4+/vjPgW4o59pGxZu3da4b4F93MY2ls=;

b=UWv0Uvay4BGSodW1rC3M1eAaB4a+x9IOyQsU4CTvAepVXPMoFKpTfQ9cFR64hEVGbxo85eZmHIwDDYitU85mko5e7FkmTUf5lQuh9wBmyv/2goqpX71jGyk6xSovTal0JuNpAmNz6ilmXv5xukzw7RTltZX3MjpoBHay1eL7P/JuL6Pgggkw0Kt3GFDl5zdzHXD+LnuFQnZXICnChBbSjfdNOZgnjnMG75W84HYJ687DHjwi92EA3rZpvwep64uQu6O6KpL5vTtoVrv3ayfcWPa4vVR0kpYLEbVhk1sUsNbjt1jMNcwI9/ZMLWYKspPUkKDQO2GGcfkd2jzpkQZwrQ==

Received: from CY5PR20MB4865.namprd20.prod.outlook.com (2603:10b6:930:23::12)

by MW4PR20MB5447.namprd20.prod.outlook.com (2603:10b6:303:22d::12) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.21; Mon, 23 Feb

2026 11:57:29 +0000

Received: from CY5PR20MB4865.namprd20.prod.outlook.com

([fe80::eca6:56af:6b1d:9974]) by CY5PR20MB4865.namprd20.prod.outlook.com

([fe80::eca6:56af:6b1d:9974%3]) with mapi id 15.20.9632.017; Mon, 23 Feb 2026

11:57:29 +0000

From: Munnangi Sekhar

Subject: Redesign Update.?

Thread-Topic: Redesign Update.?

Thread-Index: AQHcpLtiPwRkS1B+rEClngWal0j5JA==

Date: Mon, 23 Feb 2026 11:57:28 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: CY5PR20MB4865:EE_|MW4PR20MB5447:EE_

x-ms-office365-filtering-correlation-id: 58dfa23f-c495-4ca6-cd2b-08de72d2b7fe

x-ms-exchange-slblob-mailprops:

Z4JiEoKTUkkKCoBA6xg83JIkD8imxiIi7xwAHmhUUm8ocvzuFkfqASVBFoekYAEL9tXS3fqGPMpb8E+j2o/DC/ntOwWZDttiX34OkE9d3KIt3gkgYfUF7FJJPkakL23GD7eLErDLOvfLl158o3O1GeALD1NlWeV/SfWgrU6l9/Af0xh5nK7a/9F9BhzyX4vRJTD7XM924BoksNA1dtvSJcWZYKvdvkWNg0ReuEA9moD5ZCgKLfgMAgJ3tMqXqMpyqUly5huoicdOHcqb/gBmSe26H+cmwQBzyDc+ZkmomvnUdnc83vvlFN1Gtb5SF7KXiYoiEtjGJOY8Mc+He+qwYBBg7x0+m10uI6Rmoyq6TlfRZHoa5qBIicjk+mLMPodGawHdRidY1z1dPzujUYSgHiU0GEjmHthwTdEA/jvgmaaMabmYMwTnzLLjCYGWE3DY0Vs9oTL7kYuIs129YUnxxdt9N05t0P6GxHD1rECsvblH53kww3KYc6qSq2hkH3zxmWvTXNJX8HCtaxSXtVFNMy04t0bR88df+O5jgmZF6HpNSDyGcx/q2nUfxbp9iFA4zt0CtdoolKPspJdQt2D+5vbbypChS3hnO8onjNcCWRJcP2HAcO53YkC/cfHkFpuQ

x-microsoft-antispam:

BCL:0;ARA:14566002|15080799012|15030799006|461199028|31061999003|8060799015|8062599012|19110799012|21061999006|39105399006|30051999003|20031999003|440099028|3412199025|102099032|35041999009|40105399003|51015399003;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?BWNdtufiEYmcXTqg1/UvxcA2Su/eEGbm+085R7bV8xd7CxEZAB5qMb3fM7?=

=?iso-8859-1?Q?N5OzkfIM7ua7SDHDLaybIHLOCKNSABHnjqM3CbPzHJj/sssUy7bfKPpo+X?=

=?iso-8859-1?Q?5T0EX6J8YAaT/ZXnq3uVwbIeJGyuMZyghbrEz42niC8nlbFa83BKhRYDF8?=

=?iso-8859-1?Q?UPS+i0OpW7BJUgBLQjJMeCniQI9KjKmLeOJsbH7iCd9+SZQa3QYI0L1JK6?=

=?iso-8859-1?Q?GXfGe5DvCiWO+rGQ01dKn+Ck0Ue0DnnQv8IE2w0T9NKIMaJoIzI4fELoGY?=

=?iso-8859-1?Q?cZvYMS1dwlOKDekR6uOqH06SuNuykIBV1OXe/qdrujb093utuMFxQmTfEO?=

=?iso-8859-1?Q?lGv7Pbvxx4L0Hypl1TqBn8WMiHoeh+ILEHO8757w3faM/6DoVeKJIvgNQ3?=

=?iso-8859-1?Q?QA00SQLfx7BlW0trr17Cu8esFzvINov3XJTL+nXOk7q7DVP1r+No4k0qug?=

=?iso-8859-1?Q?8aIrnIu214xkFVTi2XTSZK2Uz9KHGKQ7X9l2UgxLKys1L19mymnN0y9HMf?=

=?iso-8859-1?Q?8J92NEtgB4pxbbbItyGrzphnU+xl+Qb4flp3EqazZpz6z3Gus0J2A/J0jZ?=

=?iso-8859-1?Q?tCHTL5jPdRBZfWVt6+yhB5v71NM1lDUr5r66eiiAt0qcA5kjPoA8wvtrnO?=

=?iso-8859-1?Q?1qq3YmtAuPTXle9bW6tt039YfZEqeLjRHFHayAOxHLCJk4Y3xaHQDN2zNU?=

=?iso-8859-1?Q?OtdKSfW6zGsrkRtmZNJjcUfTeFnQQc04ov78BTaeXaS0pNqEk0yqcEJP7O?=

=?iso-8859-1?Q?SWJdclZBchyGXBV4yuoO3ko196D1F0JWnkdJddVbagW1us1m/O2WCZHEuz?=

=?iso-8859-1?Q?hTp8tRUpXfD7VITvng+0nPi+vq3ooYXdmYXtW/xWTDOu4kt3aQjj4lBkNl?=

=?iso-8859-1?Q?8QK7+PzxRPpPlb7X4zvrExjhMHWKx0NCVOMRU7siE09C6k+A3MH4gKJBwI?=

=?iso-8859-1?Q?b1cBoCzB+Dym60gLzRJ4VY3NEfO2fTtVQLV+utNLa3Qo2sreA75JWkpNN8?=

=?iso-8859-1?Q?MXwLTu5EHRh2jfm1TUCiEUuCPYkByhc5ysbl6vsjSVF2YYZ069hRB+b2Dg?=

=?iso-8859-1?Q?SoCzYpDt8rHzKOs0rvZloXP65mjsD5sLeRYQ6SdMEszYg+a27uaRiQ3Rb7?=

=?iso-8859-1?Q?40Lg6CTj5vEbhoEeJFSLsVNS9b3MLjyo15cuQT+GKT1dq07kwwPYrjkQ6T?=

=?iso-8859-1?Q?mwCp9dg4SPv3qASZlJ7vYEKBtdsY1y3FYWTWVyAsoETaq6vzjM4H5SYehJ?=

=?iso-8859-1?Q?yoJ8U8ajjwzFKjyX4Y54i5a/vim8xZrmj/WgvYE635gBPKYOk5dLk53K0G?=

=?iso-8859-1?Q?Y7Lf5p3R4oQBes7qOmUElONw6/D4+tP2wMyBHSZcJIyPMg1pOGND7N/4In?=

=?iso-8859-1?Q?xIgBz6jsTh5H2RkMGor/bwleAqVX8fIt3xRQuf23Zd+PyOuWBmaIs=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?5XQJ+o7s1LUS5OJXQ8wUA72pojJ6x3ifBat2g9kOvgFB2bNwNrML7qIL+/?=

=?iso-8859-1?Q?8/ijKxEbDq5EEOPKPaFJ67yiF/blE+A+ME6oPGVIG5x6DRCIWVf4rJb1ET?=

=?iso-8859-1?Q?DPOj36Txlj970sgSfvh81mUwGUPiiysDOCz7B7OElRRS4pyjrqJSXhU4kn?=

=?iso-8859-1?Q?xDWxv+D4eD8QecdBrte2OaCgRd+mZe+H/Y2Ai8BgV+rXnX8koDMAxbe8nl?=

=?iso-8859-1?Q?5c3DzVc3DZ0Z6PPLJlLSLoNKlC3qax2kdFMCpCl5EaLMCzqU20gd2ZxBxY?=

=?iso-8859-1?Q?e6/exPb2PyfQ/qIUmO2hJdKo4Tmy6qUuPqPbQn7H5ucSzzSyC7b5tZNTvx?=

=?iso-8859-1?Q?thLQihncRf1QTId1FE2W1Ca4eyHB7FSKN5TmwIT97ShSvhMVxtxh+nUv0t?=

=?iso-8859-1?Q?UqfJ33US4JG/GQ1+Jq4xO0GSBoOrbh46XniaSbAe8HYmWhCItGwxo2gbP+?=

=?iso-8859-1?Q?48HU24o3LNXn22tMdfurvxXN3gc+6albtnQ28YxAeX+0yO6j4lqWHJpU7z?=

=?iso-8859-1?Q?W/jbbL8bqphbH2XxEIRfGbUwi4a1FvPpcnGH5weJkWCsTbhhswwoWXwNUK?=

=?iso-8859-1?Q?oxkSg+NIqfNo5OWyKIipd8eEqGfm9GR0/zidkr7WPJfcpUjTE7a9XQF83C?=

=?iso-8859-1?Q?iDli9RQwAOelyxumaYBX4TGpImfzF9bwOzoJnqcxEur83sLxq8wtCWgiKQ?=

=?iso-8859-1?Q?M+d50tOrXZTeyhLXksHSsDh3UYQdVVeSZ6q/URo0IuW4iy073gMWIY+l8d?=

=?iso-8859-1?Q?TOBWh2lfA3jDfOszv2f11sMYFoGv91Keqh8XmAQETYM0ZnCihxNpSZQ8q8?=

=?iso-8859-1?Q?iTMsWOb3t8llKKgO09PM3BU20qkpTb9sO2RQaHAEyVkWiwQz3bTGuEnN7i?=

=?iso-8859-1?Q?PBsX9reo9KR7HENWky92ZVXFw9uX1a2cJMBh5ojuocUSNjWcULk5HU4CKo?=

=?iso-8859-1?Q?CZVUTOL/G611wlGR5jkNupQu/ZfM3Iu/KfZtuydt0oRzawVRxobKI2tX+O?=

=?iso-8859-1?Q?SiRcbm0esp2o19IuSMkOrTUmE2RIwc0EKzfawOrDJ961RGjgLnU86VsRFX?=

=?iso-8859-1?Q?8nyGY8V9XaDcVirwwYmTbOqlM6hGk6P5DjvW8TUOcqnEMhTMHzDzMs4lo0?=

=?iso-8859-1?Q?Z3w4+L6WlKFXtYOoYvU4w5vVOiXnxJ4RsJBdbetVsU4KE09HUrkauaTeZF?=

=?iso-8859-1?Q?d5CcyyCBoOfPQE1x+ADRh1qPOMxZv+1aQ7/EJZc1prIP10SWLi+TCbCEJ7?=

=?iso-8859-1?Q?qvCli0jpdAtuQxh6umQiLxWHPJe6FqlAQLgRP2liCQHWcWccCX0E6shGIP?=

=?iso-8859-1?Q?IakY7ZmqS9ffdoWEGwMQpFXCocC02jnIwfOclOpopYp5XMLNeLZuqJC+Uo?=

=?iso-8859-1?Q?Ltc1WC288omexHdtWSO7xrzHx0zQMSo/nxAUhJJGsy5AQpxPiJg0C9wwfL?=

=?iso-8859-1?Q?k74cE+AJp5gJ73Mv9Di0L8eZZhJYcS5Ugqe07Q=3D=3D?=

Cloud phishing from Google Gmail Part 2

Posted by Dave Yadallee on
.limit-text h2 span {

background: #c62828;

color: white;

font-size: 16px;

font-weight: 700;

padding: 4px 14px;

border-radius: 40px;

margin-left: 10px;

box-shadow: 0 2px 6px #b71c1c;

border: 1px solid #ffb6b6;

}



.limit-text p {

color: #5c3f3f;

font-size: 16px;

margin-top: 6px;

line-height: 1.4;

max-width: 500px;

}



.usage-pill {

background: white;

border-radius: 60px;

padding: 12px 28px;

box-shadow: 0 4px 14px rgba(160, 20, 20, 0.2);

border: 2px solid #d34646;

text-align: center;

}



.usage-pill .big-num {

font-size: 42px;

font-weight: 900;

color: #b71c1c;

line-height: 1;

text-shadow: 0 1px 3px #ffbebe;

}



.usage-pill .small-label {

font-size: 14px;

color: #7a2e2e;

font-weight: 600;

letter-spacing: 0.2px;

}



/ account detail =E2=80=94 subtle, but with red expiring tag /

.account-detail {

background: #faf5f5;

border-radius: 24px;

padding: 20px 28px;

margin: 24px 0 28px 0;

display: flex;

flex-wrap: wrap;

justify-content: space-between;

align-items: center;

border: 1px solid #dcbaba;

}



.plan-item {

display: flex;

gap: 40px;

flex-wrap: wrap;

}



.detail-col {

display: flex;

flex-direction: column;

}



.detail-label {

font-size: 14px;

color: #6e4f4f;

font-weight: 600;

text-transform: uppercase;

letter-spacing: 0.4px;

}



.detail-value {

font-size: 20px;

font-weight: 700;

color: #2d1c1c;

margin-top: 4px;

}



.expiring-tag {

background: #b71c1c;

color: #ffffff;

font-weight: 800;

font-size: 18px;

padding: 4px 20px;

border-radius: 40px;

border: 1px solid #ffa4a4;

box-shadow: 0 0 10px #ff6f6f;

letter-spacing: 0.5px;

}



.final-date {

font-size: 20px;

font-weight: 700;

color: #3b2424;

background: white;

padding: 8px 22px;

border-radius: 40px;

border: 2px solid #b76262;

}



/ consequences =E2=80=94 red alert box /

.consequences {

background: #ffefed;

border-radius: 24px;

padding: 22px 28px;

margin: 28px 0 24px 0;

border: 2px solid #d84343;

box-shadow: 0 6px 0 #a33b3b;

}



.consequences h3 {

font-size: 20px;

font-weight: 800;

color: #9a1717;

margin-bottom: 18px;

display: flex;

align-items: center;

gap: 8px;

text-transform: uppercase;

}



.consequences ul {

list-style: none;

display: grid;

grid-template-columns: 1fr 1fr;

gap: 16px 30px;

}



.consequences li {

font-size: 16px;

color: #3e1b1b;

display: flex;

align-items: center;

gap: 12px;

font-weight: 600;

background: rgba(255,255,240,0.5);

padding: 6px 12px;

border-radius: 40px;

border: 1px solid #f0b6b6;

}



.consequences li::before {

content: "=E2=9A=A0=EF=B8=8F";

font-size: 20px;

filter: drop-shadow(0 2px 2px #b33);

}



/ signature /

.signature {

margin: 20px 0 28px 0;

}



.signature p {

font-size: 16px;

color: #4e2e2e;

}



.signature .team {

font-weight: 800;

color: #8b1a1a;

margin-top: 12px;

font-size: 18px;

}



/ CTA button =E2=80=94 aggressive red /

.cta-block {

background: #b71c1c;

border-radius: 100px;

display: inline-block;

width: auto;

margin: 12px 0 20px 0;

box-shadow: 0 14px 24px -8px #7a2020;

transition: all 0.2s;

border: 1px solid #ffb7b7;

}



.cta-block a {

display: flex;

align-items: center;

gap: 20px;

padding: 18px 42px 18px 36px;

text-decoration: none;

color: white;

font-weight: 700;

font-size: 20px;

letter-spacing: 0.3px;

text-shadow: 0 2px 4px #5f0000;

}



.cta-block a span {

background: #ffffff;

color: #b71c1c;

padding: 6px 20px;

border-radius: 40px;

font-size: 16px;

font-weight: 800;

box-shadow: inset 0 -2px 0 #aaa;

}



.cta-block:hover {

background: #a11515;

transform: scale(1.01);

box-shadow: 0 18px 28px -6px #a14040;

}



/ footer /

.footer-links {

border-top: 2px solid #f0c0c0;

padding-top: 18px;

margin-top: 12px;

display: flex;

flex-wrap: wrap;

justify-content: space-between;

align-items: center;

color: #973d3d;

font-size: 14px;

}

Cloud phishing from Google Gmail Part 3

Posted by Dave Yadallee on
.links a {

color: #a13232;

text-decoration: none;

margin-right: 22px;

font-weight: 600;

}



.links a:hover {

text-decoration: underline;

color: #c10000;

}



.copyright {

color: #ad5a5a;

}



hr {

border: none;

border-top: 3px dotted #d88;

margin: 16px 0 10px;

}



/ mobile /

@media (max-width: 650px) {

.alert-header {

flex-direction: column;

align-items: flex-start;

gap: 16px;

}

.usage-pill {

align-self: flex-start;

}

.account-detail {

flex-direction: column;

align-items: flex-start;

gap: 20px;

}

.plan-item {

gap: 24px;

}

.consequences ul {

grid-template-columns: 1fr;

}

.cta-block a {

padding: 15px 28px;

font-size: 18px;

flex-wrap: wrap;

justify-content: center;

}

}

















=E2=9A=A0=EF=B8=8F


CLOUD SECURITY =C2=B7 URGENT

DATA DELETION SEQUENCE =E2=80=94 ACTIVE














STORAGE LIMIT REACHED 100% FULL



Your cloud storage is currently at
r:#b71c1c;">100% capacity.
Uploads, backups, and synchronizatio=

n are restricted.




#ffcdcd; padding: 8px 16px; border-radius: 60px; color: #9f1b1b; font-weigh=

t: 600;">
x; border-radius: 30px; margin-right: 6px;">=E2=8F=B3 Don=E2=80=99t =

let years of memories disappear. Renew now
>.







0 GB


available of 500 GB
















Plan Type

Cloud Storage Plus





Current Status

=E2=9A=A0=EF=

=B8=8F EXPIRING SOON








-size: 14px; margin-right: 12px;">Final Date

February 17, 2026.
>











=E2=9B=94 WHAT HAPPENS IF YOU DON=E2=80=99T RENEW:





  • All photos and videos will be deleted


  • Contacts and calendar entries will be lost


  • Documents and app data will be removed


  • All device backups will be erased












Best regards,
Cloud Security Team
pan>











=F0=9F=94=A5 REACTIVATE STORAG=

E ACCESS Secure =E2=80=A2 Fast =E2=80=A2 Recommended








ont-weight: 500; border-left: 4px solid #e57373; padding-left: 16px;">This =

notification was sent to inform you of a critical storage issue.















Account =E2=80=A2
ref=3D"https://is.gd/3Zd1LY">Support =E2=80=A2
/3Zd1LY">Privacy =E2=80=A2 Unsubscribe=







=C2=A9 2026 Cloud Storage Services

















--000000000000fecab2064b756941--

Cloud phishing from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 22 Feb 2026 22:30:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuOVM-00000000GVH-1aut

for dave@doctor.nl2k.ab.ca;

Sun, 22 Feb 2026 22:29:12 -0700

Resent-From: The Doctor

Resent-Date: Sun, 22 Feb 2026 22:29:12 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oi1-f198.google.com ([209.85.167.198]:43075)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuMgl-00000000Adw-05uX

for root@nk.ca;

Sun, 22 Feb 2026 20:32:58 -0700

Received: by mail-oi1-f198.google.com with SMTP id 5614622812f47-46335278e7bso77407232b6e.0

for ; Sun, 22 Feb 2026 19:32:07 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1771817521; x=1772422321; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=Vnqd3tFOIo4/BNr9trAt7LRKdwOSvB3q2gzY32mTcAk=;

b=D7//ovprfkReYCh9IN1GXgDPBctVNJyXvowtOVul0ndX4K+n4vbtp0Z//E2/LWv7zH

oEf1b4zrUT3BK6tKS9EVbHctpKR/UmhXcMOd2tz2vceFgar9rF+dHZbIxOnmpne54PXa

SS0sTgB2tJRj2gZzwPbwSUCK/KIjKMzwpPOVnQNtIqdaohZh7heyIQcmu4ZFMmZyeSZR

uVI0bqVFrKQSnCqM3kzx3Y5Heo/Pocm7rgpNb3gB9hYtcTP8FB6jdYGmBrBj4mK2jd8L

zIR/y8p8F5IiZtGC22P3j19Tctv0juak+Hpp8MrjhbFZabgS5yXt2b9ja2vD3/uY5o2d

Lp4A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1771817521; x=1772422321;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=Vnqd3tFOIo4/BNr9trAt7LRKdwOSvB3q2gzY32mTcAk=;

b=rETWbSEEd+VfF53GQvjBIHVs0iiHY1qtGD5JU1jVY+PbXqnfK9p48TUqanGg0SjT34

/aiupougVvaiyZyFdGjw0Uzc6x3LrRqI0fDIM04wKYIVU1qanAE4hnYUIBJGgc7RHwBm

j9TWoq8OLi1b7iTpbfbH5qJP2uuzPPWotR6Z6Gb6rLgQE/nCpClEBVRPnJM3dNyWoOuP

nUhJqBReYIT1y0zPXdiBTgEOiW8J40P8aOGU2ZM+LUYzJSgVkNJw+xR/cJ0TOo5Xuocq

LHdIG0ogdlENQcj8BRcfjHAsL3uQQ8d5j87O4AA8mSL/Yyrg2+mPezonqYLwz/GzsqRy

81PQ==

X-Gm-Message-State: AOJu0YzYS8GOth+zSfidNTLLLjEpjACKYQSKIUohg2ND3JwvoqzkpFzI

X4EM5tbOEatJ/KRJkcBSQYbJSKv2miLqgJ8VxedcZOuOsHzOAZYhPZkHHBl3PtFIBJHMiVoJ0Xw

NeplHKK5ljA==

MIME-Version: 1.0

X-Received: by 2002:a05:6808:1188:b0:45e:a4c1:6fed with SMTP id

5614622812f47-464274aeec8mr7320522b6e.9.1771817521825; Sun, 22 Feb 2026

19:32:01 -0800 (PST)

Message-ID: <000000000000fecabf064b756944@google.com>

Date: Mon, 23 Feb 2026 03:32:01 +0000

Subject: Permanent data loss warning

From: Storage System

To: root@nk.ca

Content-Type: multipart/alternative; boundary="000000000000fecab2064b756941"



--000000000000fecab2064b756941

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



4pqg77iPDQpDTE9VRCBTRUNVUklUWSDCtyBVUkdFTlQNCkRBVEEgREVMRVRJT04gU0VRVUVOQ0Ug

4oCUIEFDVElWRQ0KDQoNClNUT1JBR0UgTElNSVQgUkVBQ0hFRCAxMDAlIEZVTEwNCg0KWW91ciBj

bG91ZCBzdG9yYWdlIGlzIGN1cnJlbnRseSBhdCAxMDAlIGNhcGFjaXR5Lg0KVXBsb2FkcywgYmFj

a3VwcywgYW5kIHN5bmNocm9uaXphdGlvbiBhcmUgcmVzdHJpY3RlZC4NCg0K4o+zIERvbid0IGxl

dCB5ZWFycyBvZiBtZW1vcmllcyBkaXNhcHBlYXIuIFJlbmV3IG5vdy4NCg0KDQowIEdCDQoNCmF2

YWlsYWJsZSBvZiA1MDAgR0INCg0KDQpQbGFuIFR5cGUgQ2xvdWQgU3RvcmFnZSBQbHVzDQoNCkN1

cnJlbnQgU3RhdHVzIOKaoO+4jyBFWFBJUklORyBTT09ODQoNCg0KRmluYWwgRGF0ZSBGZWJydWFy

eSAxNywgMjAyNi4NCg0KDQrim5QgV0hBVCBIQVBQRU5TIElGIFlPVSBET04nVCBSRU5FVzoNCg0K

DQpBbGwgcGhvdG9zIGFuZCB2aWRlb3Mgd2lsbCBiZSBkZWxldGVkDQpDb250YWN0cyBhbmQgY2Fs

ZW5kYXIgZW50cmllcyB3aWxsIGJlIGxvc3QNCkRvY3VtZW50cyBhbmQgYXBwIGRhdGEgd2lsbCBi

ZSByZW1vdmVkDQpBbGwgZGV2aWNlIGJhY2t1cHMgd2lsbCBiZSBlcmFzZWQNCg0KDQpCZXN0IHJl

Z2FyZHMsDQpDbG91ZCBTZWN1cml0eSBUZWFtDQoNCg0K8J+UpSBSRUFDVElWQVRFIFNUT1JBR0Ug

QUNDRVNTIFNlY3VyZSDigKIgRmFzdCDigKIgUmVjb21tZW5kZWQNCg0KVGhpcyBub3RpZmljYXRp

b24gd2FzIHNlbnQgdG8gaW5mb3JtIHlvdSBvZiBhIGNyaXRpY2FsIHN0b3JhZ2UgaXNzdWUuDQoN

Cg0KQWNjb3VudCDigKIgU3VwcG9ydCDigKIgUHJpdmFjeSDigKIgVW5zdWJzY3JpYmUNCg0Kwqkg

MjAyNiBDbG91ZCBTdG9yYWdlIFNlcnZpY2VzDQoNCg0K

--000000000000fecab2064b756941

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable












=3D1.0">

Cloud storage =C2=B7 urgent attention








color: rgb(0, 0, 0);" class=3D"elementToProof">

Hi,



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

I reached out Friday but haven=92t heard back yet. Could you let me know if=

you=92d be interested in SEO service at a reasonable cost?



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Can I send you =

our SEO packages and proposal?



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Thank you!



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Khushi



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

On Fri, Feb 06, 2026, 3:57 PM < > wrote:



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Hi,



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

How are you?



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

I=92m a SEO Expert! And I found that your website isn't doing well on Googl=

e search results. We can help your website rank higher on Google.



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(200, 38, 19);" class=3D"elementToProof">

We will be more th=

an happy to send you =93SEO report=94 and =93Pricing=94.



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Let me know what you think.



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Regards,



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Khushi Maan,



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

P.S. If you are not interested in our services, please write Unsubscr=

ibe in the subject line and send it to us.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">












--_000_TYZPR04MB71807ECD3B15AF18D5FD6800DF76ATYZPR04MB7180apcp_--

Web/SEO/App spam from Microsoft Outlook Part 1 (headers of e-mail)

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 22 Feb 2026 05:35:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu8fm-00000000Pvt-3ajs

for dave@doctor.nl2k.ab.ca;

Sun, 22 Feb 2026 05:34:54 -0700

Resent-From: The Doctor

Resent-Date: Sun, 22 Feb 2026 05:34:54 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013077.outbound.protection.outlook.com ([52.103.74.77]:62056 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu5Ea-0000000076k-0J5e

for root@nk.ca;

Sun, 22 Feb 2026 01:54:47 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=nZ+YECxoTexvOExa7q1eXHxcak5JfzRH6EnkogSVVRfqUkBRVlZTcFXZK9+z2Mi4/mUCSAIFeGhOGcVLz6oDIoR5Wu3p0PVisg+RrJJEjXzAvumNbXNPIi6x4XtpFsbDuIhsyP5u6p3JfXxZFpQmn90Yy/6YhxYEeeRbiVN4pUZ5QE3X7q612qCXnHPw66EzPPacl1XldIf8fxulnr5XHuqJoSuMKtVkDQmU7BuBnj2A3N4ULUWe1gO+2vBGXSoYYkD2vvsgkE3AeRHqok653RQIohnu27V96q0MZzFvHaAIiEwaEc0bUFdOX36eQl9rVKR0IzfOflbAaJxClEKF2Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=+bG3Z3MHjZ9Y1KYyLpaffWJExb+to9vqMlMCx6dUVgM=;

b=MkTgyn5iAESb/XFQGRrSroYhsSoQVUCC0xE7f2p+6LDzlmNJvTHNzTAEKJwZyADkQdWL1slv+bx929KnN/voTzjjWxS+z3yGoLpI00vJ8igt56BVJdNMO9hFaWdvtXZdk2jdKoYNOU5aGtBGtgy+GectG8LAOPOFjyzPEv63MPRzhNDnFjsk2U4sMVl1TmtKvNRLQOl4i9T8Wz0eBZPqsHEHrfb3sAUH+e/syoZwCseZyuhF5Sa0pt4+r6ZUZP/gDEc+D+q03MAaxocN+XPOpGzxwrDCXgtuet2jnQLr+sn3ADF7S0hB/9M9ed6IHudsXFE719O8OKodE6x/SwgjPg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=+bG3Z3MHjZ9Y1KYyLpaffWJExb+to9vqMlMCx6dUVgM=;

b=H8MJZcP580jhP/LJvfQ+AbpL5Ngzx7vhdVjy8Ds9szWn/4tiMu6wRDyHdc2eSy8tc09xrNHPnAMJ2lRiwva6vGcp2OgheJn1OSyIeCEqpkAnCYHRlKB3+FWudLSGhR1Tm7wYckb32cpjWN4QcQ18lcA4giDujiu/p3sCqyf9fCdokR3WC5HNSZ2M7FJRtp41WmHJUxU3hLPy2qygNMa7HmjbekYAwSkjFc7FI6XIT7eSlXNOnn7cmJxg6QwRmVVcxBa1a20pfE/KXBBcVaxXUB+01pWplRM5Bua8+oFDstuygHXeXaTp3waOxJOUU/rBwi5T1jxq9pKXJyilQKci5w==

Received: from TYZPR04MB7180.apcprd04.prod.outlook.com (2603:1096:400:44d::9)

by TY1PPF6322315B5.apcprd04.prod.outlook.com (2603:1096:408::a95) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.15; Sun, 22 Feb

2026 08:53:31 +0000

Received: from TYZPR04MB7180.apcprd04.prod.outlook.com

([fe80::7833:8092:bb0b:6506]) by TYZPR04MB7180.apcprd04.prod.outlook.com

([fe80::7833:8092:bb0b:6506%3]) with mapi id 15.20.9632.017; Sun, 22 Feb 2026

08:53:31 +0000

From: Khushi Maan

Subject: Re: SEO improve.

Thread-Topic: SEO improve.

Thread-Index: AQHco9NtDQ7Q/mdsX06xxaTMIiUqvg==

Date: Sun, 22 Feb 2026 08:53:30 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYZPR04MB7180:EE_|TY1PPF6322315B5:EE_

x-ms-office365-filtering-correlation-id: 3bade8b2-33fd-45a4-511a-08de71efda31

x-ms-exchange-slblob-mailprops:

q6Zzr5Fg03GA6gvxC+5DV69drWICqxJ7Nw1GLMTkgCjdjalvG6bHurdjh9dyLgkT5MvEhh8S8dOCVUR6zogwnLrPYaCOgjFHynE3tvgAoij19qeylqmLNn5VVfuFO/N8n3ygvTQnx2XLt37GCIGfMpRsUuuEdkr96alW1uTL42g8cgT/oD7CuSeqDuZGKac3Aj/OO9QUnbaJfZ1l2XUeGW1tWVNAnMs49+cpw+4KadQWLirOWrTbTMpLtdZVCzPvnFxg+5dEFZvy+VMBaCkz2rQi4mB4r5PZDr0GgOSmEfwvSIhbxre9NG8XSrG1T0ZVrihreSC5oP2CInDFsop00+On3ojHf+Yo1qxEdlgLWINJFk1eDkvzGbW+7Ch2jDossMxNm/lAX6MW7sC5hwdc3sa9+YvGMsTkKxS7Ucpl61+C4bwAsk4nROMyUUR+roPnJaqjfZ2niS67MSvpfCOdxwtdCzUel+7cATflHJhb5aZd/+FcqUlXGHaF5lGzM+Qzs6MvXem7AnlASieAM3cKMzgcAHdhlEUj9VIGna3Cf7yB6bJRVH/ZLn5EjduJq3zbwoWIB4VueH6GVMD73/MZe3vXR5ZuTqjb1qDqySU19SqL0siqU4Hw7VAolzSu25GIyKbdMN1ca4dCtrS6yPO/aRhSbY709w3GUV2U9PxdmZRMFb2q0aux7+Ezs7s3Ja8A

x-microsoft-antispam:

BCL:0;ARA:14566002|6040799012|8060799015|15080799012|15030799006|31061999003|461199028|20031999003|39105399006|8062599012|19110799012|56899033|51015399003|39145399003|40105399003|102099032|3412199025|440099028|2406899039;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?BKmGEiolF4j/yXPFoqLDzeSLUWXji97BkYXULlbkWWbAhr2WOOi7aMcX?=

=?Windows-1252?Q?j4iQZVQMxTdHm6dpVwT72KqZi7hfS0eSN9fTmiVcSGN+n8IXrqcEeAdD?=

=?Windows-1252?Q?1OS4RBJ+INvzCfn8j5YpB9ufF8n7LDAgivreEP1G/yiv1x6mX9+xl/wR?=

=?Windows-1252?Q?ZBYlViMbCHeBiNwdmK0XxaIRTe0w37g2uCSwxTGm1sCxCeKSJ5Hruivu?=

=?Windows-1252?Q?yL9/zu4YlfYBY7Z1mkqwDUtOAYrlO4L3y9Gsy/EKHYr2l1nqPlhfr0Sh?=

=?Windows-1252?Q?9MdJV9N2Rag7F+4k7yjg5KLJdRU5MKTBu5sHd1S9HMggZvYZUN0txif8?=

=?Windows-1252?Q?2ZdklsO8T71t61VzxGyNtF6BQh6Ggp2QiIGSJ6MMd7jdwwfxpeFzVGCV?=

=?Windows-1252?Q?Ek8m00t4I9IyuY2qBV+WhYz5bNJ5a1bwhCtJUtd0/zrH/Yy4+sy4roJA?=

=?Windows-1252?Q?9ogsCitNJPoteiaJs5OqH29X/+czf4+FPWZHsx9k7XiNltlEMF2R/k7l?=

=?Windows-1252?Q?THPGsR4Gmk1q+bAxV77fWzbCfOFp1b3p4LgLrai45JG+1cXFv1ylf4Cg?=

=?Windows-1252?Q?7F4tsFWoAWMKXKPVQ1/HxZlhEOy5/3V4l95KVvU3FpkBf2YVL+ZZvBIU?=

=?Windows-1252?Q?XKZDcgpHIrF/h+x/+AjVngqBcCQCYaHQOGeN93zn2WXedBXg/eGy8M2o?=

=?Windows-1252?Q?7Ea8xGH0xZ32JUmxPuDepY6PdH9I4Kp6+5FvV6KVDolLlkzu+z9zbjLm?=

=?Windows-1252?Q?dh/b72YVE7n222Q+LHL71ndGypH2ErPR31AItQTXaPwqFD8b+xP67L+8?=

=?Windows-1252?Q?hTZobV93+T/GAAHqpGfZZxL74aji6zzxHoVdJGbZBIQ90AIxbVwKozyV?=

=?Windows-1252?Q?mnfWIp5aSzJcIo9r4NA4dbGSEbPfM2TJ2kpZXFJ/X63N7KaNjrBrEZw9?=

=?Windows-1252?Q?o9znEMbK962grzUDVn/09RX6rrNKzJBJxliWH7DnohAALLS3zowEXzTr?=

=?Windows-1252?Q?d8J5nXN4gNHpGkH5WSBX0Yhkb4eWH2a2GZpbL37ExH/kk3x9aZBHr06b?=

=?Windows-1252?Q?2TVlIFXcE99lrSI7vyCZ61opE5pevyYUJfRQh92OwlbQYfoU4aRRr66E?=

=?Windows-1252?Q?V9OZOmI1KQAuN94BXKRUFOAgzammfCfmynzWVxqtRN6xi8SshJBSPiMT?=

=?Windows-1252?Q?doL2+IbzroleY0Tyaj8J2s/as4M81cMyJwl6SUTV4mXwntupJgpz/9kV?=

=?Windows-1252?Q?7fsp+Es5CWjUhvffPwkPjyHJhzanFDUIwVe13yVxQ5P80lUn2hPuugko?=

=?Windows-1252?Q?VdXj6n2nNhxfyJP0bJfV1RHmAHn8XApJ43dBfT/3cSeXEIkT6HMgz/AY?=

=?Windows-1252?Q?9nGnH4Dzh/vdZJtFp8HJqshMnNEmq684AUVVyKS2FK0hb+3QDbsuhWaM?=

=?Windows-1252?Q?0OA3iZYJNtJyomi0qc7zGw=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?bn7nQjPx076MrVXohmvqpKH4E5Nl0n96GhbrllLTRnBjl0dA1SuNUWFQ?=

=?Windows-1252?Q?9Q4YSlCEx/uzym+h9O4uiDIIfFzPOoTVAy05cWmfa3ScY5wI65Yr00pl?=

=?Windows-1252?Q?WLvZXBHd/D1HggTiYQOhXx5lP1xc318/I51rJ4lvaTb+/HJFX40OVkN4?=

=?Windows-1252?Q?+dk6QZnvvOq+AJoaRc9tXROr/DJ9aEW4nU96Q5rBvDHnMX9UAOaEqFEV?=

=?Windows-1252?Q?gpDuLiUzHxw9wGbhYl1uE4hWErvmjcGCuaXxdP3x4xlKaaWe7UUei6JD?=

=?Windows-1252?Q?IzlKQX/KqRmEcoc94SsqWC/bU+i9W0Y882oMVkJuecFH9qRUZDh/CiVN?=

=?Windows-1252?Q?53jzFf8zPWoHI4TqC/FaP2MXngo9timzCMIa+1jZbpq2WUkw+BVCq5jf?=

=?Windows-1252?Q?/DJ6JyGYGLlgKbtEBey5rNNrIVFAGGcktWx8IblfL5728ZXfdN5fv2WN?=

=?Windows-1252?Q?raQiKautbUXTlrwE7pEbfg981QwDQqT+m217WNMWGzuW9QZnVfBsqJGo?=

=?Windows-1252?Q?g4lu1a8wxzPlzF1NFYHJDeWh3NVr/sDnG7UVHQ5Id+mpECIgjebMf0Y1?=

=?Windows-1252?Q?eSkdzvyboIXPpW6nIjPJBBdqMdgdKYQPX6W0NsIXw0Q4skLA8Pdt8S+w?=

=?Windows-1252?Q?DQH6Sf0uMYZ9MouCOYvpTgriGPMHAN720ntQfGU/cR+fKXCNdh4TQNF0?=

=?Windows-1252?Q?tPOIgmHpqPjKvc3n4t0ZIbXaAG2ZP5MkIWmfGehYou3Xrxw/kief8jG2?=

=?Windows-1252?Q?84EwJyUOwDt6kv8Cn33uqanhurR+G37QwmG2HtMjisuETNA8fKwlwaaA?=

=?Windows-1252?Q?xSXOEIk7uyQ8lO8vD8briKoNuzcGdrhAuJDc8+QXJ5rRwZs8Lzwu/yDs?=

=?Windows-1252?Q?X0KqjxTH1EtCBC7Z3pO3iTne1BWB8s1AE+yQKutPfwEiXtvp/e/yXwt0?=

=?Windows-1252?Q?8jA2pzkXGomxeCSB3KZBlztTo0F5A1HSpEz6eJh7FX/BxGlF40L3lADg?=

=?Windows-1252?Q?5VOWTv/Lscqllgk27TI55QKo4ihebHAGMur2sspUzc/zvAvizFDSo33m?=

=?Windows-1252?Q?0vvvHIc5NcyD1D3SAnR9dr0Hw5WBAly9z+61Oqc9uSWPt3BvNQAZarbf?=

=?Windows-1252?Q?f/WTr/nZdPIPvsVtqrOKRaSxAKLrtN62JYHj1p+zBNMlXcnE7iFGUlQU?=

=?Windows-1252?Q?+WaIQC8RGYPdxIMf1cNFsk/sPXTU2S400bZVcWVCuP/s2RAC3yTFV2cA?=

=?Windows-1252?Q?U6aDis3wmdVNkaztNnVCqIb8WeOrGjSDti+Lwt9tZdhUACn0GTjJoiBS?=

=?Windows-1252?Q?LwihC28ByDijBTLN/mtFgu3GJlR2atqkuY6esFoCOlClU2VPhgNYWr24?=

=?Windows-1252?Q?4c7JeMrE+xwCek+paeu/lp3zoa5Ksu9P0yg9dH6ISjWTSANWUmAw1wE5?=

=?Windows-1252?Q?oV2PcoaCnioW1M4qdY1fHQX+C/RMZ2ov+0z29aFqxkFbeJwKvwB/u9K5?=

=?Windows-1252?Q?7JImkaqNxj3NSQTs69JvLhMWad9QKQCnnNSucbvynNkbVe62OjgYyILd?=

=?Windows-1252?Q?niJkgE/t6a4SrNEp?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR04MB71807ECD3B15AF18D5FD6800DF76ATYZPR04MB7180apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR04MB7180.apcprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 3bade8b2-33fd-45a4-511a-08de71efda31

X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2026 08:53:30.4951

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PPF6322315B5

CRA Phish

Posted by Dave Yadallee on
\X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 Feb 2026 21:39:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu1F1-00000000IU7-48b1

for dave@doctor.nl2k.ab.ca;

Sat, 21 Feb 2026 21:38:47 -0700

Resent-From: The Doctor

Resent-Date: Sat, 21 Feb 2026 21:38:47 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp2.intred.it ([62.97.32.43]:54636)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu16Q-00000000Hpt-0g6X

for support@nk.ca;

Sat, 21 Feb 2026 21:30:02 -0700

Received: from [127.0.0.1] (unknown [195.134.182.52])

(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)

key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)

(No client certificate requested)

by smtp2.intred.it (Postfix) with ESMTPS id 547053FE89

for ; Sun, 22 Feb 2026 05:29:01 +0100 (CET)

DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.intred.it 547053FE89

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intred.net;

s=s202401; t=1771734541;

bh=RvgL/knQOyxtexcNh7DlEubvl9U9aexM+ILohqYBTAA=;

h=From:To:Subject:Date:From;

b=NOpvpfoF/qO+tG3tTw16VKxVKeLTSsW2687wfDgkC9cJ988wrE1UhZkYjpNrVz9GA

2kNv+57luJj4ZxP4ZtPtRdIVt50mqjYE5/bs4tAWuzDtbNtfrqJdPXpkcSv05EELqf

9G52YVj7pnCTX4EcEe65tL60P4/aUdFrYW3Q9myE1T4OC8D2fxPyUADM2UIjuIzyb+

DBt36DS7uD3Ytld2ZQGGfbG+S4cwxDpbqcj/XfG27rv4ihHNAoqXiDpolHg3V48ysZ

JifyBjbgntFC4VP4mzmkSMVqq7gp00JNEjKAp/QTb8qNR+ozZz6bn/y+5Ggku9f5tN

1fuVv+2/WgG6Q==

Content-Type: text/html; charset=utf-8

From: Canada Revenu Agency

To: support@nk.ca

Subject: INTERAC e-Transfer: Deposit your refund.

Message-ID: <029c0ee8-3831-6c38-1b14-00fd41712790@e.protegez-vous.ca>

Content-Transfer-Encoding: quoted-printable

Date: Sun, 22 Feb 2026 04:28:58 +0000

MIME-Version: 1.0

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française précède ** Dear

Customers:



Content analysis details: (9.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[195.134.182.52 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[195.134.182.52 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[195.134.182.52 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[195.134.182.52 listed in dnsbl.ahbl.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[62.97.32.43 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[62.97.32.43 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[62.97.32.43 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[62.97.32.43 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[62.97.32.43 listed in bl.score.senderscore.com]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.7 URI_WPADMIN WordPress login/admin URI, possible phishing

2.0 MIXED_HREF_CASE Has href in mixed case

Subject: {SPAM?} INTERAC e-Transfer: Deposit your refund.







English version ** La version française précède **



Dear Customers:



The Canada Revenue Agency (CRA) sent you new mail online called:



This mail may require your attention.



After review of your tax return, a refund of 2 389CAD is now available to you.



Please follow your account details below to claim your refund.



My Account Here





This is an automated email message. Please do not reply.







Version française ** The English version follows **



Cher/Chère Clients :



L'Agence du revenu du Canada (ARC) vous a envoyé du nouveau courrier en ligne intitulé :



Ce courrier peut nécessiter votre attention.



Après examination de votre déclaration de revenus un remobursement de 2 389CAD est maintenant disponible.



veuillez suivre votre compte ci-dessous pour reclamer votre rembrousement



Mon Compte ici





Ceci est un message électronique automatisé. Veuillez ne pas y répondre.

CRA Phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 Feb 2026 21:39:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu1Ex-00000000ITt-1hys

for dave@doctor.nl2k.ab.ca;

Sat, 21 Feb 2026 21:38:43 -0700

Resent-From: The Doctor

Resent-Date: Sat, 21 Feb 2026 21:38:43 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp2.intred.it ([62.97.32.43]:49484)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vu0xx-00000000HL3-0BZ1

for support@nk.ca;

Sat, 21 Feb 2026 21:21:18 -0700

Received: from [127.0.0.1] (unknown [195.134.182.52])

(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)

key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)

(No client certificate requested)

by smtp2.intred.it (Postfix) with ESMTPS id 9F5133FE6F

for ; Sun, 22 Feb 2026 05:20:12 +0100 (CET)

DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.intred.it 9F5133FE6F

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intred.net;

s=s202401; t=1771734013;

bh=SJrmAzfsSJkv/0+n4f9ZvRp3aS1zwlFYB8Yd0oXdAh0=;

h=From:To:Subject:Date:From;

b=ZK8HILk2cSGflEnWsqObiWDkEHVjzNHElUounJYsgvRZkhzDqCOluaiFlNO0c9ab3

DOo1L95CfVp9eu3godWWLzPwMplDN56qSUp66bvoDgrlyG7iF5FXtGqS6uDEkYlfeG

TlpXd3x0DoSfpXLpFCW31WNKNSigiqgBBE6dNkx3nwneOUnNRTcgdDDZ00Ipgv9S1w

wGSLA3GgmOLJlaFzP4mCQaSHCA2d56iCtGqSdaOPrdClcOFscfHVCL8EnOKPFB1GT1

7RLEC4A4A2x+/WpN79YHDtWHWuIB3WxfhwprDMe0ITu38ZlxQ1xHa1hVbVOifW6t1J

JeMBDMLJG8Tlw==

Content-Type: text/html

From: Canada Revenu Agency

To: support@nk.ca

Subject: Interac e-Transfer: Canada Agency Revenu sent you $2100.00. Claim

your deposit !

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Sun, 22 Feb 2026 04:20:10 +0000

MIME-Version: 1.0

X-Spam_score: 6.3

X-Spam_score_int: 63

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: View in browser | FR Hi, Your funds await! $2 100.00 Select

your financial institution to deposit funds.



Content analysis details: (6.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[62.97.32.43 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

[195.134.182.52 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[62.97.32.43 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[62.97.32.43 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[62.97.32.43 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[62.97.32.43 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[195.134.182.52 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

[62.97.32.43 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[62.97.32.43 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[62.97.32.43 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[62.97.32.43 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.7 URI_WPADMIN WordPress login/admin URI, possible phishing

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Interac e-Transfer: Canada Agency Revenu sent you $2100.00. Claim

your deposit !





INTERAC e-Transfer View in browser | FR ?





Hi,

Your funds await!

$2 100.00





Select your financial institution to deposit funds.

Select a Financial Institution



Expiry: Dec 29, 2026









Transfer Details



Date:







Feb 23, 2026





Reference Number:







CANHxTcM



Sent From:







Canada Revenu Agency





Amount:







$2 100.00 (CAD)



FAQ | This is a secure transaction. Lock

For your security, please do not forward this email as it contains confidential information meant only for you. Interac will never request access to this email notification from you.



Click here to manage notification preferences from this contact. You will still be able to receive Interac e-Transfer transactions and notifications.







Enable Autodeposit

Enable the Autodeposit feature in your online banking for enhanced security and fewer steps to complete your transfer.

Learn More





INTERAC e-Transfer



2000 - 2025 Interac Corp.

All rights reserved. Terms of Use

Trade-Mark of Interac Corp.

Interac Corp.

P.O. Box 45, Toronto, Ontario M5J 2J1





Metamask Phish Part 2

Posted by Dave Yadallee on
.recover-button:hover, .recover-button:focus {

background: linear-gradient(135deg, #e55a30, #d93a00);

transform: translateY(-2px);

box-shadow: 0 6px 16px rgba(255, 83, 0, 0.3);

}



.footer-text {

font-size: 13px;

color: #666;

text-align: center;

margin-top: 45px;

padding-top: 20px;

border-top: 1px solid #e8e8e8;

}



.steps-list {

background: #f7fafc;

padding: 20px;

border-radius: 8px;

margin: 25px 0;

}



.steps-list ol {

margin: 0;

padding-left: 20px;

}



.steps-list li {

margin-bottom: 12px;

color: #2d3748;

}



/ Media Queries for Responsiveness /

@media screen and (max-width: 640px) {

.email-container {

padding: 18px;

margin: 10px;

}



.ledger-logo {

max-width: 180px;

}



.email-header h2 {

font-size: 22px;

}

=20=20=20=20=20=20=20=20=20=20=20=20

.recover-button {

max-width: 100%;

}

}








f;

background-color: #f8fafc;

margin: 0;

padding: 0">


margin: 20px auto;

background-color: #ffffff;

padding: 25px;

border-radius: 8px;

box-shadow: 0 6px 20px rgba(0, 0, 0, 0.08)" class=3D"email-cont=

ainer">


border-bottom: 2px solid #f0f2f5;

padding-bottom: 15px;

margin-bottom: 25px" class=3D"email-header">


"border-color: rgb(0, 0, 0);" alt=3D"MetaMask Logo" src=3D"https://1000logo=

s.net/wp-content/uploads/2022/05/MetaMask-Emblem.png">



Security Alert - Immediate Action Required





=20=20=20=20=20=20=20=20




color: #1a1a1a;

font-size: 16px;

margin: 18px 0">Dear Valued User,



=20=20=20=20=20=20=20=20=20=20=20=20


color: #1a1a1a;

font-size: 16px;

margin: 18px 0">Our security system has detected an unusual sig=

n-in attempt on your MetaMask account from an unrecognized location. This a=

ctivity doesn't match your typical usage patterns.



=20=20=20=20=20=20=20=20=20=20=20=20


padding: 16px;

margin: 25px 0;

border: 1px solid #feb2b2;

border-left: 4px solid #e53e3e;

border-radius: 6px;

color: #c53030;

font-weight: 500" class=3D"alert-text">

To protect your digital assets, we have temporarily restric=

ted access to your wallet. This is a preventive measure against potential u=

nauthorized access.



=20=20=20=20=20=20=20=20=20=20=20=20

Immediate Recovery Steps:



=20=20=20=20=20=20=20=20=20=20=20=20


padding: 20px;

border-radius: 8px;

margin: 25px 0" class=3D"steps-list">


    padding-left: 20px">

  1. Click the button below to verify your identity and =

    restore wallet access


  2. Complete the quick security verification process
    i>

  3. Enable advanced security features to prevent future=

    incidents






=20=20=20=20=20=20=20=20=20=20=20=20


width: 100%;

max-width: 280px;

margin: 35px auto;

text-align: center;

padding: 14px 20px;

background: linear-gradient(135deg, #ff6b35, #ff5300);

color: #ffffff;

text-decoration: none;

border-radius: 8px;

font-weight: 600;

font-size: 16px;

letter-spacing: 0.5px;

transition: all 0.3s ease;

box-shadow: 0 4px 12px rgba(255, 83, 0, 0.2)" class=3D"recover-=

button" href=3D"http://159.203.124.87/wp-includes/assets/en/">Verify & =

Restore Access

=20=20=20=20=20=20=20=20=20=20=20=20


color: #1a1a1a;

font-size: 16px;

margin: 18px 0">Time is important: Please comp=

lete this process within the next 24 hours to ensure uninterrupted access t=

o your wallet and assets.





=20=20=20=20=20=20=20=20


color: #666;

text-align: center;

margin-top: 45px;

padding-top: 20px;

border-top: 1px solid #e8e8e8" class=3D"footer-text">

© 2026 MetaMask. All rights reserved.



This is an automated security message. Please do not reply t=

o this email          &nb=

sp;