Urgency Spam from gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 12 Aug 2022 07:40:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oMUsg-000LRU-V8

for dave@doctor.nl2k.ab.ca;

Fri, 12 Aug 2022 07:39:18 -0600

Resent-From: The Doctor

Resent-Date: Fri, 12 Aug 2022 07:39:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f53.google.com ([209.85.208.53]:42529)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oMUYR-000I0E-1p

for doctor@doctor.nl2k.ab.ca;

Fri, 12 Aug 2022 07:18:29 -0600

Received: by mail-ed1-f53.google.com with SMTP id z20so1292664edb.9

for ; Fri, 12 Aug 2022 06:18:02 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc;

bh=IkSe8Ybk+NQ1nTev6i6fqLrcb+1xrUc4kshJwGEUimk=;

b=comdHxZsFvky8qcH+rJ+pNuaUdhOuDf+iYrfrafy4CKov6puOXHm9zUoYtdEwnz4IQ

kYTx8Z4Rbi3hQXV8nlR+sGOgsKaitupZfd6wYO0nFYwr5j9tmnETBqKwlfgaqUamqo+3

/JJStdGkP4LlyxV3xjCKZEiPBelO1daBXUDGWZxqA9LHp9qJKUtXJo1sWTdf6ouR9wZI

IRPAD7dItP09KUMKsOgkvzotu7/e+DwHhZXCqYXjpgUklTNLB/ki7iDE3cAInLacPAgv

aPJmM/XEPyCIAzdNrNqAu7RHzw/jYFbYpmzF9olX+pSL/OIzpE5yw2BaguKXbQ8x4nYE

1bfw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc;

bh=IkSe8Ybk+NQ1nTev6i6fqLrcb+1xrUc4kshJwGEUimk=;

b=M5yeOvnx1fTvePvmCXZPiI/yDdz9An8Z+n4l5EhTJT6LUqUsJyLiX0f5yRNgLRPc2W

JOLgELcyMMvbJZFYuyJAyimSFlndfuehWa+oWf9MsYgpl7qgZUh+dpzXdps0fJDgFH2o

TFEYaOMCqbPwbtVmJi4t8J2gMtbalnZa/wNAkpUJML8W136QtIHXZPl/Cg8U8WC1tAiJ

nfHE4QVrp5Mp8VxtjsT9yXe4OcLMWxBgFRasPSblBvJZqGJ6Dtdinuou2xjqp3Sn3WQ0

IEMHYa85BEWasC0aAxczZ9MHkODB/xc6ny9bm369T6KvG1EnMZc8JPXMm9llMmpAh6FS

8zGw==

X-Gm-Message-State: ACgBeo3wKoRaOlTP79dO/eBBWgnGPqPybwp7DmcxudUS/IkYM7if4Iqp

atiyl3zOpv65gDFA0J50RJ94W884MoMmOq9wM0g=

X-Google-Smtp-Source: AA6agR4a5QGS84Y3sGpMER1nsN0AkawBo1MysdvhkSfY18IsvYk4FYuE+H5+SvZw6oyO4QHCYaUVJ4zfuYhTYlN4T48=

X-Received: by 2002:a05:6402:5384:b0:431:6d84:b451 with SMTP id

ew4-20020a056402538400b004316d84b451mr3626016edb.46.1660310276033; Fri, 12

Aug 2022 06:17:56 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a17:906:2f97:0:0:0:0 with HTTP; Fri, 12 Aug 2022 06:17:55

-0700 (PDT)

Reply-To: mrsaifemohammed2018@outlook.fr

From: Mr Saife Mohammed

Date: Fri, 12 Aug 2022 13:17:55 +0000

Message-ID:

Subject: VERY URGENT

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 23.5

X-Spam_score_int: 235

X-Spam_bar: +++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, How are you today?. Please, I would like you

to give an urgent attention to this proposal. I have a very lucrative business

transaction which requires your utmost discretion. Though, I know it would

c [...]



Content analysis details: (23.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.53 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[westernunion5000k[at]gmail.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mrsaifemohammed2018[at]outlook.fr]

1.6 SUBJ_ALL_CAPS Subject is all capitals

-0.0 SPF_PASS SPF: sender matches SPF record

0.9 URG_BIZ BODY: Contains urgent matter

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

2.6 HK_SCAM_N13 BODY: No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 T_MONEY_PERCENT X% of a lot of money for you

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} VERY URGENT



Dear Friend,



How are you today?. Please, I would like you to give an urgent

attention to this proposal.

I have a very lucrative business transaction which requires your

utmost discretion.

Though, I know it would come to you at uttermost surprise. I am Mr.

Saife Mohammed, A banker by profession.



Please, I want to transfer the sum of ($15.5M) dollars into your bank

account. This business is 100% risk free.

Your share will be 40% while 60% for me.



Full details will be send to you on the receipt of your urgent

response by forwarding the following details bellow:



Here is my private E-mail Address: (mrsaifemohammed2018@outlook.fr)



1. Your Full Name................

2. Your Telephone No..........

3. Your Receiving Country................

4. Your Home Address........



Thanks for your anticipated co-operation.

Best regards.



Mr. Saife Mohammed,

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA