More Apple Phish
Posted by Dave Yadallee on
From - Wed Mar 12 09:53:38 2014
X-Account-Key: account2
X-UIDL: 000571f2501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Wed, 12 Mar 2014 09:52:20 -0600
Received: from cloud.bronchwest.net ([5.153.7.59])
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from)
id 1WNlR4-0003s4-Dy
for aboo@doctor.nl2k.ab.ca; Wed, 12 Mar 2014 09:52:09 -0600
Received: from [65.102.144.38] (port=51768 helo=User)
by cloud.bronchwest.net with esmtpa (Exim 4.82)
(envelope-from)
id 1WNlQi-0003NW-T8; Wed, 12 Mar 2014 10:50:53 -0500
From: "Apple"
Subject: Your information needs to be updated !
Date: Wed, 12 Mar 2014 08:50:46 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_01C2A9A6.6DDBE1A4"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud.bronchwest.net
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - apple.com
X-Get-Message-Sender-Via: cloud.bronchwest.net: authenticated_id: admin@sadfco.com
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Will lead us to a further improvement of the system soon.
For your account information secure and up to date.
We have Intervals
verifies your identity.
Please go immediately and end this process.
To confirm please
target="_blank">Click Here
X-Account-Key: account2
X-UIDL: 000571f2501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Wed, 12 Mar 2014 09:52:20 -0600
Received: from cloud.bronchwest.net ([5.153.7.59])
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from
id 1WNlR4-0003s4-Dy
for aboo@doctor.nl2k.ab.ca; Wed, 12 Mar 2014 09:52:09 -0600
Received: from [65.102.144.38] (port=51768 helo=User)
by cloud.bronchwest.net with esmtpa (Exim 4.82)
(envelope-from
id 1WNlQi-0003NW-T8; Wed, 12 Mar 2014 10:50:53 -0500
From: "Apple"
Subject: Your information needs to be updated !
Date: Wed, 12 Mar 2014 08:50:46 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_01C2A9A6.6DDBE1A4"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud.bronchwest.net
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - apple.com
X-Get-Message-Sender-Via: cloud.bronchwest.net: authenticated_id: admin@sadfco.com
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Will lead us to a further improvement of the system soon.
For your account information secure and up to date.
We have Intervals
verifies your identity.
Please go immediately and end this process.
To confirm please
target="_blank">Click Here
[...]
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[5.153.7.59 listed in bb.barracudacentral.org]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.1 MISSING_MID Missing Message-Id: header
0.5 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.9 FROM_MISSP_NO_TO From misspaced, To missing
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Your information needs to be updated !
This is a multi-part message in MIME format.
------=_NextPart_000_0012_01C2A9A6.6DDBE1A4
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Will lead us to a further improvement of the system soon.
For your account information secure and up to date.
We have Intervals verifies your identity.
Please go immediately and end this process.
To confirm please Click Here
We apologize for any inconvenience.
Thank you.
Copyright © 2014 Apple Inc. All rights reserved.
------=_NextPart_000_0012_01C2A9A6.6DDBE1A4
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Will lead us to a further improvement of the system soon.
For your account information secure and up to date.
We have Intervals verifies your identity.
Please go immediately and end this process.
To confirm please Click Here
We apologize for any inconvenience.
Thank you.
Copyright © 2014 Apple Inc. All rights reserved.
------=_NextPart_000_0012_01C2A9A6.6DDBE1A4--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments