Apple iTunes Phish
Posted by Dave Yadallee on
From - Thu Mar 13 07:15:27 2014
X-Account-Key: account2
X-UIDL: 0005722b501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Thu, 13 Mar 2014 07:15:12 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.82)
(envelope-from)
id 1WO522-0001Er-Ud
for aboo@doctor.nl2k.ab.ca; Thu, 13 Mar 2014 06:46:42 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Thu, 13 Mar 2014 06:46:42 -0600
Resent-Message-ID: <20140313124642.GC29058@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from cpanel-1.hostnet.lv ([89.111.24.122])
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from)
id 1WO4wW-0006AL-Up
for doctor@nl2k.ab.ca; Thu, 13 Mar 2014 06:41:44 -0600
Received: from simplika by cpanel-1.hostnet.lv with local (Exim 4.82)
(envelope-from)
id 1WO4wH-0006ny-I6
for doctor@nl2k.ab.ca; Thu, 13 Mar 2014 14:40:45 +0200
To: doctor@nl2k.ab.ca
Subject: Update your account details on iTunes.
X-PHP-Script: www.simplika.com/wp-content/plugins/11.php for 91.232.96.5
From: Apple
Reply-To: app@apple.ca
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Thu, 13 Mar 2014 14:40:45 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel-1.hostnet.lv
X-AntiAbuse: Original Domain - nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [595 598] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel-1.hostnet.lv
X-Get-Message-Sender-Via: cpanel-1.hostnet.lv: authenticated_id: simplika/only user confirmed/virtual account not confirmed
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Our security check detected multiple unwanted login attepmts
on your account. You need to update your iTunes account details for better
security. Click the link below to update your account details: Click Here
to Update [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 TVD_PH_SUBJ_ACCOUNTS_POST TVD_PH_SUBJ_ACCOUNTS_POST
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message has a phrase standard for phishing mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Subject: {SPAM?} Update your account details on iTunes.
X-Account-Key: account2
X-UIDL: 0005722b501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Thu, 13 Mar 2014 07:15:12 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.82)
(envelope-from
id 1WO522-0001Er-Ud
for aboo@doctor.nl2k.ab.ca; Thu, 13 Mar 2014 06:46:42 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Thu, 13 Mar 2014 06:46:42 -0600
Resent-Message-ID: <20140313124642.GC29058@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from cpanel-1.hostnet.lv ([89.111.24.122])
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from
id 1WO4wW-0006AL-Up
for doctor@nl2k.ab.ca; Thu, 13 Mar 2014 06:41:44 -0600
Received: from simplika by cpanel-1.hostnet.lv with local (Exim 4.82)
(envelope-from
id 1WO4wH-0006ny-I6
for doctor@nl2k.ab.ca; Thu, 13 Mar 2014 14:40:45 +0200
To: doctor@nl2k.ab.ca
Subject: Update your account details on iTunes.
X-PHP-Script: www.simplika.com/wp-content/plugins/11.php for 91.232.96.5
From: Apple
Reply-To: app@apple.ca
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Thu, 13 Mar 2014 14:40:45 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel-1.hostnet.lv
X-AntiAbuse: Original Domain - nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [595 598] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel-1.hostnet.lv
X-Get-Message-Sender-Via: cpanel-1.hostnet.lv: authenticated_id: simplika/only user confirmed/virtual account not confirmed
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Our security check detected multiple unwanted login attepmts
on your account. You need to update your iTunes account details for better
security. Click the link below to update your account details: Click Here
to Update [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 TVD_PH_SUBJ_ACCOUNTS_POST TVD_PH_SUBJ_ACCOUNTS_POST
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message has a phrase standard for phishing mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Subject: {SPAM?} Update your account details on iTunes.
Our security check detected multiple unwanted login attepmts on your
account.
You need to update your iTunes account details for better security.
Click the link below to update your account details:
Click Here to Update
We are sorry for any problems caused by our security check.
iTunes team.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments