RSS

Category Archives: Phishing Attacks (Hackers)

“Microsoft Windows Team”

PHISHING ATTACK / HACKER

warning-beware

Microsoft Windows Update
From: “Microsoft Windows Team” <noreply@microsoft.com> Return-Path: apache@shipment.xsense.co.th

Dear Windows User,

It has come to our attention that your microsoft office records are out of date. Every single Windows installation needs to be accompanied by a valid email for proper verification purpose.

This requires you to verify the Email Account. Failure to verify your records might result in account suspension. Use the link below to verify and confirm your records.

Thank you,

Microsoft Windows Team.

———-

Return-Path: <apache@shipment.xsense.co.th>
X-YahooFilteredBulk: 58.64.30.166
X-Originating-IP: [58.64.30.166]
Authentication-Results: mta1080.mail.ne1.yahoo.com
Received: from 127.0.0.1 (EHLO shipment.xsense.co.th) (58.64.30.166) by mta1080.mail.ne1.yahoo.com with SMTP; Fri, 26 Apr 2013 06:04:49 +0000
Received: from shipment.xsense.co.th (localhost.localdomain [127.0.0.1]) by shipment.xsense.co.th (8.13.1/8.13.1) with ESMTP id r3Q64gMM016043
Received: (from apache@localhost) by shipment.xsense.co.th (8.13.1/8.13.1/Submit) id r3Q64goF016042;
From: Microsoft Windows Team <noreply@microsoft.com>
Subject: Microsoft Windows Update
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]

 

Tags: , , , , ,

“WellsFargo”

ONLINE FRAUD / PHISHING SCAM

Subject: 1 new message

Your online access has been temporarily suspended

We recently detected failed attempts to provide the correct answers to your security questions. As a result, we temporarily suspended online access to your account.
For immediate access to your account, click : Sign On to Wells Fargo Online and proceed with the verification process.
Security questions are one of the ways Wells Fargo confirms your identity. For your protection, Wells Fargo safeguards your account whenever there is a possibility that someone other than you is attempting to sign on.
Sincerely,
Wells Fargo Online Customer Service
Please do not reply to this email directly. To ensure a prompt and secure response, sign on to email us.
31eh7a45-1355-4t5c-te17- 123504u38dkrl

Return-Path: <no-reply@biem.net>
X-YahooFilteredBulk: 94.229.33.233
Received-SPF: fail (domain of biem.net does not designate 94.229.33.233 as permitted sender)
X-Originating-IP: [94.229.33.233]
Authentication-Results: mta1499.mail.bf1.yahoo.com from=biem.net; domainkeys=neutral (no sig); from=biem.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mail.moonshineq.net) (94.229.33.233) by mta1499.mail.bf1.yahoo.com with SMTP; Wed, 15 May 2013 16:10:58 +0000
Received: by mail.moonshineq.net (Postfix, from userid 5003) id ED36434C35B8; Wed, 15 May 2013 18:10:57 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on vps242.xel.cz
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=ALL_TRUSTED,BAYES_50, HTML_EXTRA_CLOSE,HTML_IMAGE_ONLY_32,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY,MIME_QP_LONG_LINE,MISSING_HEADERS,REPLYTO_WITHOUT_TO_CC autolearn=no version=3.3.1
Received: from biem.net (unknown [205.204.94.129]) (Authenticated sender: test@moonshineq.net) by mail.moonshineq.net (Postfix) with ESMTPA id 0A8B134C34A3; Wed, 15 May 2013 18:08:43 +0200 (CEST)
Reply-To: no-reply@biem.net
From: “WellsFargo” <no-reply@biem.net>
Subject: 1 new message
Message-ID: <20130515090732.18758B2703054FC7@biem.net>

Wells Fargo no-reply@biem.net

 

Tags: , , , ,

“UPS Courier Service”

WARNING – EMAIL SCAM / UPS PHISHING ATTACK

scam_fraud

Account Suspended: Update Your Information
From: “UPS Courier Service” <activationserver@ups.com>

Dear Customer:

UPS Courier Service!

This message is to confirm that your online access have been suspended due to billing error.
We will review the activity on your account with you and upon verification, we will remove any retrictions placed on your account
We hope you enjoy the ease and convenience you’ll get with the ability to manage your UPS accounts from almost anywhere you are.

To access and activate your account, simply click the link below.

https://www.ups.com/us/activation ← ATTN: This is a spoofed link and NOT a legit UPS website.

The entire activation should take only 5 minutes of your time. Please complete the activation by now
Sincerely,

Thank you for being a valued customer

UPS,

Return-Path: tfcadmin@u16050260.onlinehome-server.com
X-YahooFilteredBulk: 74.208.74.16
Received-SPF: none (domain of u16050260.onlinehome-server.com does not designate permitted sender hosts)
X-Originating-IP: [74.208.74.16]
Authentication-Results: mta1534.mail.bf1.yahoo.com from=ups.com; domainkeys=neutral (no sig); from=ups.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO u16050260.onlinehome-server.com) (74.208.74.16) by mta1534.mail.bf1.yahoo.com with SMTP; Thu, 09 May 2013 01:29:45 +0000
Received: by u16050260.onlinehome-server.com (Postfix, from userid 10013) id CEB65D099; Mon, 6 May 2013 21:24:17 -0400 (EDT)
From: UPS Courier Service activationserver@ups.com
Subject: Account Suspended: Update Your Information
Message-ID: <3dfa45d367d9e24c2e74d18b1d205288@thefcove.com>
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]

 

Tags: , , , , , ,

“Paypal Service Support”

WARNING – EMAIL SCAM / PAYPAL PHISHING ATTACK

Subject: Notice Of Policy Uptadeþ

This is an automated email, please do not reply

Dear PayPal User
Your account has been limited : You Must Confirm Your Information!

Please click on the following link to Confirm It:

Click here to Confirm Your Account Information.

You Must Confirm Your Information To Save It .

Thanks You For Helping,
The PayPal Team

Need Assistance?
We’re happy to help by phone at 1-514-748-5774, Monday to Friday 9:00am to 5:00 pm EST, or by email
Copyright 2012. All rights reserved. PayPal

Email ID: 15464

Return-Path: west-heaton.co.uk@hosts.co.uk
X-YahooFilteredBulk: 85.233.160.25
Received-SPF: pass (domain of hosts.co.uk designates 85.233.160.25 as permitted sender)
X-Originating-IP: [85.233.160.25]
Authentication-Results: mta1107.mail.gq1.yahoo.com from=hosts.co.uk
Received: from 127.0.0.1 (EHLO outgoing-smtp.namesco.net) (85.233.160.25) by mta1107.mail.gq1.yahoo.com
Received: from [192.168.0.76] (helo=nutmeg.hosts.co.uk) by outgoing-smtp.namesco.net with esmtp (Exim 4.72) (envelope-from <west-heaton.co.uk@hosts.co.uk>) id 1UOXgz-0003sR-6K
Received: from west-heaton.co.uk by nutmeg.hosts.co.uk with local (Exim 4.69) (envelope-from <west-heaton.co.uk@hosts.co.uk>) id 1UOXgy-0005Gn-CD
Subject: Notice Of Policy Uptade<FE>
From: <Paypal@ServiceSupport.com>
Reply-To: Paypal@ServiceSupport.com
Message-Id: <E1UOXgy-0005Gn-CD@nutmeg.hosts.co.uk>
Sender: <west-heaton.co.uk@hosts.co.uk>
X-namescosender: 334336 45679
X-namesco: 192.168.0.151
X-Spam-Score: 2.0 (++)

Paypal@ServiceSupport.com <Paypal@ServiceSupport.com> 1-5147485774

 

Tags: , , , , , ,

Spam Sender

WARNING – PHISHING ATTACK / SPAM / MALWARE

If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <info@locationvisit.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <info@locationvisit.com>
X-YahooFilteredBulk: 5.78.137.215
Received-SPF: pass (domain of locationvisit.com designates 5.78.137.215 as permitted sender)
X-Originating-IP: [5.78.137.215]
Authentication-Results: mta1291.mail.ac4.yahoo.com from=locationvisit.com; domainkeys=neutral (no sig); from=locationvisit.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mp-cgo-fdl.k.pr.locationvisit.com) (5.78.137.215) by mta1291.mail.ac4.yahoo.com with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from mp-cgo-fdl.k.pr.locationvisit.com (mp-cgo-fdl.k.pr.locationvisit.com [5.78.137.215]]) by mp-cgo-fdl.k.pr.locationvisit.com id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <info@locationvisit.com>)
Message-Id: <20130327032599.5020D9DE7@locationvisit.com>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes info@locationvisit.com
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <info@sitesupermart.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Return-Path: info@cooltourdance.com
X-YahooFilteredBulk: 197.238.136.176
Received-SPF: pass (domain of cooltourdance.com designates 197.238.136.176 as permitted sender)
X-Originating-IP: [197.238.136.176]
Authentication-Results: mta1099.mail.gq1.yahoo.com from=; domainkeys=neutral (no sig); from=sitesupermart.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ton-cgm-dpn.cso.fhr.cooltourdance.com) (197.238.136.176) by mta1099.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ton-eeq-dpn.cso.fhr.sitesupermart.com (ton-eeq-dpn.cso.fhr.sitesupermart.com [197.238.228.176]]) by ton-eeq-dpn.cso.fhr.sitesupermart.com id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <info@sitesupermart.com>)
Message-Id: <20130326329072.A1BBF0C4F@sitesupermart.com>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?= info@sitesupermart.com
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware: http://anubis.iseclab.org/?action=result&task_id=18e3f89b0e02989e46166fa&#8230;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (159.135.84.108)
Originating Network(s): flrsbx.com
Date Received: 2/1/2013
Click Link: click.lvingguide.in (Yet another spam from Carlos Sanchez)
Location: jump.zeromargin.com
Received From:
Redirect:
Return Path: locationvisit.com
Contents of Spam:
From: View My Pic’s <info@locationvisit.com>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “

locationvisit.com — Direct Deposit <info@travelcardsite.com> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from flrsbx.com in Mt. Laurel, New Jersey 159.135.234.244 Click link is click.supertuhan.in

From LendingTree
Return-Path: <info@vacationsend.com> info@vacationsend.com
X-YahooFilteredBulk: 170.25.74.9
Received-SPF: pass (domain of vacationsend.com designates 170.25.74.9 as permitted sender)
X-Originating-IP: [170.25.74.9]
Authentication-Results: mta1086.mail.gq1.yahoo.com from=clickbigcity.com; domainkeys=neutral (no sig); from=clickbigcity.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO sy-oi-t.coa.fl.vacationsend.com) (170.25.74.9) by mta1086.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from sy-ei-t.com.ddn.clickbigcity.com (sy-ei-t.com.ddn.clickbigcity.com [176.116.24.9]]) by sy-ei-t.com.ddn.clickbigcity.com id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <info@clickbigcity.com>)
Message-Id: <20130326071504.A33A005BC@clickbigcity.com>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree info@clickbigcity.com
654c9fea4ab25d58bef7c104e2f74a8cd734dc7a@clickbigcity.com
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe

 

Tags: , , , , , , , , , , , , ,

 
%d bloggers like this: