RSS

Tag Archives: Spoofed Email

“Microsoft Windows Team”

PHISHING ATTACK / HACKER

warning-beware

Microsoft Windows Update
From: “Microsoft Windows Team” <noreply@microsoft.com> Return-Path: apache@shipment.xsense.co.th

Dear Windows User,

It has come to our attention that your microsoft office records are out of date. Every single Windows installation needs to be accompanied by a valid email for proper verification purpose.

This requires you to verify the Email Account. Failure to verify your records might result in account suspension. Use the link below to verify and confirm your records.

Thank you,

Microsoft Windows Team.

———-

Return-Path: <apache@shipment.xsense.co.th>
X-YahooFilteredBulk: 58.64.30.166
X-Originating-IP: [58.64.30.166]
Authentication-Results: mta1080.mail.ne1.yahoo.com
Received: from 127.0.0.1 (EHLO shipment.xsense.co.th) (58.64.30.166) by mta1080.mail.ne1.yahoo.com with SMTP; Fri, 26 Apr 2013 06:04:49 +0000
Received: from shipment.xsense.co.th (localhost.localdomain [127.0.0.1]) by shipment.xsense.co.th (8.13.1/8.13.1) with ESMTP id r3Q64gMM016043
Received: (from apache@localhost) by shipment.xsense.co.th (8.13.1/8.13.1/Submit) id r3Q64goF016042;
From: Microsoft Windows Team <noreply@microsoft.com>
Subject: Microsoft Windows Update
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]

 

Tags: , , , , ,

“UPS Courier Service”

WARNING – EMAIL SCAM / UPS PHISHING ATTACK

scam_fraud

Account Suspended: Update Your Information
From: “UPS Courier Service” <activationserver@ups.com>

Dear Customer:

UPS Courier Service!

This message is to confirm that your online access have been suspended due to billing error.
We will review the activity on your account with you and upon verification, we will remove any retrictions placed on your account
We hope you enjoy the ease and convenience you’ll get with the ability to manage your UPS accounts from almost anywhere you are.

To access and activate your account, simply click the link below.

https://www.ups.com/us/activation ← ATTN: This is a spoofed link and NOT a legit UPS website.

The entire activation should take only 5 minutes of your time. Please complete the activation by now
Sincerely,

Thank you for being a valued customer

UPS,

Return-Path: tfcadmin@u16050260.onlinehome-server.com
X-YahooFilteredBulk: 74.208.74.16
Received-SPF: none (domain of u16050260.onlinehome-server.com does not designate permitted sender hosts)
X-Originating-IP: [74.208.74.16]
Authentication-Results: mta1534.mail.bf1.yahoo.com from=ups.com; domainkeys=neutral (no sig); from=ups.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO u16050260.onlinehome-server.com) (74.208.74.16) by mta1534.mail.bf1.yahoo.com with SMTP; Thu, 09 May 2013 01:29:45 +0000
Received: by u16050260.onlinehome-server.com (Postfix, from userid 10013) id CEB65D099; Mon, 6 May 2013 21:24:17 -0400 (EDT)
From: UPS Courier Service activationserver@ups.com
Subject: Account Suspended: Update Your Information
Message-ID: <3dfa45d367d9e24c2e74d18b1d205288@thefcove.com>
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]

 

Tags: , , , , , ,

Spam Sender

WARNING – PHISHING ATTACK / SPAM / MALWARE

If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <info@locationvisit.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <info@locationvisit.com>
X-YahooFilteredBulk: 5.78.137.215
Received-SPF: pass (domain of locationvisit.com designates 5.78.137.215 as permitted sender)
X-Originating-IP: [5.78.137.215]
Authentication-Results: mta1291.mail.ac4.yahoo.com from=locationvisit.com; domainkeys=neutral (no sig); from=locationvisit.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mp-cgo-fdl.k.pr.locationvisit.com) (5.78.137.215) by mta1291.mail.ac4.yahoo.com with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from mp-cgo-fdl.k.pr.locationvisit.com (mp-cgo-fdl.k.pr.locationvisit.com [5.78.137.215]]) by mp-cgo-fdl.k.pr.locationvisit.com id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <info@locationvisit.com>)
Message-Id: <20130327032599.5020D9DE7@locationvisit.com>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes info@locationvisit.com
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <info@sitesupermart.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Return-Path: info@cooltourdance.com
X-YahooFilteredBulk: 197.238.136.176
Received-SPF: pass (domain of cooltourdance.com designates 197.238.136.176 as permitted sender)
X-Originating-IP: [197.238.136.176]
Authentication-Results: mta1099.mail.gq1.yahoo.com from=; domainkeys=neutral (no sig); from=sitesupermart.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ton-cgm-dpn.cso.fhr.cooltourdance.com) (197.238.136.176) by mta1099.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ton-eeq-dpn.cso.fhr.sitesupermart.com (ton-eeq-dpn.cso.fhr.sitesupermart.com [197.238.228.176]]) by ton-eeq-dpn.cso.fhr.sitesupermart.com id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <info@sitesupermart.com>)
Message-Id: <20130326329072.A1BBF0C4F@sitesupermart.com>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?= info@sitesupermart.com
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware: http://anubis.iseclab.org/?action=result&task_id=18e3f89b0e02989e46166fa&#8230;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (159.135.84.108)
Originating Network(s): flrsbx.com
Date Received: 2/1/2013
Click Link: click.lvingguide.in (Yet another spam from Carlos Sanchez)
Location: jump.zeromargin.com
Received From:
Redirect:
Return Path: locationvisit.com
Contents of Spam:
From: View My Pic’s <info@locationvisit.com>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “

locationvisit.com — Direct Deposit <info@travelcardsite.com> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from flrsbx.com in Mt. Laurel, New Jersey 159.135.234.244 Click link is click.supertuhan.in

From LendingTree
Return-Path: <info@vacationsend.com> info@vacationsend.com
X-YahooFilteredBulk: 170.25.74.9
Received-SPF: pass (domain of vacationsend.com designates 170.25.74.9 as permitted sender)
X-Originating-IP: [170.25.74.9]
Authentication-Results: mta1086.mail.gq1.yahoo.com from=clickbigcity.com; domainkeys=neutral (no sig); from=clickbigcity.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO sy-oi-t.coa.fl.vacationsend.com) (170.25.74.9) by mta1086.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from sy-ei-t.com.ddn.clickbigcity.com (sy-ei-t.com.ddn.clickbigcity.com [176.116.24.9]]) by sy-ei-t.com.ddn.clickbigcity.com id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <info@clickbigcity.com>)
Message-Id: <20130326071504.A33A005BC@clickbigcity.com>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree info@clickbigcity.com
654c9fea4ab25d58bef7c104e2f74a8cd734dc7a@clickbigcity.com
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe

 

Tags: , , , , , , , , , , , , ,

“Norton From Symantec”

WARNING – NORTON PHISHING ATTACK

To view legitimate emails and addresses from Norton, go to Norton Support Center. When you receive an email norton@nortonfromsymantec.com then just delete it or post it for others to see.

Subject Line: You are at risk for cybercrime without Norton security

Come back to Norton and save $45.* Buy now.

Unsubscribe | View Online
Don’t Get Hacked!
Get Protected and Save $45

BUY NOW

Offer Expires 3/28/2013

Hello Porky Pig Porky Pig,
With cyber attacks on the rise, we hope you’ve found alternative
protection. It’s possible though, that your computer may have already
been breached. Don’t compromise on your PC security. Come back to
the #1 rated online security.

Norton™ Internet Security (Includes Antivirus)
Advanced Internet and antivirus protection for anywhere you go and anything you do online.
Reg. $79.99 Save 56% off now
ONLY $34.99*

BUY NOW
60-Day Money-Back
Guarantee

Unlimited and Free Updates with Active Subscription

1-Year Protection
for 3 PCs
Windows® 8/7/XP/Vista

Norton Support Legal Information Return Policy Privacy Policy Unsubscribe
*AV-Test GmbH, Real World and Remediation Test, August 2012; http://www.norton.com/avtest2013 PassMark Software, 2013 Consumer Security Products Performance Benchmarks, November 2012. http://www.passmark.com/ftp/totalprotectionsuites-nov2012.pdf both commissioned by Symantec

**Savings based on MSRP. Plus tax (if applicable). Limited time offer in the U.S. for only downloadable product through the Symantec online store. Offer cannot be combined with any other offers or discounts. Box image used for illustrative purposes only. With this service you receive the right to use this product on 3 PCs during the service period, which begins upon initial installation and activation. This renewable service includes protection updates and new product features as available throughout the service period, subject to acceptance of the Symantec License Agreement included with this product and available for review at http://www.symantec.com. Product features may be added, modified, or removed during the service period.

Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com.

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Norton, and Norton 360 are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Windows and Windows Vista are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.

Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043

A_BLST_NAM_US_EXP_2013_03_LOEM_Pre2yrs_Mobile_G_B

Return-Path: <norton@nortonfromsymantec.com>
Received-SPF: pass (domain of nortonfromsymantec.com designates 12.130.137.84 as permitted sender)
X-Originating-IP: [12.130.137.84]
Authentication-Results: mta1379.mail.gq1.yahoo.com from=nortonfromsymantec.com; domainkeys=fail (bad sig); from=nortonfromsymantec.com; dkim=permerror (bad sig)
Received: from 127.0.0.1 (EHLO om-norton.rsys1.com) (12.130.137.84) by mta1379.mail.gq1.yahoo.com with SMTP; Thu, 14 Mar 2013 05:36:47 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=symantec; d=nortonfromsymantec.com; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:Reply-To:Subject:List-Unsubscribe:To:Message-ID; i=norton@nortonfromsymantec.com; bh=2Q7D8ig5agC6PtOD4EJ5U6oPUEo=; b=B2OiLf+HBOPKM6DUlj0rCJtzLOQC70sVwFM5feIHeLr5HgKTDMqgBBBNZAFAac7FUyWAOb+8puG5 qWEIuHzGlg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=symantec; d=nortonfromsymantec.com; b=ZwnC03s1h1idf1D+DGo9ceg0EzUJOSJHAjprx58sYgoLH2gtm5rqWlKcmtilG7xdSvcwhnExaSRK Tx7Nt5K7Ug==;
Received: by om-norton.rsys1.com id h8725u162boh for <deleted@yahoo.com>; Thu, 14 Mar 2013 05:36:22 -0700 (envelope-from <norton@nortonfromsymantec.com>)
From: “Norton” norton@nortonfromsymantec.com
Reply-To: Norton reply@nortonfromsymantec.com
Subject: You are at risk for cybercrime without Norton security
List-Unsubscribe: <https://response.nortonfromsymantec.com/servlet/optout?lRtHgmLJDATUUDUEihkrRLQihlLKFRHohhDJhtEa&gt;, <mailto:unsubscribe-E4iMnbe3RZyRmLQ_UZsROOlpiYkgn98IGsAWh03JyTJB60J7Ois3dK6U75nzixcQYtW0NbMSSMUv-z0aAi-nwj2P5nlbhgZeGp4@imh.rsys4.com?subject=List-Unsubscribe>
X-cid: symantec.7011.1
X-sgxh1: ihjsPLzfihkLKT
X-valueof-PSN: P8HB6QWBXFRV
X-valueof-SEGMENT: NIS_G
X-valueof-COUNTRY_ISO: US
X-valueof-PRODUCT: NIS
X-valueof-VENDOR: ING DIRECT
Message-ID: <0.0.33.47B.1CE20B0890A54A4.0@om-norton.rsys1.com>

Subject Line: Hurry! Get the Top Ranked Protection for Less

Come back to Norton and save $45.* Buy now.

Unsubscribe | View Online
Last Chance to Save $45!
Offer Expires on Thursday, March 28!

GET PROTECTED NOW
Hello Porky Pig Porky Pig,
Don’t compromise on your PC security. Come back to the #1 rated
online protection. We even offer a 60-day money-back guarantee.
Hurry back. This limited-time offer expires Thursday, March 28, 2013.

Norton™ Internet Security (Includes Antivirus)
Advanced Internet and antivirus protection for anywhere you go and anything you do online.
Reg. $79.99 Save 56% off now
ONLY $34.99*

BUY NOW
60-Day Money-Back
Guarantee

Unlimited and Free Updates with Active Subscription

1-Year Protection
for 3 PCs
Windows® 8/7/XP/Vista

Norton Support Legal Information Return Policy Privacy Policy Unsubscribe
*AV-Test GmbH, Real World and Remediation Test, August 2012; http://www.norton.com/avtest2013 PassMark Software, 2013 Consumer Security Products Performance Benchmarks, November 2012. http://www.passmark.com/ftp/totalprotectionsuites-nov2012.pdf both commissioned by Symantec

**Savings based on MSRP. Plus tax (if applicable). Limited time offer in the U.S. for only downloadable product through the Symantec online store. Offer cannot be combined with any other offers or discounts. Box image used for illustrative purposes only. With this service you receive the right to use this product on 3 PCs during the service period, which begins upon initial installation and activation. This renewable service includes protection updates and new product features as available throughout the service period, subject to acceptance of the Symantec License Agreement included with this product and available for review at http://www.symantec.com. Product features may be added, modified, or removed during the service period.

Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com.

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Norton, and Norton 360 are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Windows and Windows Vista are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.

Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043

A_BLST_NAM_US_EXP_2013_03_LOEM_Pre2yrsRemail_Mobile_G_B1

Return-Path: <norton@nortonfromsymantec.com>
Received-SPF: pass (domain of nortonfromsymantec.com designates 12.130.137.84 as permitted sender)
X-Originating-IP: [12.130.137.84]
Authentication-Results: mta1222.mail.sk1.yahoo.com from=nortonfromsymantec.com; domainkeys=fail (bad sig); from=nortonfromsymantec.com; dkim=permerror (bad sig)
Received: from 127.0.0.1 (EHLO om-norton.rsys1.com) (12.130.137.84) by mta1222.mail.sk1.yahoo.com
Received: by om-norton.rsys1.com id h9bv0g160a8p 05:32:56 -0700 (envelope-from <norton@nortonfromsymantec.com>)
From: “Norton” <norton@nortonfromsymantec.com>
Reply-To: Norton From Symantec reply@nortonfromsymantec.com
Subject: Hurry! Get the Top Ranked Protection for Less
List-Unsubscribe: <https://response.nortonfromsymantec.com/servlet/optout?lRtHgmLJDATZBDUEihkrRLQihlLKFRHohhDJhtEa&gt;, <mailto:unsubscribe-E0vyvEZfhVe_O2oAFS-_GXnFMRDhiaHhMLjkVw55_GWJ0mnQn-ICwLjkAHvIjIhpLiMx7ss85iy-wKBqtyQGoOrZo8NKPESqeFs@imh.rsys4.com?subject=List-Unsubscribe>
X-cid: symantec.7068.1
X-sgxh1: ihjsPLzfihkLKT
X-valueof-PSN: P8HB6QWBXFRV
X-valueof-SEGMENT: NIS_G
X-valueof-COUNTRY_ISO: US
X-valueof-PRODUCT: NIS
X-valueof-VENDOR: ING DIRECT
Message-ID: <0.1.23.16D.1CE26303751A4AC.0@om-norton.rsys1.com>

Norton From Symantec norton@nortonfromsymantec.com

 

Tags: , , , , ,

 
%d bloggers like this: