API tools faq
paste
spamreports

fake winning SPAM email, requesting PII 01-November-2020

spamreports
Nov 1st, 2020
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.40 KB | None | 0 0
raw download clone embed print report
  1. Return-Path: <audit@gmail.com>
  2. Received: from mx4.mi.net ([unix socket])
  3. by stor3 (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA;
  4. Fri, 30 Oct 2020 16:23:34 +0200
  5. X-Sieve: CMU Sieve 2.4
  6. X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on stor3.stor3
  7. X-Spam-Flag: YES
  8. X-Spam-Level: *****************************
  9. X-Spam-Status: Yes, score=29.7 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2,
  10. BAYES_999,DKIM_ADSP_CUSTOM_MED,FAKE_REPLY_C,FORGED_GMAIL_RCVD,
  11. FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO,
  12. FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,
  13. FROM_MISSP_REPLYTO,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,
  14. FSL_NEW_HELO_USER,LOTS_OF_MONEY,MISSING_HEADERS,MISSING_MID,
  15. MONEY_FRAUD_8,MONEY_FROM_MISSP,NML_ADSP_CUSTOM_MED,RCVD_IN_MSPIKE_BL,
  16. RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,REPLYTO_WITHOUT_TO_CC,
  17. SPF_SOFTFAIL,SPOOFED_FREEM_REPTO,TO_NO_BRKTS_FROM_MSSP,
  18. TO_NO_BRKTS_MSFT,TVD_PH_BODY_META,T_HK_NAME_FM_FROM,T_MONEY_PERCENT
  19. shortcircuit=no autolearn=no autolearn_force=no version=3.4.2
  20. X-Spam-Report:
  21. * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
  22. * [124.158.10.150 listed in bl.mailspike.net]
  23. * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
  24. * https://senderscore.org/blacklistlookup/
  25. * [124.158.10.150 listed in bl.score.senderscore.com]
  26. * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
  27. * [124.158.10.150 listed in psbl.surriel.com]
  28. * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
  29. * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'
  30. * headers
  31. * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override
  32. * is CUSTOM_MED
  33. * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
  34. * provider (audit[at]gmail.com)
  35. * 4.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
  36. * 1.0 MISSING_HEADERS Missing To: header
  37. * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
  38. * digit (stevekon39[at]rediffmail.com)
  39. * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
  40. * [score: 1.0000]
  41. * 0.0 T_HK_NAME_FM_FROM No description available.
  42. * 1.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
  43. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User
  44. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
  45. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
  46. * 2.0 LOTS_OF_MONEY Huge... sums of money
  47. * 1.2 MISSING_MID Missing Message-Id: header
  48. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
  49. * 1.6 REPLYTO_WITHOUT_TO_CC No description available.
  50. * 0.0 TVD_PH_BODY_META No description available.
  51. * 1.5 FAKE_REPLY_C No description available.
  52. * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From
  53. * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
  54. * different freemails
  55. * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To
  56. * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
  57. * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing
  58. * list
  59. * 0.0 T_MONEY_PERCENT X% of a lot of money for you
  60. * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
  61. * 1.9 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool
  62. * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
  63. * reply-to
  64. * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
  65. * 1.2 MONEY_FRAUD_8 Lots of money and very many fraud phrases
  66. Received-SPF: softfail (gmail.com ... _spf.google.com: Sender is not authorized by default to use 'audit@gmail.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mx4.mi.net; identity=mailfrom; envelope-from="audit@gmail.com"; helo=mail.topasia.com.vn; client-ip=124.158.10.150
  67. Received: from mail.topasia.com.vn (mail.topasia.com.vn [124.158.10.150])
  68. by mx4.mi.net (Postfix) with ESMTP id 6163BB8D42
  69. for <urmom@mi.net>; Fri, 30 Oct 2020 16:23:34 +0200 (EET)
  70. Received: from User (unknown [156.96.115.152])
  71. by mail.topasia.com.vn (Postfix) with SMTP id C96684D32A91;
  72. Wed, 28 Oct 2020 00:33:54 +0700 (+07)
  73. Reply-To: <stevekon39@rediffmail.com>
  74. From: "From : Steve Odonkon"<audit@gmail.com>
  75. Subject: RE: STRICTLY CONFIDENTIAL (Respond Immediately)
  76. Date: Tue, 27 Oct 2020 10:34:09 -0700
  77. MIME-Version: 1.0
  78. Content-Type: text/plain;
  79. charset="Windows-1251"
  80. Content-Transfer-Encoding: 7bit
  81. X-Priority: 3
  82. X-MSMail-Priority: Normal
  83. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
  84. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
  85. Message-ID: <cmu-lmtpd-12401-1604067814-1@stor3>
  86.  
  87. Esteem Complement, Tuesday October 27th 2020
  88.  
  89. Hello, my name is Steve Odonkon, Audit Accounting Officer of Siliva valley bank, London, United Kingdom. (https://silivallechk.com/uk) I got your information when I was searching for an oversea partner among other names, I ask for your pardon if my approach is offensive as I never meant to invade your privacy through this means, and also i believe this is the best and secured means I can pass my message across to you in clear terms. I have sent you this proposal before now; I do hope this will get to you in good health.
  90.  
  91.  
  92. As the Audit Accounting Officer of the bank, I have access to lots of documents because I handle some of the bank's sensitive files. On the course of the last year 2019 business report, I discovered that my branch in which I am the Audit Accounting Officer made (�5,720,000.00). Million British pounds from some past government contractors in which my head office are not aware of and will never be aware of. I have placed this funds on what we call escrow call account with no beneficiary.
  93.  
  94.  
  95. As an officer of this bank I cannot be directly connected to this money, so my aim of contacting you is to assist me receive this money in your bank account and get 50% of the total funds as commission. There are practically no risks involved, it will be a bank-to-bank transfer, and all I need from you is to stand claim as the Original depositor of these funds who made the deposit with my branch so that my head office can order the transfer to your designated bank account.
  96.  
  97. Send me your contact details below to enable me furnish you with more relevant details that will help you understand the transaction.
  98.  
  99. Full Name...
  100.  
  101. Telephone Number...
  102.  
  103.  
  104. Thank you in advance and May God bless you and your family.
  105.  
  106. Yours truly,
  107. Steve Odonkon
  108. E-mail: stevekon39@rediffmail.com
  109. Call OR WhatsAPP +44 7926062919
  110.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!