Password phishing emails originating from West Africa
- spanky
- Scam Buster
- Posts: 1233
- Joined: Sun Jul 21, 2013 5:45 pm
- Location: USA
Re: Password phishing emails originating from West Africa
From: "Apple" <noreply@apple.com>
Date: Sat, 26 Sep 2015
Dear Customer,
Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended.
Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information.
Download the attached and open it in your browser and make your request.
Wondering why you got this email?
This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.
Thanks,
Apple Customer Support
Date: Sat, 26 Sep 2015
Dear Customer,
Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended.
Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information.
Download the attached and open it in your browser and make your request.
Wondering why you got this email?
This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.
Thanks,
Apple Customer Support
We were not foolish to fall in love with them. Our mistake was not knowing that we fell in love with fools.
- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Email Administrator <oche2oche1@gmail.com>
Dear Customer,
Your Email account expires today and will be disabled if you don't upgrade it
1992MB
2000MB
The remaining capacity of your Mailbox is less than 15%. Your email account will be suspended or SHUTDOWN PERMANENTLY,
which means you will no longer receive or send messages until your account is upgraded.
Kindly UPGRADE YOUR ACCOUNT NOW for Unlimited MB space to your mailbox.
BEST REGARDS.
Copyright webmaster! 2015 Email Administrator. All rights reserved.
****************************** ****************************** ****************************** ****************************** ****************************** ****************************** ***************
CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Webmaster. If you have received this e-mail>
****************************** ****************************** ****************************** ****************************** ****************************** ****
Subject: Email Account Termination
From: Email Administrator <oche2oche1@gmail.com>
To: undisclosed-recipients:;
Dear Customer,
Your Email account expires today and will be disabled if you don't upgrade it
1992MB
2000MB
The remaining capacity of your Mailbox is less than 15%. Your email account will be suspended or SHUTDOWN PERMANENTLY,
which means you will no longer receive or send messages until your account is upgraded.
Kindly UPGRADE YOUR ACCOUNT NOW for Unlimited MB space to your mailbox.
BEST REGARDS.
Copyright webmaster! 2015 Email Administrator. All rights reserved.
****************************** ****************************** ****************************** ****************************** ****************************** ****************************** ***************
CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Webmaster. If you have received this e-mail>
****************************** ****************************** ****************************** ****************************** ****************************** ****
Subject: Email Account Termination
From: Email Administrator <oche2oche1@gmail.com>
To: undisclosed-recipients:;
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

-
OnlineIceFM
- Moderator
- Posts: 99794
- Joined: Fri Nov 16, 2007 10:06 am
- Location: .... on the Baltic Beach
info@wwweddings.com.au
Dear Customer
How are you doing today l hope all is well with you and your family. This message is coming from world Bank PLC. we will like you to your transaction by login to your website below:
fnins.net/wp-includes/gbdoc/pdf_file/Dropbox.html
login with your e-mail and password to confirm your funds.
World Bank
How are you doing today l hope all is well with you and your family. This message is coming from world Bank PLC. we will like you to your transaction by login to your website below:
fnins.net/wp-includes/gbdoc/pdf_file/Dropbox.html
login with your e-mail and password to confirm your funds.
World Bank
------------------------------------------------------------------------------------------------------
+++ Я не воюю с Россией +++
+++ The FAQ / FAQ in deutsch +++
+++ Я не воюю с Россией +++
+++ The FAQ / FAQ in deutsch +++
- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Zenith Bank Plc <jessicalondon@info.comenity.net>
This message contains blocked images.
Zenith BankCBN BVN REG
Dear Customer
This is to bring to your notice that your ZenithDirect account has been listed for SUSPENSION.
This is because you have not validated/registered your Biometric Verification Number with your ZenithDirect account.
Follow this reference to START VALIDATION / REGISTRATION hivetrading.com/js/dix/info.php
All information must be filled correctly
NOTE: All atm and internet banking channel will be disabled and your remote access will be blocked within 12 hours failure to comply
Thank you for banking with ZenithBank
This message contains blocked images.
Zenith BankCBN BVN REG
Dear Customer
This is to bring to your notice that your ZenithDirect account has been listed for SUSPENSION.
This is because you have not validated/registered your Biometric Verification Number with your ZenithDirect account.
Follow this reference to START VALIDATION / REGISTRATION hivetrading.com/js/dix/info.php
All information must be filled correctly
NOTE: All atm and internet banking channel will be disabled and your remote access will be blocked within 12 hours failure to comply
Thank you for banking with ZenithBank
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
You are Will be Block Today
Mail Update <ralstonaj64@aol.com>
Dear User
Your billing information needs to be updated within 24Hours, If this is not done we shall suspend and Block your account Please Click Here to Update now.
Yahoo Office!2015
Received: from SERVER2003 (host183-165-static.14-188-b.business.telecomitalia.it [188.14.165.183])
From: "Mail Update" <ralstonaj64@aol.com>
Subject: You are Will be Block Today
Mail Update <ralstonaj64@aol.com>
Dear User
Your billing information needs to be updated within 24Hours, If this is not done we shall suspend and Block your account Please Click Here to Update now.
Yahoo Office!2015
Received: from SERVER2003 (host183-165-static.14-188-b.business.telecomitalia.it [188.14.165.183])
From: "Mail Update" <ralstonaj64@aol.com>
Subject: You are Will be Block Today
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Your Email Will Be Blocked Today
Mail Office <trincom721@aol.com>
Dear Mail Users,
Your billing information needs to be updated within 24Hours, If this is not done we shall suspend your account and Blcoked Please Click Here to Upgrade to the new Yahoo Mail 7 now to avoid losing access to your mail box.
Regards,
Yahoo Office 2015 Inc.
Received: from server (unknown [203.109.70.207])
by mtaout-mcd01.mx.aol.com (MUA/Third Party Client Interface)
From: "Mail Office" <trincom721@aol.com>
Subject: Your Email Will Be Blocked Today
Mail Office <trincom721@aol.com>
Dear Mail Users,
Your billing information needs to be updated within 24Hours, If this is not done we shall suspend your account and Blcoked Please Click Here to Upgrade to the new Yahoo Mail 7 now to avoid losing access to your mail box.
Regards,
Yahoo Office 2015 Inc.
Received: from server (unknown [203.109.70.207])
by mtaout-mcd01.mx.aol.com (MUA/Third Party Client Interface)
From: "Mail Office" <trincom721@aol.com>
Subject: Your Email Will Be Blocked Today
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
E-mail Updates Required
Service Update <shagfella@aol.com>
Dear Valid User
Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Update Now to login and wait for responds from Yahoo User.
Customer Care Team
...................
Received: from EMIOLARO-PC (unknown [197.242.110.36])
^^
IP: 197.242.110.36
Country: Nigeria
City: Lagos
Service Update <shagfella@aol.com>


Dear Valid User
Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Update Now to login and wait for responds from Yahoo User.
Customer Care Team
...................
Received: from EMIOLARO-PC (unknown [197.242.110.36])
^^
IP: 197.242.110.36
Country: Nigeria
City: Lagos
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Return-Path: <scottsanchez@live.com>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by sloti25t02 (Cyrus 3.0.0-beta1-git-fastmail-11933) with LMTPA;
Thu, 26 Nov 2015 06:01:45 -0500
X-Sieve: CMU Sieve 2.4
X-Spam-charsets: plain='US-ASCII', html='UTF-8'
X-Mail-from: scottsanchez@live.com
Received: from mx6 ([10.202.2.205])
by compute4.internal (LMTPProxy); Thu, 26 Nov 2015 06:01:45 -0500
Received: from mx6.messagingengine.com (localhost [127.0.0.1])
by mx6.nyi.internal (Postfix) with ESMTP id 4B3A2900111
Received: from mx6.nyi.internal (localhost [127.0.0.1])
by mx6.messagingengine.com (Authentication Milter) with ESMTP
id 64AD063CF10.0B95C90022D;
Authentication-Results: mx6.messagingengine.com;
dkim=none (no signatures found);
dmarc=fail (p=none) header.from=live.com;
spf=softfail smtp.mailfrom=scottsanchez@live.com smtp.helo=cobra.websitewelcome.com
Received-SPF: softfail (live.com: Sender is not authorized by default to use 'scottsanchez@live.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mx6.messagingengine.com; identity=mailfrom; envelope-from="scottsanchez@live.com"; helo=cobra.websitewelcome.com; client-ip=192.185.82.219
Received: from cobra.websitewelcome.com (cobra.websitewelcome.com [192.185.82.219])
Received: from [127.0.0.1] (port=25892 helo=www.westcoastlines1.com)
by cobra.websitewelcome.com with esmtpa (Exim 4.85)
(envelope-from <scottsanchez@live.com>)
From: Scott Sanchez <scottsanchez@live.com>
To: undisclosed-recipients:;
Subject: My Pictures for you.
Organization: Yes.
Message-ID: <2712395fa3b2b5736510d40e5eafdef2@westcoastlines1.com>
X-Sender: scottsanchez@live.com
User-Agent: Roundcube Webmail/1.0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cobra.websitewelcome.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - live.com
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Exim-ID: 1a1uHa-000SrV-DL
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (westcoastlines1.com) [127.0.0.1]:25892
X-Source-Auth: westcoas
X-Email-Count: 356
X-Source-Cap: d2VzdGNvYXM7aWFrbWVkaWE7Y29icmEud2Vic2l0ZXdlbGNvbWUuY29t
Here are my new pictures on my google drive, Click here [1] to view.
Just for you. I know you would love them.
Scott
Links:
------
[1] westcoastlines1.com/pictures/newpictures/newgoogledocs/ <== dont´touch it!
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by sloti25t02 (Cyrus 3.0.0-beta1-git-fastmail-11933) with LMTPA;
Thu, 26 Nov 2015 06:01:45 -0500
X-Sieve: CMU Sieve 2.4
X-Spam-charsets: plain='US-ASCII', html='UTF-8'
X-Mail-from: scottsanchez@live.com
Received: from mx6 ([10.202.2.205])
by compute4.internal (LMTPProxy); Thu, 26 Nov 2015 06:01:45 -0500
Received: from mx6.messagingengine.com (localhost [127.0.0.1])
by mx6.nyi.internal (Postfix) with ESMTP id 4B3A2900111
Received: from mx6.nyi.internal (localhost [127.0.0.1])
by mx6.messagingengine.com (Authentication Milter) with ESMTP
id 64AD063CF10.0B95C90022D;
Authentication-Results: mx6.messagingengine.com;
dkim=none (no signatures found);
dmarc=fail (p=none) header.from=live.com;
spf=softfail smtp.mailfrom=scottsanchez@live.com smtp.helo=cobra.websitewelcome.com
Received-SPF: softfail (live.com: Sender is not authorized by default to use 'scottsanchez@live.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mx6.messagingengine.com; identity=mailfrom; envelope-from="scottsanchez@live.com"; helo=cobra.websitewelcome.com; client-ip=192.185.82.219
Received: from cobra.websitewelcome.com (cobra.websitewelcome.com [192.185.82.219])
Received: from [127.0.0.1] (port=25892 helo=www.westcoastlines1.com)
by cobra.websitewelcome.com with esmtpa (Exim 4.85)
(envelope-from <scottsanchez@live.com>)
From: Scott Sanchez <scottsanchez@live.com>
To: undisclosed-recipients:;
Subject: My Pictures for you.
Organization: Yes.
Message-ID: <2712395fa3b2b5736510d40e5eafdef2@westcoastlines1.com>
X-Sender: scottsanchez@live.com
User-Agent: Roundcube Webmail/1.0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cobra.websitewelcome.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - live.com
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Exim-ID: 1a1uHa-000SrV-DL
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (westcoastlines1.com) [127.0.0.1]:25892
X-Source-Auth: westcoas
X-Email-Count: 356
X-Source-Cap: d2VzdGNvYXM7aWFrbWVkaWE7Y29icmEud2Vic2l0ZXdlbGNvbWUuY29t
Here are my new pictures on my google drive, Click here [1] to view.
Just for you. I know you would love them.
Scott
Links:
------
[1] westcoastlines1.com/pictures/newpictures/newgoogledocs/ <== dont´touch it!
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
AccessOnline Disabled
Access Bank <billing@ipnxnigeria.net>
Dear user,
Please note that your AccessOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..
Kindly re-validate your BVN number with your online account, follow our site below immediately accessbankplc.com/aboutscontact/RetailBank/
Your account will be disabled if you fail to go through this process completely.
To add security features to your account, sign in through here accessbankplc.com/home//
Thank you for choosing Access Bank, Your Bank.
Return-Path: <cashingout@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from cashingout by server88-208-236-94.live-servers.net with local (Exim 4.86)
(envelope-from <cashingout@server88-208-236-94.live-servers.net>)
From: =?utf-8?Q?Access=20Bank?= <billing@ipnxnigeria.net>
Subject: =?utf-8?Q?AccessOnline=20Disabled?=
Message-ID: <6c30a838d89f3aa7a8fd363926ed6d72@88.208.236.94>
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server88-208-236-94.live-servers.net
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [500 499] / [47 12]
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: cashingout/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: server88-208-236-94.live-servers.net: cashingout
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/cashingout/public_html/connect/index.php
X-Source-Dir: cashingout.com:/public_html/connect
Content-Length: 3114
Access Bank <billing@ipnxnigeria.net>




Dear user,
Please note that your AccessOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..
Kindly re-validate your BVN number with your online account, follow our site below immediately accessbankplc.com/aboutscontact/RetailBank/
Your account will be disabled if you fail to go through this process completely.
To add security features to your account, sign in through here accessbankplc.com/home//
Thank you for choosing Access Bank, Your Bank.
Return-Path: <cashingout@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from cashingout by server88-208-236-94.live-servers.net with local (Exim 4.86)
(envelope-from <cashingout@server88-208-236-94.live-servers.net>)
From: =?utf-8?Q?Access=20Bank?= <billing@ipnxnigeria.net>
Subject: =?utf-8?Q?AccessOnline=20Disabled?=
Message-ID: <6c30a838d89f3aa7a8fd363926ed6d72@88.208.236.94>
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server88-208-236-94.live-servers.net
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [500 499] / [47 12]
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: cashingout/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: server88-208-236-94.live-servers.net: cashingout
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/cashingout/public_html/connect/index.php
X-Source-Dir: cashingout.com:/public_html/connect
Content-Length: 3114
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Suspicious Login Alert
Zenith Bank <coachhartley@vzw.blackberry.net>
Dear Valued Customer,
Zenith Internet Banking Login Alert
There was a successful login to your Zenith Internet Banking account
Time: Friday, December 11, 2015 4:01 PM.
If you did not login to your Internet Banking account, kindly contact ZenithDirect on the Link below
ibank.zenithbank.com/internetbanking/index.jsp
stating your account details
Thank You
Zenith Bank
Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
X-Originating-IP: [88.208.236.94]
Authentication-Results: mta1525.mail.ne1.yahoo.com from=vzw.blackberry.net; domainkeys=neutral (no sig); from=vzw.blackberry.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from niceworkover by server88-208-236-94.live-servers.net with local (Exim 4.86)
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: niceworkover/only user confirmed/virtual account not confirmed
Zenith Bank <coachhartley@vzw.blackberry.net>
Dear Valued Customer,
Zenith Internet Banking Login Alert
There was a successful login to your Zenith Internet Banking account
Time: Friday, December 11, 2015 4:01 PM.
If you did not login to your Internet Banking account, kindly contact ZenithDirect on the Link below
ibank.zenithbank.com/internetbanking/index.jsp
stating your account details
Thank You
Zenith Bank
Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
X-Originating-IP: [88.208.236.94]
Authentication-Results: mta1525.mail.ne1.yahoo.com from=vzw.blackberry.net; domainkeys=neutral (no sig); from=vzw.blackberry.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from niceworkover by server88-208-236-94.live-servers.net with local (Exim 4.86)
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: niceworkover/only user confirmed/virtual account not confirmed
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
Email Alert Notification
Yahoo Account Upgrade <info@integrationint.org>
--
Yahoo
Dear E-mail Client,
You have exhausted the 5GB Bandwidth of your email account and for this reason some of your incoming mails with files and documents above 50KB have been filtered and placed pending.
Your e-mail account's Bandwidth has been upgraded to 10GB to enable us serve you better. Kindly Click on the below link to complete the upgrade on your account in order to receive your pending mails and enjoy better quality and efficient service delivery.
Follow this link to complete the process: CLICK HERE<=evil linky
Once the information provided matches the records on our database, your account will function normal again.
Sincerely,
Mail Service Team.
****************************************************************************************** *****************************************************************************************
Disclaimer:
The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.If you are not the intended recipient of this message any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited and your are requested to notify the sender & delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly forbidden.
Received: from 127.0.0.1 (EHLO si-002-i40.relay.mailchannels.net) (184.154.112.205)
X-Sender-Id: asmallorange|x-authuser|ydd.lagosregion@apostolicfaithweca.org
Received: from uscentral46.myserverhosts.com (uscentral46.myserverhosts.com [10.244.170.92])
Received: from [::1] (port=46816 helo=uscentral46.myserverhosts.com)
From: Yahoo Account Upgrade <info@integrationint.org>
To: undisclosed-recipients:;
Subject: Email Alert Notification
Reply-To: mail@upgrade.com
Mail-Reply-To: mail@upgrade.com
Message-ID: <5b02cc2296875ec5118a0372a4a37836@apostolicfaithweca.org>
X-Sender: info@integrationint.org
User-Agent: Roundcube Webmail/1.0.6
X-AuthUser: ydd.lagosregion@apostolicfaithweca.org
Content-Length: 11513
Yahoo Account Upgrade <info@integrationint.org>
--
Yahoo
Dear E-mail Client,
You have exhausted the 5GB Bandwidth of your email account and for this reason some of your incoming mails with files and documents above 50KB have been filtered and placed pending.
Your e-mail account's Bandwidth has been upgraded to 10GB to enable us serve you better. Kindly Click on the below link to complete the upgrade on your account in order to receive your pending mails and enjoy better quality and efficient service delivery.
Follow this link to complete the process: CLICK HERE
Code: Select all
google.com/url?q=http%3A%2F%2Ftinyurl.com%2Fpalhzeg&sa=D&sntz=1&usg=AFQjCNFcaBdEP84OwcotuCHRJR87giRkqw
Once the information provided matches the records on our database, your account will function normal again.
Sincerely,
Mail Service Team.
****************************************************************************************** *****************************************************************************************
Disclaimer:
The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.If you are not the intended recipient of this message any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited and your are requested to notify the sender & delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly forbidden.
Received: from 127.0.0.1 (EHLO si-002-i40.relay.mailchannels.net) (184.154.112.205)
X-Sender-Id: asmallorange|x-authuser|ydd.lagosregion@apostolicfaithweca.org
Received: from uscentral46.myserverhosts.com (uscentral46.myserverhosts.com [10.244.170.92])
Received: from [::1] (port=46816 helo=uscentral46.myserverhosts.com)
From: Yahoo Account Upgrade <info@integrationint.org>
To: undisclosed-recipients:;
Subject: Email Alert Notification
Reply-To: mail@upgrade.com
Mail-Reply-To: mail@upgrade.com
Message-ID: <5b02cc2296875ec5118a0372a4a37836@apostolicfaithweca.org>
X-Sender: info@integrationint.org
User-Agent: Roundcube Webmail/1.0.6
X-AuthUser: ydd.lagosregion@apostolicfaithweca.org


Content-Length: 11513
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
ZenithOnline Disabled
Zenith Bank <kelechio@philipsoutsourcing.net>
Dear user,
Please note that your ZenithOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..
Kindly re-validate your BVN number with your online account, follow our site below immediately ibank.zenithbank.com/internetbanking/
Your account will be disabled if you fail to go through this process completely.
To add security features to your account, sign in through here ibank.zenithbank.com/home/
Thank you for choosing Zenith Bank, Your Bank.
Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)confirmed/virtual account not confirmed
Zenith Bank <kelechio@philipsoutsourcing.net>
Dear user,
Please note that your ZenithOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..
Kindly re-validate your BVN number with your online account, follow our site below immediately ibank.zenithbank.com/internetbanking/
Your account will be disabled if you fail to go through this process completely.
To add security features to your account, sign in through here ibank.zenithbank.com/home/
Thank you for choosing Zenith Bank, Your Bank.
Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)confirmed/virtual account not confirmed
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Yahoo <sani.f@aun.edu.ng>
This password phishing scammer "Sani F." abuses facilities of the American University of Nigeria ("aun.edu.ng").The University is located in the city of Yola, capital of Adamawa, one of Nigeria's 36 states.
........................
Email termination
Yahoo <sani.f@aun.edu.ng>
To: undisclosed-recipients:;
Dear User,
You are required to authenticate your account below to continue sending and receiving messages.
We strongly advice you follow this link to protect your mail and avoid termination.
Regards copyright © 2015 All rights reserved.
------------------------------ ------------------------------ -------------------
Yahoo!
........................
Email termination
Yahoo <sani.f@aun.edu.ng>
To: undisclosed-recipients:;
Dear User,
You are required to authenticate your account below to continue sending and receiving messages.
We strongly advice you follow this link to protect your mail and avoid termination.
Regards copyright © 2015 All rights reserved.
------------------------------ ------------------------------ -------------------
Yahoo!
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong

- coolbreeze1975
- R.I.P.
- Posts: 13721
- Joined: Thu Nov 10, 2011 4:38 pm
- Location: Somewhere over the rainbow with a Martini, stirred, not shaken
Re: Password phishing emails originating from West Africa
email addy = chase.alert@comcast.net
IP NOT IN RS DB – I will post to MF
IP: 96.114.154.236
ISP: Comcast Cable
Continent: North America
Country: United States
header =
Return-Path: <chase.alert@comcast.net>
Received: from resqmta-po-02v.sys.comcast.net (resqmta-po-02v.sys.comcast.net [96.114.154.161])
email
Dear Chase Online(SM) Customer,
Your account has been locked temporarily in order to protect it. We observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account.
To get started, please click the link below:
Sign in to Online Banking
This instruction has been sent to all bank customers and is obligatory to follow.
Thank you,
Customers Support Service.
IP NOT IN RS DB – I will post to MF
IP: 96.114.154.236
ISP: Comcast Cable
Continent: North America
Country: United States
header =
Return-Path: <chase.alert@comcast.net>
Received: from resqmta-po-02v.sys.comcast.net (resqmta-po-02v.sys.comcast.net [96.114.154.161])
Dear Chase Online(SM) Customer,
Your account has been locked temporarily in order to protect it. We observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account.
To get started, please click the link below:
Sign in to Online Banking
This instruction has been sent to all bank customers and is obligatory to follow.
Thank you,
Customers Support Service.

“Health is like money, we never have a true idea of its value until we lose it.” ~Josh Billings
- FrumpyBB
- Site Admin
- Posts: 65253
- Joined: Sun Apr 06, 2008 7:35 pm
- Location: Central Europe
Re: Password phishing emails originating from West Africa
UBA Online Deactivation
UBACFC <sunmap@gridconsulting.net>
ubagroup.com
Dear Valued Customer,
Based on CBN Directive from 1st January 2016, We have moved our Udirect online banking site to a more safe and secured server.
Please Click here to upgrade to the new server and secure your account from fraud
blackbearridgeresort.info/Sources/call/infos.php <<DONTCHA CLICK THIS!
To continue on the current site, add security features to your account, sign in through here ibank.ubagroup.com/corp/AuthenticationController <<DONTCHA CLICK THIS! EVEN THO THIS LINK LOOKS REAL.
NOTE: Follow the security process above carefully and completely to avoid deactivation of your online account with us..
Your Online Banking security is very important to us..
Thank you.
Return-Path: <finish@8288736.securefastserver.com>
X-Originating-IP: [204.44.119.21]
Authentication-Results: mta1293.mail.bf1.yahoo.com from=gridconsulting.net; domainkeys=neutral (no sig); from=gridconsulting.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO 8288736.securefastserver.com) (204.44.119.21)
Received: from finish by 8288736.securefastserver.com with local (Exim 4.86)
(envelope-from <finish@8288736.securefastserver.com>)
From: =?utf-8?Q?UBACFC?= <sunmap@gridconsulting.net>
Subject: =?utf-8?Q?UBA=20Online=20Deactivation?=
X-AntiAbuse: Original Domain - yahoo.com
X-Source-Args: /usr/bin/php /home/finish/public_html/mailer/index.php
X-Source-Dir: finish.com:/public_html/mailer
UBACFC <sunmap@gridconsulting.net>
ubagroup.com
Dear Valued Customer,
Based on CBN Directive from 1st January 2016, We have moved our Udirect online banking site to a more safe and secured server.
Please Click here to upgrade to the new server and secure your account from fraud
blackbearridgeresort.info/Sources/call/infos.php <<DONTCHA CLICK THIS!
To continue on the current site, add security features to your account, sign in through here ibank.ubagroup.com/corp/AuthenticationController <<DONTCHA CLICK THIS! EVEN THO THIS LINK LOOKS REAL.
NOTE: Follow the security process above carefully and completely to avoid deactivation of your online account with us..
Your Online Banking security is very important to us..
Thank you.
Return-Path: <finish@8288736.securefastserver.com>
X-Originating-IP: [204.44.119.21]
Authentication-Results: mta1293.mail.bf1.yahoo.com from=gridconsulting.net; domainkeys=neutral (no sig); from=gridconsulting.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO 8288736.securefastserver.com) (204.44.119.21)
Received: from finish by 8288736.securefastserver.com with local (Exim 4.86)
(envelope-from <finish@8288736.securefastserver.com>)
From: =?utf-8?Q?UBACFC?= <sunmap@gridconsulting.net>
Subject: =?utf-8?Q?UBA=20Online=20Deactivation?=
X-AntiAbuse: Original Domain - yahoo.com
X-Source-Args: /usr/bin/php /home/finish/public_html/mailer/index.php
X-Source-Dir: finish.com:/public_html/mailer
Please try your best to block ALL your scammer´s still incoming messages and calls!
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
What is all this? => The FAQ
The scammers vs. Why is "he" still doing it?
Why is alerting the man in the pictures DANGEROUS?
Please click why confronting my scammer is terribly wrong
