Password phishing emails originating from West Africa

[spanky]

From: "Apple" <noreply@apple.com>
Date: Sat, 26 Sep 2015

Dear Customer,

Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended.

Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information. 

Download the attached and open it in your browser and make your request.

Wondering why you got this email?
This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.

Thanks,
Apple Customer Support

 

[FrumpyBB]

Email Administrator <oche2oche1@gmail.com>

Dear Customer,
Your Email account expires today and will be disabled if you don't upgrade it

1992MB
2000MB
The remaining capacity of your Mailbox is less than 15%. Your email account will be suspended or SHUTDOWN PERMANENTLY,
which means you will no longer receive or send messages until your account is upgraded.

Kindly UPGRADE YOUR ACCOUNT NOW for Unlimited MB space to your mailbox.




BEST REGARDS.
Copyright webmaster! 2015 Email Administrator. All rights reserved.
****************************** ****************************** ****************************** ****************************** ****************************** ****************************** ***************
CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Webmaster. If you have received this e-mail>
****************************** ****************************** ****************************** ****************************** ****************************** ****

Subject: Email Account Termination
From: Email Administrator <oche2oche1@gmail.com>
To: undisclosed-recipients:;

[IceFM]

Dear Customer

How are you doing today l hope all is well with you and your family. This message is coming from world Bank PLC. we will like you to your transaction by login to your website below:

fnins.net/wp-includes/gbdoc/pdf_file/Dropbox.html

login with your e-mail and password to confirm your funds.

World Bank

[FrumpyBB]

Zenith Bank Plc <jessicalondon@info.comenity.net>
This message contains blocked images.
Zenith BankCBN BVN REG


Dear Customer

This is to bring to your notice that your ZenithDirect account has been listed for SUSPENSION.

This is because you have not validated/registered your Biometric Verification Number with your ZenithDirect account.

Follow this reference to START VALIDATION / REGISTRATION hivetrading.com/js/dix/info.php

All information must be filled correctly

NOTE: All atm and internet banking channel will be disabled and your remote access will be blocked within 12 hours failure to comply


Thank you for banking with ZenithBank

[FrumpyBB]

You are Will be Block Today
Mail Update <ralstonaj64@aol.com>

Dear User

Your billing information needs to be updated within 24Hours, If this is not done we shall suspend and Block your account Please Click Here to Update now.

Yahoo Office!2015


Received: from SERVER2003 (host183-165-static.14-188-b.business.telecomitalia.it [188.14.165.183])
From: "Mail Update" <ralstonaj64@aol.com>
Subject: You are Will be Block Today

[FrumpyBB]

Your Email Will Be Blocked Today
Mail Office <trincom721@aol.com>
Dear Mail Users,

Your billing information needs to be updated within 24Hours, If this is not done we shall suspend your account and Blcoked Please Click Here to Upgrade to the new Yahoo Mail 7 now to avoid losing access to your mail box.


Regards,
Yahoo Office 2015 Inc.

Received: from server (unknown [203.109.70.207])
by mtaout-mcd01.mx.aol.com (MUA/Third Party Client Interface)
From: "Mail Office" <trincom721@aol.com>
Subject: Your Email Will Be Blocked Today

[FrumpyBB]

E-mail Updates Required
Service Update <shagfella@aol.com>

Dear Valid User

Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Update Now to login and wait for responds from Yahoo User.

Customer Care Team

...................

Received: from EMIOLARO-PC (unknown [197.242.110.36])

^^
IP: 197.242.110.36
Country: Nigeria
City: Lagos

[FrumpyBB]

Return-Path: <scottsanchez@live.com>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by sloti25t02 (Cyrus 3.0.0-beta1-git-fastmail-11933) with LMTPA;
Thu, 26 Nov 2015 06:01:45 -0500
X-Sieve: CMU Sieve 2.4
X-Spam-charsets: plain='US-ASCII', html='UTF-8'
X-Mail-from: scottsanchez@live.com
Received: from mx6 ([10.202.2.205])
by compute4.internal (LMTPProxy); Thu, 26 Nov 2015 06:01:45 -0500
Received: from mx6.messagingengine.com (localhost [127.0.0.1])
by mx6.nyi.internal (Postfix) with ESMTP id 4B3A2900111
Received: from mx6.nyi.internal (localhost [127.0.0.1])
by mx6.messagingengine.com (Authentication Milter) with ESMTP
id 64AD063CF10.0B95C90022D;
Authentication-Results: mx6.messagingengine.com;
dkim=none (no signatures found);
dmarc=fail (p=none) header.from=live.com;
spf=softfail smtp.mailfrom=scottsanchez@live.com smtp.helo=cobra.websitewelcome.com
Received-SPF: softfail (live.com: Sender is not authorized by default to use 'scottsanchez@live.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mx6.messagingengine.com; identity=mailfrom; envelope-from="scottsanchez@live.com"; helo=cobra.websitewelcome.com; client-ip=192.185.82.219
Received: from cobra.websitewelcome.com (cobra.websitewelcome.com [192.185.82.219])
Received: from [127.0.0.1] (port=25892 helo=www.westcoastlines1.com)
by cobra.websitewelcome.com with esmtpa (Exim 4.85)
(envelope-from <scottsanchez@live.com>)
From: Scott Sanchez <scottsanchez@live.com>
To: undisclosed-recipients:;
Subject: My Pictures for you.
Organization: Yes.
Message-ID: <2712395fa3b2b5736510d40e5eafdef2@westcoastlines1.com>
X-Sender: scottsanchez@live.com
User-Agent: Roundcube Webmail/1.0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cobra.websitewelcome.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - live.com
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Exim-ID: 1a1uHa-000SrV-DL
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (westcoastlines1.com) [127.0.0.1]:25892
X-Source-Auth: westcoas
X-Email-Count: 356
X-Source-Cap: d2VzdGNvYXM7aWFrbWVkaWE7Y29icmEud2Vic2l0ZXdlbGNvbWUuY29t

Here are my new pictures on my google drive, Click here [1] to view.
Just for you. I know you would love them.

Scott

Links:
------
[1] westcoastlines1.com/pictures/newpictures/newgoogledocs/ <== dont´touch it!

[FrumpyBB]

AccessOnline Disabled
Access Bank <billing@ipnxnigeria.net>

Dear user,

Please note that your AccessOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..

Kindly re-validate your BVN number with your online account, follow our site below immediately accessbankplc.com/aboutscontact/RetailBank/

Your account will be disabled if you fail to go through this process completely.

To add security features to your account, sign in through here accessbankplc.com/home//

Thank you for choosing Access Bank, Your Bank.


Return-Path: <cashingout@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from cashingout by server88-208-236-94.live-servers.net with local (Exim 4.86)
(envelope-from <cashingout@server88-208-236-94.live-servers.net>)
From: =?utf-8?Q?Access=20Bank?= <billing@ipnxnigeria.net>
Subject: =?utf-8?Q?AccessOnline=20Disabled?=
Message-ID: <6c30a838d89f3aa7a8fd363926ed6d72@88.208.236.94>
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server88-208-236-94.live-servers.net
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [500 499] / [47 12]
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: cashingout/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: server88-208-236-94.live-servers.net: cashingout
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/cashingout/public_html/connect/index.php
X-Source-Dir: cashingout.com:/public_html/connect
Content-Length: 3114

[FrumpyBB]

Suspicious Login Alert
Zenith Bank <coachhartley@vzw.blackberry.net>

Dear Valued Customer,

Zenith Internet Banking Login Alert

There was a successful login to your Zenith Internet Banking account
Time: Friday, December 11, 2015 4:01 PM.

If you did not login to your Internet Banking account, kindly contact ZenithDirect on the Link below

ibank.zenithbank.com/internetbanking/index.jsp

stating your account details

Thank You
Zenith Bank

Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
X-Originating-IP: [88.208.236.94]
Authentication-Results: mta1525.mail.ne1.yahoo.com from=vzw.blackberry.net; domainkeys=neutral (no sig); from=vzw.blackberry.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from niceworkover by server88-208-236-94.live-servers.net with local (Exim 4.86)
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: niceworkover/only user confirmed/virtual account not confirmed

[FrumpyBB]

Email Alert Notification
Yahoo Account Upgrade <info@integrationint.org>

--

Yahoo


Dear E-mail Client,

You have exhausted the 5GB Bandwidth of your email account and for this reason some of your incoming mails with files and documents above 50KB have been filtered and placed pending.

Your e-mail account's Bandwidth has been upgraded to 10GB to enable us serve you better. Kindly Click on the below link to complete the upgrade on your account in order to receive your pending mails and enjoy better quality and efficient service delivery.



Follow this link to complete the process: CLICK HERE

Code: Select all

google.com/url?q=http%3A%2F%2Ftinyurl.com%2Fpalhzeg&sa=D&sntz=1&usg=AFQjCNFcaBdEP84OwcotuCHRJR87giRkqw

<=evil linky


Once the information provided matches the records on our database, your account will function normal again.

Sincerely,

Mail Service Team.
****************************************************************************************** *****************************************************************************************
Disclaimer:

The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.If you are not the intended recipient of this message any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited and your are requested to notify the sender & delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly forbidden.


Received: from 127.0.0.1 (EHLO si-002-i40.relay.mailchannels.net) (184.154.112.205)
X-Sender-Id: asmallorange|x-authuser|ydd.lagosregion@apostolicfaithweca.org
Received: from uscentral46.myserverhosts.com (uscentral46.myserverhosts.com [10.244.170.92])
Received: from [::1] (port=46816 helo=uscentral46.myserverhosts.com)
From: Yahoo Account Upgrade <info@integrationint.org>
To: undisclosed-recipients:;
Subject: Email Alert Notification
Reply-To: mail@upgrade.com
Mail-Reply-To: mail@upgrade.com
Message-ID: <5b02cc2296875ec5118a0372a4a37836@apostolicfaithweca.org>
X-Sender: info@integrationint.org
User-Agent: Roundcube Webmail/1.0.6
X-AuthUser: ydd.lagosregion@apostolicfaithweca.org
Content-Length: 11513

[FrumpyBB]

ZenithOnline Disabled
Zenith Bank <kelechio@philipsoutsourcing.net>


Dear user,

Please note that your ZenithOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..

Kindly re-validate your BVN number with your online account, follow our site below immediately ibank.zenithbank.com/internetbanking/

Your account will be disabled if you fail to go through this process completely.

To add security features to your account, sign in through here ibank.zenithbank.com/home/

Thank you for choosing Zenith Bank, Your Bank.


Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)confirmed/virtual account not confirmed

[FrumpyBB]

This password phishing scammer "Sani F." abuses facilities of the American University of Nigeria ("aun.edu.ng").The University is located in the city of Yola, capital of Adamawa, one of Nigeria's 36 states.

........................
Email termination
Yahoo <sani.f@aun.edu.ng>
To: undisclosed-recipients:;

Dear User,

You are required to authenticate your account below to continue sending and receiving messages.

We strongly advice you follow this link to protect your mail and avoid termination.
Regards copyright © 2015 All rights reserved.
------------------------------ ------------------------------ -------------------
Yahoo!

[coolbreeze1975]

email addy = chase.alert@comcast.net

IP NOT IN RS DB – I will post to MF

IP: 96.114.154.236
ISP: Comcast Cable
Continent: North America
Country: United States

header =

Return-Path: <chase.alert@comcast.net>
Received: from resqmta-po-02v.sys.comcast.net (resqmta-po-02v.sys.comcast.net [96.114.154.161])

email



Dear Chase Online(SM) Customer,
Your account has been locked temporarily in order to protect it. We observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account.
To get started, please click the link below:
Sign in to Online Banking
This instruction has been sent to all bank customers and is obligatory to follow.
Thank you,
Customers Support Service.

[FrumpyBB]

UBA Online Deactivation
UBACFC <sunmap@gridconsulting.net>
ubagroup.com
Dear Valued Customer,


Based on CBN Directive from 1st January 2016, We have moved our Udirect online banking site to a more safe and secured server.

Please Click here to upgrade to the new server and secure your account from fraud
blackbearridgeresort.info/Sources/call/infos.php <<DONTCHA CLICK THIS!



To continue on the current site, add security features to your account, sign in through here ibank.ubagroup.com/corp/AuthenticationController <<DONTCHA CLICK THIS! EVEN THO THIS LINK LOOKS REAL.

NOTE: Follow the security process above carefully and completely to avoid deactivation of your online account with us..

Your Online Banking security is very important to us..


Thank you.



Return-Path: <finish@8288736.securefastserver.com>
X-Originating-IP: [204.44.119.21]
Authentication-Results: mta1293.mail.bf1.yahoo.com from=gridconsulting.net; domainkeys=neutral (no sig); from=gridconsulting.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO 8288736.securefastserver.com) (204.44.119.21)
Received: from finish by 8288736.securefastserver.com with local (Exim 4.86)
(envelope-from <finish@8288736.securefastserver.com>)
From: =?utf-8?Q?UBACFC?= <sunmap@gridconsulting.net>
Subject: =?utf-8?Q?UBA=20Online=20Deactivation?=
X-AntiAbuse: Original Domain - yahoo.com
X-Source-Args: /usr/bin/php /home/finish/public_html/mailer/index.php
X-Source-Dir: finish.com:/public_html/mailer