API tools faq
paste
Advertisement
Kasha

Phishing Email - Western Union

Kasha
Jul 24th, 2012
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.57 KB | None | 0 0
raw download clone embed print report
  1. Phishing email saying they are Western Union:
  2.  
  3. (Uploaded image copy of the phishing email)
  4.  
  5. http://i.imgur.com/t1NcN.jpg
  6.  
  7. Phishing email below with headers:
  8.  
  9. _________________________________________________________________
  10. Delivered-To: **omitted email address**
  11. Received: by 10.50.22.68 with SMTP id b4csp342208igf;
  12. Tue, 24 Jul 2012 07:50:32 -0700 (PDT)
  13. Received: by 10.236.77.163 with SMTP id d23mr19036762yhe.75.1343141431872;
  14. Tue, 24 Jul 2012 07:50:31 -0700 (PDT)
  15. Return-Path: <cus069@peoplepc.com>
  16. Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net. [209.86.89.63])
  17. by mx.google.com with ESMTP id i49si15008048yhn.102.2012.07.24.07.50.30;
  18. Tue, 24 Jul 2012 07:50:31 -0700 (PDT)
  19. Received-SPF: neutral (google.com: 209.86.89.63 is neither permitted nor denied by best guess record for domain of cus069@peoplepc.com) client-ip=209.86.89.63;
  20. Authentication-Results: mx.google.com; spf=neutral (google.com: 209.86.89.63 is neither permitted nor denied by best guess record for domain of cus069@peoplepc.com) smtp.mail=cus069@peoplepc.com
  21. DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  22. s=dk20050327; d=peoplepc.com;
  23. b=ji++DKTjRXbgqov6ZA4tAR/i0HLlMhp+QfZYb5JoEOlPgplUPJFFropOjQPVWbWF;
  24. h=Message-ID:Date:From:Reply-To:Subject:Mime-Version:Content-Transfer-Encoding:X-Mailer:Content-Type:X-ELNK-Trace:X-Originating-IP;
  25. Received: from [209.86.224.34] (helo=elwamui-hound.atl.sa.earthlink.net)
  26. by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67)
  27. (envelope-from <cus069@peoplepc.com>)
  28. id 1StgOs-0007PV-NQ; Tue, 24 Jul 2012 10:47:50 -0400
  29. Received: from 41.74.0.193 by webmail.peoplepc.com with HTTP; Tue, 24 Jul 2012 10:47:50 -0400
  30. Message-ID: <16120981.1343141270420.JavaMail.root@elwamui-hound.atl.sa.earthlink.net>
  31. Date: Tue, 24 Jul 2012 07:47:50 -0700 (GMT-07:00)
  32. From: =?UTF-8?B?V2VzdGVybiBVbmlvbsKuIA==?= <cus069@peoplepc.com>
  33. Reply-To: =?UTF-8?B?V2VzdGVybiBVbmlvbsKuIA==?= <transfer014@blumail.org>
  34. Subject: You have a pending transfer with us.
  35. Mime-Version: 1.0
  36. Content-Transfer-Encoding: quoted-printable
  37. X-Mailer: EarthLink Zoo Mail 1.0
  38. Content-Type: text/html; charset=UTF-8
  39. X-ELNK-Trace: a4bf18a3c9ac5926e9c7218ab0f5e41dca1e3986070cb94714610d398cc62187d08b99f0f178fd94350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
  40. X-Originating-IP: 209.86.224.34
  41.  
  42. <head><style>body{font-size:10pt;font-family:arial,sans-serif;background-co=
  43. lor:#ffffff;color:black;}p{margin:0px;}</style></head><body><div align=3D"c=
  44. enter" style=3D"font-family: Tahoma; "><div align=3D"center"><font face=3D"=
  45. Tahoma" style=3D"text-indent: 0in !important; "><div style=3D"text-indent: =
  46. 0in !important; line-height: 1.22em; text-align: left; padding: 0px; "><str=
  47. ong><a title=3D"http://www.google.com/imgres?imgurl=3Dhttp://www.festivalse=
  48. gou.org/logo%20western%20union.jpg&amp;imgrefurl=3Dhttp://www.festivalsegou=
  49. .org/Festival,%20textpartners.htm&amp;h=3D37&amp;w=3D146&amp;sz=3D21&amp;tb=
  50. nid=3DkzwP-QhFmZ0J:&amp;tbnh=3D37&amp;tbnw=3D146&amp;prev=3D/images?q=3Dwes=
  51. tern+union+logo&amp;sa=3DX&amp;oi=3Dimage_result&amp;resnum=3D1&amp;ct=3Dim=
  52. age&amp;cd=3D1" href=3D"http://www.google.com/imgres?imgurl=3Dhttp://www.fe=
  53. stivalsegou.org/logo%2520western%2520union.jpg&amp;imgrefurl=3Dhttp://www.f=
  54. estivalsegou.org/Festival%2c%2520textpartners.htm&amp;h=3D37&amp;w=3D146&am=
  55. p;sz=3D21&amp;tbnid=3DkzwP-QhFmZ0J:&amp;tbnh=3D37&amp;tbnw=3D146&amp;prev=
  56. =3D/images?q%3Dwestern%2Bunion%2Blogo&amp;sa=3DX&amp;oi=3Dimage_result&amp;=
  57. resnum=3D1&amp;ct=3Dimage&amp;cd=3D1" target=3D"_blank" rel=3D"nofollow"><b=
  58. r class=3D"Apple-interchange-newline"><img title=3D"http://www.google.com/i=
  59. mgres?imgurl=3Dhttp://www.festivalsegou.org/logo%20western%20union.jpg&amp;=
  60. imgrefurl=3Dhttp://www.festivalsegou.org/Festival,%20textpartners.htm&amp;h=
  61. =3D37&amp;w=3D146&amp;sz=3D21&amp;tbnid=3DkzwP-QhFmZ0J:&amp;tbnh=3D37&amp;t=
  62. bnw=3D146&amp;prev=3D/images?q=3Dwestern+union+logo&amp;sa=3DX&amp;oi=3Dima=
  63. ge_result&amp;resnum=3D1&amp;ct=3Dimage&amp;cd=3D1" height=3D"37" alt=3D"ht=
  64. tp://www.google.com/imgres?imgurl=3Dhttp://www.festivalsegou.org/logo%20wes=
  65. tern%20union.jpg&amp;imgrefurl=3Dhttp://www.festivalsegou.org/Festival,%20t=
  66. extpartners.htm&amp;h=3D37&amp;w=3D146&amp;sz=3D21&amp;tbnid=3DkzwP-QhFmZ0J=
  67. :&amp;tbnh=3D37&amp;tbnw=3D146&amp;prev=3D/images?q=3Dwestern+union+logo&am=
  68. p;sa=3DX&amp;oi=3Dimage_result&amp;resnum=3D1&amp;ct=3Dimage&amp;cd=3D1" sr=
  69. c=3D"http://www.google.com/images?q=3Dtbn:kzwP-QhFmZ0J:www.festivalsegou.or=
  70. g/logo%252520western%252520union.jpg" width=3D"146" align=3D"middle" vspace=
  71. =3D"4" border=3D"1" style=3D"width: 310px; height: 86px; "></a></strong></d=
  72. iv><div style=3D"text-indent: 0in !important; line-height: 1.22em; text-ali=
  73. gn: left; padding: 0px; "><br></div><div style=3D"text-indent: 0in !importa=
  74. nt; line-height: 1.22em; text-align: left; padding: 0px; ">Dear Customer,</=
  75. div><div style=3D"text-indent: 0in !important; line-height: 1.22em; text-al=
  76. ign: left; padding: 0px; "><br></div><div style=3D"text-indent: 0in !import=
  77. ant; text-align: left; padding: 0px; "><span style=3D"line-height: 16px; ">=
  78. There is an issue with the WESTERN UNION MONEY TRANSFER in the amount of $1=
  79. ,500,000.00 USD directed in cash credited to file WUMT/90231108/12, at the =
  80. owner of this email address. The International Monetary Fund contacted us f=
  81. or your compensation a couple of hours ago due to your allocated security c=
  82. ode.</span></div><div style=3D"text-indent: 0in !important; text-align: lef=
  83. t; padding: 0px; "><span style=3D"line-height: 16px; "><br></span></div><di=
  84. v style=3D"text-indent: 0in !important; text-align: left; padding: 0px; "><=
  85. span style=3D"line-height: 16px; ">They said that they choose to send it to=
  86. an email address instead of a name. We are unable to complete a transfer d=
  87. irected at an email address, so we require some more information in order t=
  88. o complete this transfer.</span></div><div style=3D"text-indent: 0in !impor=
  89. tant; text-align: left; padding: 0px; "><span style=3D"line-height: 16px; "=
  90. ><br></span></div><div style=3D"text-indent: 0in !important; text-align: le=
  91. ft; padding: 0px; "><span style=3D"line-height: 16px; ">FULL NAME: &nbsp; &=
  92. nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<=
  93. /span></div><div style=3D"text-indent: 0in !important; text-align: left; pa=
  94. dding: 0px; "><span style=3D"line-height: 16px; ">FULL CONTACT ADDRESS: &nb=
  95. sp; &nbsp; &nbsp;&nbsp;</span></div><div style=3D"text-indent: 0in !importa=
  96. nt; text-align: left; padding: 0px; "><span style=3D"line-height: 16px; ">M=
  97. OBILE PHONE NUMBER: &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</span></div><div styl=
  98. e=3D"text-indent: 0in !important; text-align: left; padding: 0px; "><span s=
  99. tyle=3D"line-height: 16px; ">OCCUPATION: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
  100. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</span></div=
  101. ><div style=3D"text-indent: 0in !important; text-align: left; padding: 0px;=
  102. "><span style=3D"line-height: 16px; ">MARITAL STATUS AND AGE: &nbsp; &nbsp=
  103. ; &nbsp;</span></div><div style=3D"text-indent: 0in !important; text-align:=
  104. left; padding: 0px; "><span style=3D"line-height: 16px; "><br></span></div=
  105. ><div style=3D"text-indent: 0in !important; text-align: left; padding: 0px;=
  106. "><span style=3D"line-height: 16px; ">In order to resolve this problem, pl=
  107. ease email via Western Union Solicitors Fund Verification Department: (&nbs=
  108. p;<font color=3D"#1f497d"><b>transfer014@blumail.org</b></font>&nbsp;). As =
  109. soon as this information is received, and you complied with the requirement=
  110. s of payment of the western union charges, payment will be made to your nom=
  111. inated bank account or at the counter directly from the Western Union trans=
  112. ferring Bank. When emailing, please use reference number 450-247 for our mu=
  113. tual convenience.</span></div><div style=3D"text-indent: 0in !important; te=
  114. xt-align: left; padding: 0px; "><span style=3D"line-height: 16px; "><br></s=
  115. pan></div><div style=3D"text-indent: 0in !important; text-align: left; padd=
  116. ing: 0px; "><span style=3D"line-height: 16px; ">THE MANAGEMENT OF WESTERN U=
  117. NION MONEY TRANSFER, OFFICE BENIN BRANCH.</span></div><div style=3D"text-in=
  118. dent: 0in !important; text-align: left; padding: 0px; "><span style=3D"line=
  119. -height: 16px; "><br></span></div><div style=3D"text-indent: 0in !important=
  120. ; text-align: left; padding: 0px; "><span style=3D"text-indent: 0in; line-h=
  121. eight: 16px; ">Sincerely,</span></div></font></div></div><div style=3D"text=
  122. -indent: 0in !important; font-family: Tahoma; padding: 0px; line-height: 1.=
  123. 22em; "><font face=3D"Tahoma" size=3D"2" style=3D"text-indent: 0in !importa=
  124. nt; line-height: 1.22em; "><div style=3D"text-align: left; "><span style=3D=
  125. "text-indent: 0in; line-height: 1.22em; ">&nbsp;</span></div></font></div><=
  126. div style=3D"text-indent: 0in !important; font-family: Tahoma; padding: 0px=
  127. ; "><span style=3D"text-indent: 0in !important; line-height: 1.22em; "><fon=
  128. t face=3D"Tahoma" size=3D"2" style=3D"text-indent: 0in !important; font-siz=
  129. e: 10pt; line-height: 1.22em; "></font></span><div align=3D"center"><font s=
  130. tyle=3D"text-indent: 0in !important; "><div style=3D"text-indent: 0in !impo=
  131. rtant; font-size: 10pt; line-height: 1.22em; text-align: left; padding: 0px=
  132. ; "><font face=3D"Tahoma" size=3D"2" style=3D"text-indent: 0in !important; =
  133. line-height: 1.22em; ">Rev. Lee Benson</font></div><div style=3D"text-inden=
  134. t: 0in !important; text-align: left; padding: 0px; "><font size=3D"2" style=
  135. =3D"text-indent: 0in !important; font-size: 10pt; line-height: 1.22em; "><f=
  136. ont face=3D"Tahoma" style=3D"text-indent: 0in !important; line-height: 1.22=
  137. em; ">E-Mail: (</font></font><font style=3D"text-indent: 0in !important; ">=
  138. <font color=3D"#0000ee" face=3D"Arial"><span style=3D"line-height: 16px; ">=
  139. <u>transfer014@blumail.org</u></span></font><font size=3D"2"><span style=3D=
  140. "line-height: 1.22em; ">)</span></font></font></div></font><font face=3D"Ta=
  141. homa" size=3D"2" style=3D"text-indent: 0in !important; line-height: 1.22em;=
  142. font-size: 10pt; "><div style=3D"text-indent: 0in !important; text-align: =
  143. left; padding: 0px; line-height: 1.22em; "><font face=3D"Tahoma" size=3D"2"=
  144. style=3D"text-indent: 0in !important; line-height: 1.22em; ">Phone:+229 97=
  145. 626788</font></div></font></div></div><div align=3D"center" style=3D"font-f=
  146. amily: Tahoma; "></div><font face=3D"Tahoma" style=3D"text-indent: 0in !imp=
  147. ortant; font-family: Tahoma; "><div style=3D"text-align: center; "><br></di=
  148. v><span style=3D"text-indent: 0in !important; "><font face=3D"Arial" size=
  149. =3D"2" style=3D"text-indent: 0in !important; "></font></span></font><div al=
  150. ign=3D"center" style=3D"font-family: Tahoma; "></div><div align=3D"center" =
  151. style=3D"font-family: Tahoma; text-align: left; "><font face=3D"Tahoma" siz=
  152. e=3D"2" style=3D"text-indent: 0in !important; font-size: 10pt; line-height:=
  153. 1.22em; "><img height=3D"224" src=3D"http://www.lifeonourown.com/wp-conten=
  154. t/uploads/2009/04/mellow-yellow-monday-western-union-money-transfer-office-=
  155. dsc_9892.jpg" width=3D"500" style=3D"text-indent: 0in !important; border-wi=
  156. dth: 0px; width: 242px; line-height: 1.22em; height: 117px; "></font></div>=
  157. </body><pre>
  158.  
  159. ________________________________________
  160. PeoplePC Online
  161. A better way to Internet
  162. http://www.peoplepc.com</pre>
  163.  
  164. _________________________________________________________________
  165.  
  166. Images used in the phishing email:
  167.  
  168. http://www.festivalsegou.org/logo%20western%20union.jpg
  169.  
  170. http://www.lifeonourown.com/wp-content/uploads/2009/04/mellow-yellow-monday-western-union-money-transfer-office-dsc _9892.jpg
  171.  
  172.  
  173. First image link was actually:
  174. http://www.google.com/i=
  175. mgres?imgurl=3Dhttp://www.festivalsegou.org/logo%20western%20union.jpg&amp;=
  176. imgrefurl=3Dhttp://www.festivalsegou.org/Festival,%20textpartners.htm&amp;h=
  177. =3D37&amp;w=3D146&amp;sz=3D21&amp;tbnid=3DkzwP-QhFmZ0J:&amp;tbnh=3D37&amp;t=
  178. bnw=3D146&amp;prev=3D/images?q=3Dwestern+union+logo&amp;sa=3DX&amp;oi=3Dima=
  179. ge_result&amp;resnum=3D1&amp;ct=3Dimage&amp;cd=3D1" height=3D"37" alt=3D"ht=
  180. tp://www.google.com/imgres?imgurl=3Dhttp://www.festivalsegou.org/logo%20wes=
  181. tern%20union.jpg&amp;imgrefurl=3Dhttp://www.festivalsegou.org/Festival,%20t=
  182. extpartners.htm&amp;h=3D37&amp;w=3D146&amp;sz=3D21&amp;tbnid=3DkzwP-QhFmZ0J=
  183. :&amp;tbnh=3D37&amp;tbnw=3D146&amp;prev=3D/images?q=3Dwestern+union+logo&am=
  184. p;sa=3DX&amp;oi=3Dimage_result&amp;resnum=3D1&amp;ct=3Dimage&amp;cd=3D1" sr=
  185. c=3D"http://www.google.com/images?q=3Dtbn:kzwP-QhFmZ0J:www.festivalsegou.or=
  186. g/logo%252520western%252520union.jpg
  187.  
  188. Relevant information in email as way for recipient to contact the scammer:
  189.  
  190. transfer014@blumail.org
  191. Phone:+229 97626788
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!