20180609_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sat, 9 Jun 2018 08:07:46 -0500
4. Received: from MBX03D-ORD1.mex08.mlsrvr.com (172.29.9.18) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sat, 9 Jun 2018 08:07:46 -0500
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX03D-ORD1.mex08.mlsrvr.com (172.29.9.18) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sat, 9 Jun 2018 08:07:46 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [37.205.11.228]
18. Authentication-Results: smtp5.gate.ord1d.rsapps.net; iprev=pass policy.iprev="37.205.11.228"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="cpvps01.creative-point.eu"; dkim=fail (signature verification failed) header.d=creative-point.eu; dmarc=none (p=nil; dis=none) header.from=creative-point.eu
19. X-Suspicious-Flag: YES
20. X-Classification-ID: 197a1d54-6be6-11e8-9059-525400d73c44-1-1
21. Received: from [37.205.11.228] ([37.205.11.228:33626] helo=cpvps01.creative-point.eu)
22. by smtp5.gate.ord1d.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
24. id E7/3C-11503-121DB1B5; Sat, 09 Jun 2018 09:07:46 -0400
25. Received: from localhost (localhost.localdomain [127.0.0.1])
26. by cpvps01.creative-point.eu (Postfix) with ESMTP id 69DF120F58;
27. Sat, 9 Jun 2018 12:05:33 +0000 (UTC)
28. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
29. creative-point.eu; h=user-agent:message-id:reply-to:subject
30. :subject:from:from:date:date:content-transfer-encoding
31. :content-type:content-type:mime-version; s=cp0001crepo; t=
32. 1528545933; x=1530360334; bh=0tDQFiYtxYCqbZy+IJyghiqUl5z9AsdOdwk
33. 2MNT5pNw=; b=jbVkBR0A2rugCJYYerqUyhMPU+8VJ1vtQktEsOsUHHx8Tp/Rr1z
34. RA0gG3f4uSuPXpu5GGhaBIWbsCyrLnabCAi9c0QNYVKzf+kv5D280G6rsD32r+mV
35. gCwYCA2wd3yYkcscrXlGIDQSk+LkeEb7MVlnEFTfEDwN+51VMD+0TXSQ=
36. Received: from cpvps01.creative-point.eu ([127.0.0.1])
37. by localhost (cpvps01.creative-point.eu [127.0.0.1]) (amavisd-new, port 10026)
38. with ESMTP id h2fLWTOKneT7; Sat, 9 Jun 2018 12:05:33 +0000 (UTC)
39. Received: from creative-point.eu (localhost [IPv6:::1])
40. by cpvps01.creative-point.eu (Postfix) with ESMTP id 1655E204DD;
41. Sat, 9 Jun 2018 12:05:26 +0000 (UTC)
42. MIME-Version: 1.0
43. Date: Sat, 09 Jun 2018 14:05:26 +0200
44. From: Probate Genealogist <[email protected]>
45. To: undisclosed-recipients:;
46. Subject: Inquiry
47. Reply-To: [email protected]
48. Mail-Reply-To: [email protected]
49. Message-ID: <[email protected]>
50. X-Sender: [email protected]
51. User-Agent: Roundcube Webmail/1.2.3
52. X-MS-Exchange-Organization-Network-Message-Id: 19f4ed2f-6099-450d-ccd3-08d5ce09fe72
53. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1430300;0;This mail has
54. been scanned by Trend Micro ScanMail for Microsoft Exchange;
55. X-MS-Exchange-Organization-SCL: 5
56. X-MS-Exchange-Organization-AuthSource: MBX03D-ORD1.mex08.mlsrvr.com
57. X-MS-Exchange-Organization-AuthAs: Anonymous
58. Content-type: text/plain;
59. charset="UTF-8"
60. Content-transfer-encoding: 7bit
61.  
62. Good day
63.  
64. We are contracted probate researchers. This is an investigation about a
65. client with whom you share the same surname, your assistance will be
66. greatly appreciated. Are you aware of any investment made by such a
67. person at VTB Private Bank?
68.  
69. Thank you for your assistance.
70.  
71. Ms. S Parker
72. For Genealogy Firm