API tools faq
paste
Advertisement
wavellan

20240207_PHISHING_SCAM_1

wavellan
Feb 7th, 2024
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.35 KB | None | 0 0
raw download clone embed print report
  1. FUND RECONCILIATION DEPARTMENT
  2. DEPARTMENT OF TREASURY ACCESSIBILITY
  3. INTERNAL REVENUE SERVICES
  4.  
  5. Attention Dear Beneficiary,
  6.  
  7. In adherence to the specifications, the United States Government, the management of the Fund Reconciliation Department here in New York, USA, wishes to let you know that your fund totaling about $11.5 Million is long over due, every precept regarding your funds has been concluded. You will be receiving your funds from this office any moment from now. We shall keep a documented report of every transaction done here in the USA.
  8.  
  9. For the avoidance of doubt, we had an agreement with the IMF and the Federal Reserve Bank to document every process necessary until your funds worth $11.5 Million get to you. The analytical group of the two offices mentioned above estimated an accurate fee as the Fund Release Order Certificate.
  10.  
  11. 1. Your Name which you prefer we use when shipping your ATM Card
  12. 2. Your Current mailing (Delivery) Address where your ATM Card should be mailed
  13. 3. Your Private Mobile Number for the Priority Express Mail to Contact you when they arrive at your address.
  14.  
  15. Once again, we are sorry for the inconveniences you might have encountered in the past, in pursuit of your funds. Now that this office, Fund Reconciliation Department is involved, you will have no cause to ever regret again as soon as you adhere to the above given instructions.
  16.  
  17. Yours Sincerely,
  18.  
  19. Doug O'Donnell
  20. Federal Commissioner,
  21. Internal Revenue Service(IRS)
  22.  
  23.  
  24.  
  25.  
  26.  
  27. Received: from BY3PR05MB7972.namprd05.prod.outlook.com (2603:10b6:a03:366::8)
  28. by SJ0PR05MB8678.namprd05.prod.outlook.com with HTTPS; Wed, 7 Feb 2024
  29. 13:22:17 +0000
  30. Received: from DM6PR08CA0053.namprd08.prod.outlook.com (2603:10b6:5:1e0::27)
  31. by BY3PR05MB7972.namprd05.prod.outlook.com (2603:10b6:a03:366::8) with
  32. Microsoft SMTP Server (version=TLS1_2,
  33. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.37; Wed, 7 Feb
  34. 2024 13:22:15 +0000
  35. Received: from DM6NAM12FT060.eop-nam12.prod.protection.outlook.com
  36. (2603:10b6:5:1e0:cafe::b9) by DM6PR08CA0053.outlook.office365.com
  37. (2603:10b6:5:1e0::27) with Microsoft SMTP Server (version=TLS1_2,
  38. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36 via Frontend
  39. Transport; Wed, 7 Feb 2024 13:22:15 +0000
  40. Authentication-Results: spf=softfail (sender IP is 77.239.228.198)
  41. smtp.mailfrom=gmail.com; dkim=none (message not signed)
  42. header.d=none;dmarc=fail action=none header.from=gmail.com;compauth=fail
  43. reason=001
  44. Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
  45. gmail.com discourages use of 77.239.228.198 as permitted sender)
  46. Received: from mail.kaliniak.ru (77.239.228.198) by
  47. DM6NAM12FT060.mail.protection.outlook.com (10.13.179.128) with Microsoft SMTP
  48. Server id 15.20.7270.9 via Frontend Transport; Wed, 7 Feb 2024 13:22:14 +0000
  49. Message-ID: <[email protected]>
  50. X-Spam-Status: Yes, hits=10.0 required=10.0
  51. tests=ADVANCE_FEE_2_NEW_MONEY: 0.596,ADVANCE_FEE_3_NEW: 1.353,ADVANCE_FEE_3_NEW_MONEY: 1,
  52. AWL: 0.229,BAYES_99: 4.07,DEAR_BENEFICIARY: 1.768,
  53. DOS_OE_TO_MX: 2.523,FORGED_MUA_OUTLOOK: 1.927,FROM_MISSPACED: 2.99,
  54. FROM_MISSP_MSFT: 0.482,FROM_MISSP_NO_TO: 2.316,FROM_MISSP_REPLYTO: 0.749,
  55. FROM_MISSP_USER: 1.238,FSL_CTYPE_WIN1251: 0.607,FSL_HELO_NON_FQDN_1: 0.001,
  56. FSL_UA: 0.001,FSL_XM_419: 0.328,HELO_NO_DOMAIN: 0.001,
  57. LOTS_OF_MONEY: 0.001,MISSING_HEADERS: 1.021,MISSING_MID: 0.497,
  58. MONEY_ATM_CARD: 0.001,MONEY_FRAUD_3: 1.172,MONEY_FROM_MISSP: 0.001,
  59. NSL_RCVD_FROM_USER: 1.963,REPLYTO_WITHOUT_TO_CC: 1.552,TO_NO_BRKTS_FROM_MSSP: 0.961,
  60. TO_NO_BRKTS_MSFT: 0.199,TOTAL_SCORE: 29.547,autolearn=spam
  61. X-Spam-Flag: YES
  62. X-Spam-Level: **********
  63. Received: from User ([194.48.251.205])
  64. by mail.kaliniak.ru (Kerio Connect 8.3.4 patch 1);
  65. Wed, 7 Feb 2024 16:21:42 +0300
  66. Reply-To: <[email protected]>
  67. From: "Doug O'Donnell"<[email protected]>
  68. X-Original-Subject: Dear Beneficiary
  69. Subject: **–°–ü–ê–ú** Dear Beneficiary
  70. Date: Wed, 7 Feb 2024 05:21:44 -0800
  71. MIME-Version: 1.0
  72. charset="Windows-1251"
  73. X-Priority: 3
  74. X-MSMail-Priority: Normal
  75. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
  76. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
  77. To: Undisclosed recipients:;
  78. Return-Path: [email protected]
  79. X-MS-Exchange-Organization-ExpirationStartTime: 07 Feb 2024 13:22:15.2645
  80. (UTC)
  81. X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
  82. X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
  83. X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
  84. X-MS-Exchange-Organization-Network-Message-Id:
  85. 1d33b115-9865-42e0-fc8b-08dc27dfcd23
  86. X-EOPAttributedMessage: 0
  87. X-EOPTenantAttributedMessage: 0d4bfd0a-5b8b-4c86-b245-3f11f8ea539a:0
  88. X-MS-Exchange-Organization-MessageDirectionality: Incoming
  89. X-MS-PublicTrafficType: Email
  90. X-MS-TrafficTypeDiagnostic:
  91. DM6NAM12FT060:EE_|BY3PR05MB7972:EE_|SJ0PR05MB8678:EE_
  92. X-MS-Exchange-Organization-AuthSource:
  93. DM6NAM12FT060.eop-nam12.prod.protection.outlook.com
  94. X-MS-Exchange-Organization-AuthAs: Anonymous
  95. X-MS-Office365-Filtering-Correlation-Id: 1d33b115-9865-42e0-fc8b-08dc27dfcd23
  96. X-MS-Exchange-Organization-SCL: 5
  97. X-Forefront-Antispam-Report:
  98. CIP:77.239.228.198;CTRY:RU;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.kaliniak.ru;PTR:mail.kaliniak.ru;CAT:SPOOF;SFS:(13230031)(84050400002)(230922051799003)(109986022)(451199024)(1096003)(22186003)(224303003)(5660300002)(956004)(58800400005)(76482006)(86362001)(7596003)(7636003)(356005)(2860700004)(9686003)(83380400001)(26005)(82202003)(336012)(73392003)(5456016);DIR:INB;
  99. X-Microsoft-Antispam: BCL:0;
  100. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2024 13:22:14.7489
  101. (UTC)
  102. X-MS-Exchange-CrossTenant-Network-Message-Id: 1d33b115-9865-42e0-fc8b-08dc27dfcd23
  103. X-MS-Exchange-CrossTenant-Id: 0d4bfd0a-5b8b-4c86-b245-3f11f8ea539a
  104. X-MS-Exchange-CrossTenant-AuthSource:
  105. DM6NAM12FT060.eop-nam12.prod.protection.outlook.com
  106. X-MS-Exchange-CrossTenant-AuthAs: Anonymous
  107. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
  108. X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR05MB7972
  109. X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.5590122
  110. X-MS-Exchange-Processed-By-BccFoldering: 15.20.7249.035
  111. X-Microsoft-Antispam-Mailbox-Delivery:
  112. ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506478)(944626604)(920097)(930097)(3100021)(140003);RF:JunkEmail;
  113.  
  114. Content-type: text/plain;
  115. charset="UTF-8"
  116. Content-transfer-encoding: 7bit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!