201803030_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1293.2 via Mailbox Transport; Thu, 29 Mar 2018 20:55:29 -0500
4. Received: from MBX11C-ORD1.mex08.mlsrvr.com (172.29.9.41) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1293.2; Thu, 29 Mar 2018 20:55:28 -0500
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX11C-ORD1.mex08.mlsrvr.com (172.29.9.41) with Microsoft SMTP Server (TLS)
9. id 15.0.1293.2 via Frontend Transport; Thu, 29 Mar 2018 20:55:28 -0500
10. Return-Path: <noreply@tchinaka.com>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To:
17. X-Originating-Ip: [91.217.254.16]
18. Authentication-Results: smtp22.gate.ord1d.rsapps.net; iprev=pass policy.iprev="91.217.254.16"; spf=neutral smtp.mailfrom="noreply@tchinaka.com" smtp.helo="host002.hostpark.com.ua"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=tchinaka.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 6b6a41b8-33bd-11e8-b4fc-5254001a15c2-1-1
21. Received: from [91.217.254.16] ([91.217.254.16:60321] helo=host002.hostpark.com.ua)
22. by smtp22.gate.ord1d.rsapps.net (envelope-from <noreply@tchinaka.com>)
23. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTP
24. id 4E/78-11895-0199DBA5; Thu, 29 Mar 2018 21:55:28 -0400
25. Received: by host002.hostpark.com.ua (Postfix, from userid 8)
26. id 720D92EA70B; Fri, 30 Mar 2018 03:21:42 +0300 (FET)
27. Received: from localhost by host002.hostpark.com.ua
28. with SpamAssassin (version 3.2.5);
29. Fri, 30 Mar 2018 03:21:42 +0300
30. From: Andrea Brown <noreply@tchinaka.com>
31. To: undisclosed-recipients:;
32. Subject: Re: RE : { Given Assistance} Mar 29
33. Date: Thu, 29 Mar 2018 17:37:42 -0700
34. Message-ID: <20180330002101.B50C02EA701@host002.hostpark.com.ua>
35. X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
36. host002.hostpark.com.ua
37. X-Spam-Level: **********
38. X-Spam-Status: Yes, score=10.5 required=5.0 tests=ADVANCE_FEE_2,ADVANCE_FEE_3,
39. ALL_TRUSTED,AWL,BAYES_95,DNS_FROM_AHBL_RHSBL,FAKE_REPLY_C,FORGED_MUA_OUTLOOK,
40. MSOE_MID_WRONG_CASE autolearn=spam version=3.2.5
41. MIME-Version: 1.0
42. X-MS-Exchange-Organization-Network-Message-Id: c57a8f5f-6111-445f-9a5c-08d595e1503c
43. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1415700;0;This mail has
44. been scanned by Trend Micro ScanMail for Microsoft Exchange;
45. X-MS-Exchange-Organization-SCL: 5
46. X-MS-Exchange-Organization-AuthSource: MBX11C-ORD1.mex08.mlsrvr.com
47. X-MS-Exchange-Organization-AuthAs: Anonymous
48. Content-type: multipart/mixed;
49. boundary="B_3605256593_639479587"
50.  
51. > This message is in MIME format. Since your mail reader does not understand
52. this format, some or all of this message may not be legible.
53.  
54. --B_3605256593_639479587
55. Content-type: text/plain;
56. charset="UTF-8"
57. Content-transfer-encoding: 7bit
58.  
59. Spam detection software, running on the system "host002.hostpark.com.ua", has
60. identified this incoming email as possible spam. The original message
61. has been attached to this so you can view it (if it isn't spam) or label
62. similar future email. If you have any questions, see
63. the administrator of that system for details.
64.  
65. Content preview: The Beneficiary, Estate of Engr. Brian Thomas. I wish to notify
66. you that I like to enlisted you as a beneficiary to the bequest of some funds
67. in US dollars [Amount to be disclosed later] in the codicil and last testament
68. of my deceased Client. The late Mr.Brian Thomas until his death was a former
69. Managing Director and pioneer staff of a big construction company in China
70. and later invested in poultry farm and rice. He established himself as a
71. wealthy farmer in Asia where he exported rice and other poultry produce. He
72. was a very dedicated man and a great philanthropist during his lifetime.
73. He involved himself in helping people by giving invest able loans in agriculture
74. and health care ventures. Late Mr.Brian Thomas died on 9th March 2010 at
75. the age of 78. He has since been buried on the 23rd of March 2014. He was
76. a US citizen, lived in Asia all through his active years but later moved down
77. to London UK due to long-term illness where he died in a specialist hospital.
78. He was married but without a child and lost his wife in 1986 due to breast
79. cancer. [...]
80.  
81. Content analysis details: (10.5 points, 5.0 required)
82.  
83. pts rule name description
84. ---- ---------------------- --------------------------------------------------
85. -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
86. 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
87. [score: 0.9776]
88. 0.7 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
89. 0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
90. 1.2 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419)
91. 1.4 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419)
92. 2.0 FAKE_REPLY_C FAKE_REPLY_C
93. 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
94. -0.0 AWL AWL: From: address is in the auto white-list
95.  
96.  
97.  
98.  
99. --B_3605256593_639479587
100. Content-type: message/rfc822
101. Content-disposition: attachment
102.  
103. Return-Path: <noreply@tchinaka.com>
104. Received: from User (localhost [127.0.0.1])
105. by host002.hostpark.com.ua (Postfix) with SMTP id B50C02EA701;
106. Fri, 30 Mar 2018 03:21:01 +0300 (FET)
107. Reply-To: <iconsult.andreab@gmail.com>
108. From: Andrea Brown <noreply@tchinaka.com>
109. Subject: Re: RE : { Given Assistance} Mar 29
110. Date: Thu, 29 Mar 2018 17:37:42 -0700
111. Content-Type: text/plain; charset="Windows-1251"
112. Content-Transfer-Encoding: 7bit
113. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
114. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
115. Message-ID: <20180330002101.B50C02EA701@host002.hostpark.com.ua>
116. To: undisclosed-recipients:;
117. MIME-Version: 1.0
118.  
119. The Beneficiary,
120.  
121. Estate of Engr. Brian Thomas.
122.  
123. I wish to notify you that I like to enlisted you as a beneficiary to the bequest of some funds in US dollars [Amount to be disclosed later] in the codicil and last testament of my deceased Client. The late Mr.Brian Thomas until his death was a former Managing Director and pioneer staff of a big construction company in China and later invested in poultry farm and rice.
124. He established himself as a wealthy farmer in Asia where he exported rice and other poultry produce. He was a very dedicated man and a great philanthropist during his lifetime. He involved himself in helping people by giving invest able loans in agriculture and health care ventures. Late Mr.Brian Thomas died on 9th March 2010 at the age of 78. He has since been buried on the 23rd of March 2014. He was a US citizen, lived in Asia all through his active years but later moved down to London UK due to long-term illness where he died in a specialist hospital. He was married but without a child and lost his wife in 1986 due to breast cancer.
125.  
126. He said in his words as stated in his last testament that "it is my desired wish to see that the poor and less privileged are given assistance by any means and limit this token could go, especially in Asia, Africa and South America having seen it all myself.
127. Please be informed that if the said amount is unclaimed over a period of time, the bank will in turn confiscate the money, you know quite well that the bank willuse the funds to pay their fat executives bonus leaving the poor masses suffering.
128. He therefore advised that 20% of the proceeds be used for charity annually, while 80% be retained by the beneficiary for his efforts, In my next email I will explain to you how the 80% will be utilized.
129. I will also like to bring to your notice that this transaction is not a scam and its risk free, I have all necessary information to back you up and will lead you all through this process, my next email will also direct you to the holding company ie the firm that hold the funds in question.
130. I hereby request that you reconfirm the information below for proper identification of your person
131.  
132. (1) Your current telephone/ cell phone numbers
133. (2) Your current forwarding address
134.  
135.  
136. Please note that this is for real.
137.  
138. Yours faithfully,
139.  
140. Andrea Brown (llb. Lon)
141. Estate of Brian Thomas
142.  
143.  
144. --B_3605256593_639479587--