API tools faq
paste
Advertisement
wavellan

20240928_PHISHING_SCAM_1

wavellan
Sep 28th, 2024
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.82 KB | None | 0 0
raw download clone embed print report
  1. Hello,
  2.  
  3. I’m writing to you because of an investment portfolio that has to do with your family's name here on our brokerage system network which I would like to confirm with you to do the needful.
  4. I’m a certified investment broker affiliated with numerous oil and gas companies here in the United States, Europe and Asia like BP Plc, ExxonMobil, Lukoil, Total Energies, Royal Dutch Shell and Chevron.
  5. I also spearheaded and delivered multiple conversion projects for financial institutional investment clients like the Bank of New York as you will see on my brief profile that I will attach to you in my next email.
  6.  
  7. I expect to hear from you soon.
  8.  
  9. Best regards.
  10. Lawrence Stephens.
  11. Senior Program/Project Leader, Operational Director.
  12. Oversee and administer delivery governance initiatives.
  13.  
  14. NOTA DE CONFIDENCIALIDAD: La información contenida en esta transmisión está destinada únicamente a las personas o entidades a la que se dirige. Puede contener información privilegiada y confidencial, incluida Información de Salud Protegida (PHI). Si usted no es el destinatario, se le notifica que cualquier revisión, difusión, distribución o duplicación de esta comunicación está estrictamente prohibida. Si recibe esta comunicación por error, notifique al remitente inmediatamente y destruya este mensaje. CONFIDENTIALITY NOTE: The information contained in this transmission is intended only for the persons or entities to which it is addressed. It may contain privileged and confidential information, including Protected Health Information (PHI). If you are not the recipient, you are hereby notified that any revision, dissemination, distribution or duplication of this communication is strictly prohibited. If you receive this communication by error, notify the sender immediately and destroy this message.
  15.  
  16.  
  17.  
  18.  
  19.  
  20. Received: from SJ2PR05MB9899.namprd05.prod.outlook.com (::1) by
  21. SJ0PR05MB8678.namprd05.prod.outlook.com with HTTPS; Sat, 28 Sep 2024 11:28:43
  22. +0000
  23. ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;
  24. b=e1EjAJ/otIN4B7muZYAjPV8wd9I7Pu9XekhknPRw0R+ULz9To+uxAtnS0ne27JImfGaon9KrjS5S3o3mXDYH9lZJgbS5cYFtY5I0MCsgFHMVcq153mUB5Orm+ihJtj0pMEL7lrH5qmoSI7Vbj283glcuCMIAOXVw5vdGtcpE3Scn7vO1F0EQU0Qnp1WaB5vOS/RIM96gc7bhiXGpBygU8v2cFfCsh1Bq5xIGjEDW0wMq/i+X5pBIagNn4mFZwp3ScBKFSnNG7Kqr4Du0UfMWBIa/8lXSKOxgiE4iByAwGXjpg86HeWPWb8dVsMUSSuKW4v5sRKC7iaEoouwBxvojdg==
  25. ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
  26. s=arcselector10001;
  27. h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
  28. bh=tmww6oBCJXyuIu6zNbcFSg3lP26FA9CCUr349+JBdto=;
  29. b=P0F+B2wcq3fIukm3KyH+GtHugFk1b8KRpdowLWwbqpRwcIYQ3jIuX/Tdf2xVzUf1LSgRin+joVrZd1SgWav6aS/lwvbkcGBAOKsW6hD0+dGzHY1knlQ1rhP8wG+rir53ZCpTlMpMKDnk1L9XkChCSilnvAcfncrFFsXd2XaMVTQwaK3pnYBcx1/tCYhQVrlpnCrEc9SyRguYe7789c/RyayWn5NWVI09TKBFXdLKIQGW/EKQhsTheDqQAHYoyhChTLAflBUqXx6dK0L2nyZAw/fMrSurvFbsYTagMF1mqXlN1R4piCRXwJy+YhR+xn1cEQz65yk573i5ra+wNgjV/A==
  30. ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
  31. 52.102.138.40) smtp.rcpttodomain= smtp.mailfrom=salud.pr.gov;
  32. dmarc=fail (p=none sp=quarantine pct=100) action=none header.from=gmail.com;
  33. dkim=pass (signature was verified) header.d=dsdepr.onmicrosoft.com; arc=pass
  34. (0 oda=0 ltdi=1)
  35. Received: from CH0PR03CA0284.namprd03.prod.outlook.com (2603:10b6:610:e6::19)
  36. by SJ2PR05MB9899.namprd05.prod.outlook.com (2603:10b6:a03:4ff::14) with
  37. Microsoft SMTP Server (version=TLS1_2,
  38. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.22; Sat, 28 Sep
  39. 2024 11:28:40 +0000
  40. Received: from CH2PEPF00000142.namprd02.prod.outlook.com
  41. (2603:10b6:610:e6:cafe::8b) by CH0PR03CA0284.outlook.office365.com
  42. (2603:10b6:610:e6::19) with Microsoft SMTP Server (version=TLS1_2,
  43. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.24 via Frontend
  44. Transport; Sat, 28 Sep 2024 11:28:39 +0000
  45. Authentication-Results: spf=pass (sender IP is 52.102.138.40)
  46. smtp.mailfrom=salud.pr.gov; dkim=pass (signature was verified)
  47. header.d=dsdepr.onmicrosoft.com;dmarc=fail action=none
  48. header.from=gmail.com;compauth=fail reason=001
  49. Received-SPF: Pass (protection.outlook.com: domain of salud.pr.gov designates
  50. 52.102.138.40 as permitted sender) receiver=protection.outlook.com;
  51. client-ip=52.102.138.40; helo=BN8PR09CU001.outbound.protection.outlook.com;
  52. pr=C
  53. Received: from BN8PR09CU001.outbound.protection.outlook.com (52.102.138.40) by
  54. CH2PEPF00000142.mail.protection.outlook.com (10.167.244.75) with Microsoft
  55. SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
  56. 15.20.8005.15 via Frontend Transport; Sat, 28 Sep 2024 11:28:39 +0000
  57. ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
  58. b=fdw4wqhwFuYUpeHSusmZyk4bP8p9eiy7rGQRyVn4yFlCTP//05vW2xP132NYLpD39s19TyZpzcLO9Nam6sb3j/BOG6N7XDnw4BRBkgcFoqqQBm3clbJ6cHgrzQT7NZxrEqTV9b5LLV+9de6dmht4hcqiXXGSNPYFZQdPEYVdI8NNBRSTYJ/irA1+IDvQ2y255BHDBXm/nrTNwLW93QhvmliLyQontH1ZpIhRHBwLhAIoDHRdmsXfg6WooZgZCBneMTTAIX1NPLUOHLdTJqXL/ykx69gSYd+S+PKNik8cjqSMEkhPjZTJt1sdI68xx9M9D/+JWB6RHOxtLJ6ou85ucQ==
  59. ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
  60. s=arcselector10001;
  61. h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
  62. bh=tmww6oBCJXyuIu6zNbcFSg3lP26FA9CCUr349+JBdto=;
  63. b=XnwMwCMNBoNRsWNmKFad5fIcS4mkJkM7jWzuxMPkW608+dozzDDEtJsh14Aw53WQ2pOSH/zdlm71ecLCYTChUJXuaqNovFauK5qzumAclgV26t+KwWC4fQS95j07JdiklWzekkQdd9T9JGKs8tIlbYlQuXE28mIe5yAY30D+6QKB8pQiNfX117eM0rzZSWtzQ81Yo+B8QHGer2GWnuT45G4gGg6gZtr055CubPBi4WsAtQr0ot5UFjbybTB2B28/yoy7ddGMhnXdYqpxAoDXJ2uvM2wWULRvH+uE9Dk/4oML2fMDC1GEzS3uBuJYcsQWtVDcYEV/pdbKpcGwkovZOA==
  64. ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
  65. is 200.5.3.153) smtp.rcpttodomain=algaeindustrymagazine.com
  66. smtp.mailfrom=gmail.com; dmarc=fail (p=none sp=quarantine pct=100)
  67. action=none header.from=gmail.com; dkim=none (message not signed); arc=none
  68. (0)
  69. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  70. d=dsdepr.onmicrosoft.com; s=selector2-dsdepr-onmicrosoft-com;
  71. h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
  72. bh=tmww6oBCJXyuIu6zNbcFSg3lP26FA9CCUr349+JBdto=;
  73. b=mlkoqygNUdkkZLkrqwvSfPa2W42KJZk8IcQJIfoYMe4l9q0/W+ntgo8y86HpNI42erYZU+EBY2SR11F0M9UIJ3OrNCmPvbMZuM7L+Mz+rQIMtJTWPQXmkLjVa1sUHnk2iDEFB6PypQVH8Vnb85bm6japUkJhx+jy8fmxhH6y4OE=
  74. Received: from DM6PR09CA0036.namprd09.prod.outlook.com (2603:10b6:5:160::49)
  75. by MN2PR09MB5515.namprd09.prod.outlook.com (2603:10b6:208:211::20) with
  76. Microsoft SMTP Server (version=TLS1_2,
  77. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.25; Sat, 28 Sep
  78. 2024 11:28:29 +0000
  79. Received: from SA2PEPF00002250.namprd09.prod.outlook.com
  80. (2603:10b6:5:160:cafe::cf) by DM6PR09CA0036.outlook.office365.com
  81. (2603:10b6:5:160::49) with Microsoft SMTP Server (version=TLS1_2,
  82. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.24 via Frontend
  83. Transport; Sat, 28 Sep 2024 11:28:29 +0000
  84. X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 200.5.3.153)
  85. smtp.mailfrom=gmail.com; dkim=none (message not signed)
  86. header.d=none;dmarc=fail action=none header.from=gmail.com;
  87. Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
  88. gmail.com discourages use of 200.5.3.153 as permitted sender)
  89. Received: from mail.asem.pr.gov (200.5.3.153) by
  90. SA2PEPF00002250.mail.protection.outlook.com (10.167.242.132) with Microsoft
  91. SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
  92. 15.20.8005.15 via Frontend Transport; Sat, 28 Sep 2024 11:28:28 +0000
  93. Received: from AEX01V170.asem.org (10.12.31.170) by AEX01V170.asem.org
  94. (10.12.31.170) with Microsoft SMTP Server (version=TLS1_2,
  95. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Sat, 28 Sep
  96. 2024 07:27:46 -0400
  97. Received: from User (10.12.31.254) by aex01v170.asem.org (10.12.31.170) with
  98. Microsoft SMTP Server id 15.2.1258.28 via Frontend Transport; Sat, 28 Sep
  99. 2024 07:27:42 -0400
  100. Reply-To: <[email protected]>
  101. From: Lawrence Stephens <[email protected]>
  102. Subject: [EXTERNAL]INVESTMENT !!!
  103. Date: Sat, 28 Sep 2024 04:27:49 -0700
  104. MIME-Version: 1.0
  105. X-Priority: 3
  106. X-MSMail-Priority: Normal
  107. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
  108. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
  109. Message-ID: <[email protected]>
  110. To: Undisclosed recipients:;
  111. Return-Path: bounces+SRS=b/[email protected]
  112. X-EOPAttributedMessage: 1
  113. X-MS-TrafficTypeDiagnostic:
  114. SA2PEPF00002250:EE_|MN2PR09MB5515:EE_|CH2PEPF00000142:EE_|SJ2PR05MB9899:EE_|SJ0PR05MB8678:EE_
  115. X-MS-Office365-Filtering-Correlation-Id: 0dfe6dd1-3bc8-4218-a811-08dcdfb0b371
  116. X-MS-Exchange-SenderADCheck: 2
  117. X-MS-Exchange-AntiSpam-Relay: 0
  118. X-Forefront-Antispam-Report-Untrusted:
  119. CIP:200.5.3.153;CTRY:PR;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.asem.pr.gov;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230040)(35950700016)(82310400026)(7416014)(61400799027)(7093399012)(23876020);DIR:OUT;SFP:1501;
  120. X-Microsoft-Antispam-Untrusted:
  121. BCL:0;ARA:13230040|35950700016|82310400026|7416014|61400799027|7093399012|23876020;
  122. X-Microsoft-Antispam-Message-Info-Original:
  123. X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR09MB5515
  124. X-MS-Exchange-Organization-ExpirationStartTime: 28 Sep 2024 11:28:39.7576
  125. (UTC)
  126. X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
  127. X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
  128. X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
  129. X-MS-Exchange-Organization-Network-Message-Id:
  130. 0dfe6dd1-3bc8-4218-a811-08dcdfb0b371
  131. X-EOPTenantAttributedMessage: 0d4bfd0a-5b8b-4c86-b245-3f11f8ea539a:0
  132. X-MS-Exchange-Organization-MessageDirectionality: Incoming
  133. X-MS-Exchange-Transport-CrossTenantHeadersStripped:
  134. CH2PEPF00000142.namprd02.prod.outlook.com
  135. X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
  136. CH2PEPF00000142.namprd02.prod.outlook.com
  137. X-MS-PublicTrafficType: Email
  138. X-MS-Exchange-Organization-AuthSource:
  139. CH2PEPF00000142.namprd02.prod.outlook.com
  140. X-MS-Exchange-Organization-AuthAs: Anonymous
  141. X-MS-Office365-Filtering-Correlation-Id-Prvs:
  142. 80321706-abf6-4dbe-7c81-08dcdfb0ad08
  143. X-MS-Exchange-Organization-SCL: 5
  144. X-Forefront-Antispam-Report:
  145. CIP:52.102.138.40;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:BN8PR09CU001.outbound.protection.outlook.com;PTR:mail-eastus2azhn15012040.outbound.protection.outlook.com;CAT:SPOOF;SFS:(13230040)(13012899012)(35042699022)(7093399012)(12012899012)(5062899012)(3092899012)(3072899012)(13102899012)(2092899012)(4126899003)(23876020);DIR:INB;
  146. X-Microsoft-Antispam:
  147. BCL:0;ARA:13230040|13012899012|35042699022|7093399012|12012899012|5062899012|3092899012|3072899012|13102899012|2092899012|4126899003|23876020;
  148. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2024 11:28:39.5232
  149. (UTC)
  150. X-MS-Exchange-CrossTenant-Network-Message-Id: 0dfe6dd1-3bc8-4218-a811-08dcdfb0b371
  151. X-MS-Exchange-CrossTenant-Id: 0d4bfd0a-5b8b-4c86-b245-3f11f8ea539a
  152. X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e906065a-f03e-47ad-a4c4-6b139a08445c;Ip=[200.5.3.153];Helo=[mail.asem.pr.gov]
  153. X-MS-Exchange-CrossTenant-AuthSource:
  154. CH2PEPF00000142.namprd02.prod.outlook.com
  155. X-MS-Exchange-CrossTenant-AuthAs: Anonymous
  156. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
  157. X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR05MB9899
  158. X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.6305034
  159. X-MS-Exchange-Processed-By-BccFoldering: 15.20.8005.020
  160. X-Microsoft-Antispam-Mailbox-Delivery:
  161. ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506478)(944626604)(920097)(930097)(3100021)(140003);RF:JunkEmail;
  162. X-Microsoft-Antispam-Message-Info:
  163.  
  164. Content-type: text/plain;
  165. charset="UTF-8"
  166. Content-transfer-encoding: quoted-printable
  167.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!