An
Email with the Subject "New banking changes - Customer service helpdesk" was
received in one of Scamdex's honeypot email accounts on Sat, 03 Aug 2013 00:36:28 -0700
and has been classified as a Generic Scam Email.
The sender shows as "first direct" <xx@firstdirect.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
bankaccountcustomerservicecustomonlineonline bank will https://www1.firstdirect....
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scamdex@scamdex.com
[delivery-date:] => Sat, 03 Aug 2013 00:36:28 -0700
[received:] => Array
(
[0] => from mailoutvs3.siol.net ([213.250.19.136]:32845 helo=mailhub.siol.net)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80.1)(envelope-from )id 1V5WO3-0003XX-3Jfor scamdex@scamdex.com; Sat, 03 Aug 2013 00:36:28 -0700
[1] => from localhost (localhost [127.0.0.1])by mailhub.siol.net (Zimbra) with ESMTP id 0B0C35234FEfor ; Sat, 3 Aug 2013 09:36:25 +0200 (CEST)
[2] => from mailhub.siol.net ([127.0.0.1])by localhost (psrvmta10.zcs-production.pri [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id 6zaWy1k7q4cK for ;Sat, 3 Aug 2013 09:36:24 +0200 (CEST)
[3] => from novakserver.NOVAK.local (unknown [193.77.101.200])by mailhub.siol.net (Zimbra) with ESMTP id B79B4523457for ; Sat, 3 Aug 2013 09:36:24 +0200 (CEST)
)
[x-virus-scanned:] => amavisd-new at psrvmta10.zcs-production.pri
[content-type:] => multipart/alternative; boundary="===============0402794460=="
[mime-version:] => 1.0
[subject:] => New banking changes - Customer service helpdesk
[to:] => scamdex@scamdex.com
[from:] => "first direct"
[date:] => Sat, 03 Aug 2013 09:36:03 +0200
[message-id:] => <20130803073624.B79B4523457@mailhub.siol.net>
[x-spam-status:] => No, score=1.0
[x-spam-score:] => 10
[x-spam-bar:] => +
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Valued Customer, Inline with recent system upgrades, all customers are required to provide us with vital information regarding their accounts with us. Failure to perform this operation will result in temporal suspension from online banking service. [...] Content analysis details: (1.0 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: eap72.fr] 0.0 HTML_MESSAGE BODY: HTML included in message
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Inline with recent system upgrades, all customers are required to provide us with vital information regarding their accounts with us. Failure to perform this operation will result in temporal suspension from online banking service.
Logon via the first direct link below to continue.
Inline with recent system upgrades, all customers are required to provide us with vital information regarding their accounts with us. Failure to perform this operation will result in temporal suspension from online banking service.
Logon via the first direct link below to continue.
