An
Email with the Subject "Attn : The fund Owner," was
received in one of Scamdex's honeypot email accounts on Fri, 05 Oct 2012 07:15:46 -0700
and has been classified as a Generic Scam Email.
The sender shows as Frank Kuma <messagefile1@cantv.net>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
inheritanceafrican atm 5million dollarsforeignbankexpresscreditdrawwinservicefundsentmailbank usddollarneco bank asian bank will ach(master express credit card)
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => submissions@scamdex.com
[delivery-date:] => Fri, 05 Oct 2012 07:15:46 -0700
[received:] => Array
(
[0] => from 10ibl20ser04.datacenter.cha.cantv.net ([200.11.173.11]:54238)by lester.newsblaze.com with esmtps (TLSv1:AES256-SHA:256)(Exim 4.77)(envelope-from )id 1TK8gr-0002Oa-IMfor submissions@scamdex.com; Fri, 05 Oct 2012 07:15:46 -0700
[1] => from webmail-06.datacenter.cha.cantv.net (webmail-06.datacenter.cha.cantv.net [200.11.153.89])(authenticated bits=0)by 10ibl20ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with ESMTP id q95ECxT3010948;Fri, 5 Oct 2012 09:42:59 -0430
[2] => from 81.91.228.125 ([81.91.228.125]) by webmail-06.datacenter.cha.cantv.net (Cantv Webmail) with HTTP; Fri, 5 Oct 2012 09:42:59 -0430 (VET)
)
[x-virus-scanned:] => amavisd-new at cantv.net
[x-spam-flag:] => Array
(
[0] => NO
[1] => NO
)
[x-spam-score:] => Array
(
[0] => 7.723
[1] => 36
)
[x-spam-level:] => *******
[x-spam-status:] => Array
(
[0] => No, score=7.723 tagged_above=-9999 required=9tests=[BAYES_50=2, DOS_RCVD_IP_TWICE_C=3.292, HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.001, LOTS_OF_MONEY=0.001,MIME_HTML_ONLY=1.199, RDNS_NONE=1.228, SINGLE_HEADER_2K=0.001]autolearn=unavailable
[1] => No, score=3.6
)
[x-matched-lists:] => []
[date:] => Fri, 5 Oct 2012 09:42:59 -0430 (VET)
[from:] => Frank Kuma
[reply-to:] => eco.bannk_breach@wss-id.org
[to:] => messagefile1@cantv.net
[message-id:] => <1146962061.240905.1349446379412.JavaMail.gess@webmail-06.datacenter.cha.cantv.net>
[subject:] => Attn : The fund Owner,
[mime-version:] => 1.0
[content-type:] => text/html; charset=UTF-8
[content-transfer-encoding:] => 7bit
[x-mailer:] => Cantv Webmail
[x-originating-ip:] => [81.91.228.125]
[x-spam-bar:] => +++
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: ECO BANK BENIN PLC TELEX : DEPARTMENT. DIRECT EMAIL eco.bannk_breach@wss-id.org Attn : The fund Owner, [...] Content analysis details: (3.6 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [200.11.173.11 listed in psbl.surriel.com]-0.0 SPF_PASS SPF: sender matches SPF record-0.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 LOTS_OF_MONEY Huge... sums of money
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
