A Scam Email with the Subject "(Corporate America Family Credit UnionPhishing)http://0xDC.0x41.0x72.0x96/secure.html" was received in one of Scamdex's honeypot email accounts on Sat, 03 Jun 2006 09:37:26 -0700 and has been classified as a Generic Scam. The sender was "Antihotmail.com Internet Incident Reponse Team (IIRT)" <email@example.com>, although it may have been spoofed.
http://0xDC.0x41.0x72.0x96/secure.html http://220.127.116.11/secure.html Return-Path: <firstname.lastname@example.org> Delivered-To: email@example.com Received: (qmail 32527 invoked from network); 3 Jun 2006 15:51:48 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade2.cesmail.net X-Spam-Level: ************************** X-Spam-Status: hits=26.7 tests=FORGED_MSGID_YAHOO,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_24, HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_BOUND_DD_DIGITS, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MPART_ALT_DIFF, MSGID_SPAM_LETTERS,REPTO_QUOTE_YAHOO,SARE_HEXOCTDWORD, UNPARSEABLE_RELAY,URIBL_PH_SURBL version=3.1.1 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade2.cesmail.net with SMTP; 3 Jun 2006 15:51:48 -0000 Received: from mailgate.cesmail.net ([18.104.22.168]) by c60.cesmail.net with SMTP; 03 Jun 2006 11:51:46 -0400 X-IronPort-AV: i="4.05,205,1146456000"; d="scan'208"; a="357691215:sNHT51202684" Received: (qmail 4643 invoked from network); 3 Jun 2006 15:51:46 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 3 Jun 2006 15:51:46 -0000 X-RocketMail: 00000001;R---------------;6964 X-RocketUID: 0000109993 X-RocketMIF: 1149281969;3404; X-RocketYMUMID: APbJjkQAAMopRICmsQNojkvBGdE X-Apparently-To: firstname.lastname@example.org via 22.214.171.124; Fri, 02 Jun 2006 13:59:29 -0700 X-RocketRCL: 2288;1;913376867;2338 X-Rocket-Spam: 126.96.36.199 X-YahooFilteredBulk: 188.8.131.52 X-Rocket-Track: cat=BK; info=ip:BK<ip=184.108.40.206,policy=g-w0,n0,g100>;sv:UK<ip=220.127.116.11> X-Originating-IP: [18.104.22.168] Authentication-Results: mta237.mail.mud.yahoo.com from=cafcu.org; domainkeys=neutral (no sig) Received: from popgate.cesmail.net [192.168.1.201] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for email@example.com (single-drop); Sat, 03 Jun 2006 11:51:46 -0400 (EDT) Received: from 22.214.171.124 (HELO 172.20.20.6) (126.96.36.199) by mta237.mail.mud.yahoo.com with SMTP; Fri, 02 Jun 2006 13:59:28 -0700 Received: from 188.8.131.52 by ; Fri, 02 Jun 2006 15:49:00 -0600 Message-ID: <firstname.lastname@example.org> From: "Corporate America Family Credit Union" <email@example.com> Reply-To: "Corporate America Family Credit Union" <firstname.lastname@example.org> To: email@example.com Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Important Account Information Date: Fri, 02 Jun 2006 19:51:00 -0200 X-Mailer: Microsoft Outlook Express 6.00.2462.0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3876338606510306" X-Priority: 3 X-MSMail-Priority: Normal Content-Length: 993 X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=26 ----3876338606510306 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <FONT face=3DVerdana size=3D2> <img border=3D"0" src=3D"http://= www.geocities.com/Hinkelman3d/ncua1.jpg" alt=3D""><br><BR><div>  = ; Dear Corporate America Family Credit Union Customer,<BR></div>&nbs= p; <DIV> <DIV> Due to recent fraudulent activities on some of Corporate= America Family Credit Union online <br> accounts we are= launching a new security system to make<br> Corporate Am= erica Family Credit Union online accounts more secure and safe. Before we= can <br> activate it we will be checking all Corporate A= merica Family Credit Union online accounts to confirm <br> &nb= sp;the authenticity of the holder.</DIV> <DIV><FONT color=3D#003399></FONT> </DIV> <DIV><BR> We will require a confirmation that your account has= not been <br> stolen or hacked. Your account has not bee= n suspended or frozen. </DIV> <DIV> </DIV> <DIV><BR> To confirm your account status please <A href=3D"htt= p://www.google.com/url?q=3Dhttp://0xDC.0x41.0x72.0x96/secure.html">Login</= A><BR><BR> -complete the required infor= mation to authenticate and reset your account<BR><BR> &nb= sp; -make sure your account balance has not been changed<BR><BR=
-make sure your details have not been=
changed<BR><BR> -review recent transac= tions in your account history for any unauthorized <BR> &= nbsp; transfer</DIV> <DIV> </DIV> <DIV><BR> If you find any type of suspicious activities p= lease contact us immediately.<br> Please include in your messa= ge your account number, your account name<br> and the unauthor= ized transfer date & time.<BR><BR></DIV> <DIV> </DIV> <DIV> Please do not reply to this message. For any inquiries, = contact Customer Service.</DIV> <DIV> </DIV> <DIV> Corporate America Family Credit Union Copyright =A9 2006= </DIV></FONT> <DIV> </DIV> ----3876338606510306-- -- -- Questions can be sent to: firstname.lastname@example.org Domain Dossier: http://www.centralops.net/ Antihotmail.com Whois: http://whois.antihotmail.com [Zero Tolerance towards Unsolicited Email] This email is sent in compliance with our strict anti-abuse regulations.You have received this email because we are a active Spam fighting organization.If you do not wish to receive any mail from our service you may permanently block your email address by sending a email to: email@example.com . All UCE/BCE is subject to a US$500.00 fee per item. If you send UCE (SPAM) to Antihotmail.com , you are agreeing to this charge for processing your "email" and also agree to pay any and all costs incurred in collecting this fee.