An
Email with the Subject "Validate Your Mailbox" was
received in one of Scamdex's honeypot email accounts on Mon, 09 Apr 2012 05:10:07 -0700
and has been classified as a Phishing, ID Theft Scam Email.
The sender shows as Microsoft@phys.msu.ru.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
boxthird partylockedmicrosoftaccountaccessvalidatemailwebmail will mailboxsystem adminsecurityexchangecooperationhttp://exchangewebdesk.uc...
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => tom@scamdex.com,accounts@scamdex.com
[delivery-date:] => Mon, 09 Apr 2012 05:10:08 -0700
[received:] => Array
(
[0] => from mx.phys.msu.ru ([93.180.48.35] helo=phys.msu.ru)by lester.newsblaze.com with esmtps (TLSv1:AES256-SHA:256)(Exim 4.69)(envelope-from )id 1SHDQ5-0008Nj-VI; Mon, 09 Apr 2012 05:10:07 -0700
[1] => from localhost (localhost [127.0.0.1]) (uid 1004) by phys.msu.ru with local; Mon, 09 Apr 2012 16:19:40 +0400 id 00090961.4F82D3DC.0000B419
)
[from:] => Microsoft@phys.msu.ru
[subject:] => Validate Your Mailbox
[date:] => Mon, 09 Apr 2012 04:19:40 -0800
[mime-version:] => 1.0
[content-type:] => text/plain; charset="utf-8"; format=flowed
[content-transfer-encoding:] => 7bit
[x-sender:] => scon281@phys.msu.ru
[message-id:] =>
[to:] => undisclosed-recipients: ;
[x-spam-status:] => No, score=-0.0
[x-spam-score:] => 0
[x-spam-bar:] => /
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: This Message is From the Administrator Desk. Due to our latestIP Security upgrades we have reason to believe that your webmail accountwas accessed by a third party. Protecting the security of your webmail accountis our primary concern, we have limited access to sensitive webmail accountfeatures.Failure to revalidate, your e-mail will be blocked in 24 hours.To Confirm Your E-mail Account click on the link below [...] Content analysis details: (-0.0 points, 4.0 required)pts rule name description---- ---------------------- ---------------------------------------------------0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relaydomain
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
upgrades we have reason to believe that your webmail account was accessed by
primary concern, we have limited access to sensitive webmail account
Confirm Your E-mail Account click on the link below
http://exchangewebdesk.ucoz.hu/Microsoft_Outlook_Web_Access.htm
Thank you for your cooperation.
System Administrator.
This Message is From the Administrator Desk. Due to our latest IP Security
upgrades we have reason to believe that your webmail account was accessed by
a third party. Protecting the security of your webmail account is our
primary concern, we have limited access to sensitive webmail account
features.Failure to revalidate, your e-mail will be blocked in 24 hours. To
Confirm Your E-mail Account click on the link below
http://exchangewebdesk.ucoz.hu/Microsoft_Outlook_Web_Access.htm
Thank you for your cooperation.
System Administrator.
