An
Email with the Subject "[WU] Notice of Suspension" was
received in one of Scamdex's honeypot email accounts on Sun, 10 Feb 2013 18:39:32 -0800
and has been classified as a Generic Scam Email.
The sender shows as "Western Union" <noreply@westernunion.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
suspendwestern unionwesternunionendedcheckssafeaccounttransactionrepresentativecustomerprocesscustominvestigationchecksentsincerely will securityachdear
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scam@scamdex.com
[delivery-date:] => Sun, 10 Feb 2013 18:39:32 -0800
[received:] => Array
(
[0] => from server.saysonconsulting.com ([70.38.67.205]:57994 helo=host.saysonconsulting.com)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80)(envelope-from )id 1U4jIp-0001Es-PQfor scam@scamdex.com; Sun, 10 Feb 2013 18:39:32 -0800
[1] => from localhost ([127.0.0.1]:32885 helo=host.saysonconsulting.com)by host.saysonconsulting.com with esmtp (Exim 4.80)(envelope-from )id 1U3WMu-00075q-Dw; Thu, 07 Feb 2013 13:38:44 -0500
[2] => from host81-137-244-36.in-addr.btopenworld.com ([81.137.244.36]:4400helo=168.187.240.163)by host.saysonconsulting.com with esmtpa (Exim 4.80)(envelope-from ) id 1U3WMX-00074w-Kffor westernunion@totalfluidpower.ca; Thu, 07 Feb 2013 13:38:22 -0500
)
[from:] => "Western Union"
[to:] => "westernunion"
[date:] => Thu, 7 Feb 2013 18:38:33 +0000
[organization:] => btopenworld.com
[mime-version:] => 1.0
[content-type:] => multipart/alternative;boundary="----=_NextPart_000_0000_01C6527E.AE8904D0"
[subject:] => [WU] Notice of Suspension
[x-beenthere:] => westernunion@totalfluidpower.ca
[x-mailman-version:] => 2.1.15
[precedence:] => list
[list-id:] =>
[list-unsubscribe:] => ,
[list-post:] =>
[list-help:] =>
[list-subscribe:] => ,
[errors-to:] => westernunion-bounces@totalfluidpower.ca
[sender:] => "WesternUnion"
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - host.saysonconsulting.com
[2] => Original Domain - scamdex.com
[3] => Originator/Caller UID/GID - [47 12] / [47 12]
[4] => Sender Address Domain - totalfluidpower.ca
)
[x-get-message-sender-via:] => host.saysonconsulting.com: acl_c_authenticated_local_user: mailman/mailman
[x-spam-status:] => No, score=3.8
[x-spam-score:] => 38
[x-spam-bar:] => +++
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Dear Customer, During our investigations we have identified a suspicious transaction on your account. To comply with money laundering regulations, we need to confirm your identity. Your account is not fully restricted but you must confirm your identity to avoid any suspension. [...] Content analysis details: (3.8 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 CTYPE_001C_B CTYPE_001C_B 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [70.38.67.205 listed in bb.barracudacentral.org] 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: emocsyria.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MISSING_MID Missing Message-Id: header
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
During
our investigations we have identified a suspicious transaction on your
account. To comply with money laundering regulations, we need to confirmyour
identity. Your account is not
fully restricted but you must
confirm your identity to avoid any suspension.
As part
of our security checks we'll ask you for some personal details. When more
than one person is concerned, we may need to confirm the name
andaddress of each of you. You will be told during
the identification process which options are available to you.
For your
protection, your account may be suspended until you are able to confirm your identity. We realize that this
precaution may cause you some inconvenience; However, keeping your account safe is one of our top
priorities.
Sincerely,
DanielleCozette Account Security Representative
Western Union AML
Team
Dear Customer,
During
our investigations we have identified a suspicious transaction on your
account. To comply with money laundering regulations, we need to confirm
your
identity. Your account is not
fully restricted but you must
confirm your identity to avoid any suspension.
To
confirm your identity now, please Click Here.
As part
of our security checks we'll ask you for some personal details. When more
than one person is concerned, we may need to confirm the name
and address of each of you. You will be told during
the identification process which options are available to you.
For your
protection, your account may be suspended until you are able to confirm your identity. We realize that this
precaution may cause you some inconvenience; However, keeping your account safe is one of our top
priorities.
Sincerely,
Danielle
Cozette Account Security Representative
Western Union AML
Team
