An
Email with the Subject "***SPAM*** Just to inform you/Receipt" was
received in one of Scamdex's honeypot email accounts on Sat, 04 May 2013 10:13:49 -0700
and has been classified as a Generic Scam Email.
The sender shows as "Mr. Johnson Fairheart." <officialfiles@cantv.net>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
05 million boxexpresscontactnumbersaward millionglobalcourierpaymentservicedeliverymaildollarusdreferencesincerely will spamsecuritymy dear mr. paul kizito
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => submissions@scamdex.com,scams@scamdex.com,submitted@scamdex.com
[delivery-date:] => Sat, 04 May 2013 10:13:49 -0700
[received:] => Array
(
[0] => from 10ibl21ser04.datacenter.cha.cantv.net ([200.11.173.10]:47805)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80)(envelope-from )id 1UYg1s-00043D-AM; Sat, 04 May 2013 10:13:49 -0700
[1] => from webmail-06.datacenter.cha.cantv.net (webmail-06.datacenter.cha.cantv.net [200.11.153.89])(authenticated bits=0)by 10ibl21ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with ESMTP id r44HAdMB008623;Sat, 4 May 2013 12:40:39 -0430
[2] => from 41.85.169.145 ([41.85.169.145]) by webmail-06.datacenter.cha.cantv.net (Cantv Webmail) with HTTP; Sat, 4 May 2013 12:40:39 -0430 (VET)
)
[x-virus-scanned:] => amavisd-new at cantv.net
[x-matched-lists:] => []
[date:] => Sat, 4 May 2013 12:40:39 -0430 (VET)
[from:] => "Mr. Johnson Fairheart."
[reply-to:] => tntexpresscourier@mail2usa.com
[to:] => info@tntexpress.com
[message-id:] => <678208950.348847.1367687439288.JavaMail.gess@webmail-06.datacenter.cha.cantv.net>
[mime-version:] => 1.0
[content-type:] => text/html; charset=UTF-8
[content-transfer-encoding:] => 7bit
[x-mailer:] => Cantv Webmail
[x-originating-ip:] => [41.85.169.145]
[x-spam-status:] => Yes, score=4.6
[x-spam-score:] => 46
[x-spam-bar:] => ++++
[x-spam-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Good news to you my dear, We have been waiting for you to contact us for your overdue Payment award of $2.5 Million American Dollars is Boxed and put to TNT Global Express to deliver to you as a cash payment. Since you are disappointed in the past. [...] Content analysis details: (4.6 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [200.11.173.10 listed in bb.barracudacentral.org]-0.0 SPF_PASS SPF: sender matches SPF record-2.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: mail2usa.com] 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 LOTS_OF_MONEY Huge... sums of money 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 0.0 MONEY_FROM_41 Lots of money from Africa
[x-spam-flag:] => YES
[subject:] => ***SPAM*** Just to inform you/Receipt
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
We have been waiting for you to contact us for your overdue Payment award of $2.5 Million American Dollars is Boxed and put to TNT Global Express to deliver to you as a cash payment. Since you are disappointed in the past.
Kindly contact TNT Global Express Company with your delivery address and telephone numbers. Here is their contact, Mr. Paul Kizito e-mail: tntexpresscourier@mail2usa.com Tel: +22968515766
You should try to comply with them, contact TNT Global Express Services for tracking nos and VIP shipment. Your reference code is SMK-101-87529B. Note that you will pay for the Security Keeping Fee of $255usd and it is compulsory.
Sincerely, Mr. Johnson Fairheart.
Good news to you my dear,
We have been waiting for you to contact us for your overdue Payment award of $2.5 Million American Dollars is Boxed and put to TNT Global Express to deliver to you as a cash payment. Since you are disappointed in the past.
Kindly contact TNT Global Express Company with your delivery address and telephone numbers. Here is their contact, Mr. Paul Kizito e-mail: tntexpresscourier@mail2usa.com Tel: +22968515766
You should try to comply with them, contact TNT Global Express Services for tracking nos and VIP shipment. Your reference code is SMK-101-87529B. Note that you will pay for the Security Keeping Fee of $255usd and it is compulsory.
