An
Email with the Subject "IT_Helpdesk News" was
received in one of Scamdex's honeypot email accounts on Wed, 23 Oct 2013 17:04:31 -0700
and has been classified as a Advance Fee Fraud/419 Scam Email.
The sender shows as "Jordan, Sandra" <Sandra.Jordan@cooperindustries.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
boxmobilmicrosoftaccountaccessjordanmail will maintenancemailboxsystem admin
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => darylyybpaulson@scamdex.com
[delivery-date:] => Wed, 23 Oct 2013 17:04:31 -0700
[received:] => Array
(
[0] => from cooperlighting-sw.cooperlighting.com ([216.130.131.68]:5787)by lester.newsblaze.com with esmtp (Exim 4.80.1)(envelope-from )id 1VZ8Pf-0005hU-5Rfor darylyybpaulson@scamdex.com; Wed, 23 Oct 2013 17:04:31 -0700
[1] => from cipt0175.nam.ci.root ([10.132.108.175]) by cooperlighting-sw.cooperlighting.com with ESMTP; 23 Oct 2013 20:04:30 -0400
[2] => from EVS2.NAM.CI.ROOT ([10.132.108.170]) by cipt0175.NAM.CI.ROOT with Microsoft SMTPSVC(6.0.3790.4675); Wed, 23 Oct 2013 20:04:29 -0400
)
[authentication-results:] => cooperlighting-sw.cooperlighting.com; dkim=neutral (message not signed) header.i=none
[x-ironport-av:] => E=Sophos;i="4.93,557,1378872000"; d="scan'208,217";a="124509147"
[x-mimeole:] => Produced By Microsoft Exchange V6.5
[content-class:] => urn:content-classes:message
[mime-version:] => 1.0
[content-type:] => multipart/alternative;boundary="----_=_NextPart_001_01CED04C.9AC02DE7"
[subject:] => IT_Helpdesk News
[date:] => Wed, 23 Oct 2013 20:04:27 -0400
[message-id:] =>
[x-ms-has-attach:] =>
[x-ms-tnef-correlator:] =>
[thread-topic:] => IT_Helpdesk News
[thread-index:] => Ac7QTJfHH+OeC+FXQrOhTXtyB/1VmQ==
[from:] => "Jordan, Sandra"
[bcc:] =>
[x-originalarrivaltime:] => 24 Oct 2013 00:04:29.0927 (UTC) FILETIME=[9C559770:01CED04C]
[x-spam-status:] => No, score=1.2
[x-spam-score:] => 12
[x-spam-bar:] => +
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Please be prepared for all systems to be offline for maintenance tomorrow night. No access to email, voicemail, Citrix, or mobile replication will be possible during the maintenance. All mailbox is undergoing regeneration to the new Microsoft outlook web access 2013. Inability to activate account will render your email in-activate. Activate by completing the Microsoft outlook web access page. CLICK HERE for activation. [...] Content analysis details: (1.2 points, 4.0 required) pts rule name description---- ---------------------- ---------------------------------------------------0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: 10vophaeng.dk] 0.0 HTML_MESSAGE BODY: HTML included in message
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Please be prepared for all systems to be offline for maintenance tomorrow night. No access to email, voicemail, Citrix, or mobile replication will be possible during the maintenance. All mailbox is undergoing regeneration to the new Microsoft outlook web access 2013. Inability to activate account will render your email in-activate. Activate by completing the Microsoft outlook web access page. CLICK HERE for activation.
System Administrator.
Please be prepared for all systems to be offline for maintenance tomorrow night. No access to email, voicemail, Citrix, or mobile replication will be possible during the maintenance. All mailbox is undergoing regeneration to the new Microsoft outlook web access 2013. Inability to activate account will render your email in-activate. Activate by completing the Microsoft outlook web access page. CLICK HERE for activation. System Administrator.
