An
Email with the Subject "Payroll Received by Intuit" was
received in one of Scamdex's honeypot email accounts on Mon, 13 Apr 2015 09:58:56 -0700
and has been classified as a Generic Scam Email.
The sender shows as "Intuit Payroll Services" <IntuitPayrollServices@payrollservices.intuit.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => pham_mi@o7e.net
[delivery-date:] => Mon, 13 Apr 2015 09:58:56 -0700
[received:] => Array
(
[0] => from [81.170.54.234] (port=49702 helo=as9105.com)by bigcat.newsblaze.com with esmtp (Exim 4.85)(envelope-from )id 1YhhgV-0003VP-Mwfor pham_mi@o7e.net; Mon, 13 Apr 2015 09:58:56 -0700
[1] => from [225.251.242.215] (port=83723 helo=[192.168.9.05]) by 81.170.54.234 with asmtp id 1rqLaL-0001R-00 for pham_mi@o7e.net; Mon, 13 Apr 2015 16:58:04 +0000
)
[message-id:] => <552BEEB0.9030801@payrollservices.intuit.com>
[date:] => Mon, 13 Apr 2015 16:58:04 +0000
[from:] => "Intuit Payroll Services"
[user-agent:] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
[mime-version:] => 1.0
[to:] => pham_mi@o7e.net
[subject:] => Payroll Received by Intuit
[content-type:] => multipart/mixed;boundary="----=_Part_37566_8935296904.6219709779563"
[x-spam:] => Not detected
[x-mras:] => Ok
[x-spam-status:] => No, score=2.6
[x-spam-score:] => 26
[x-spam-bar:] => ++
[x-ham-report:] => Spam detection software, running on the system "bigcat.newsblaze.com",has NOT identified this incoming email as spam. The originalmessage has been attached to this so you can view it or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Dear, pham_mi We received your payroll on April 13, 2015 at 09:01 AM EST. Attached is a copy of your Remittance. Please click on the attachment in order to view it. Please note the deadlines and status instructions below: [...] Content analysis details: (2.6 points, 4.5 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: intuit.com] 1.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=as9105.com;ip=81.170.54.234;r=bigcat.newsblaze.com] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Dear, pham_mi
We received your payroll on April 13, 2015 at 09:01 AM EST.
Attached is a copy of your Remittance. Please click on the attachment in order to view it.
Thank you for your business.
Intuit Payroll Services
If you have any questions or comments about this email, please DO NOT REPLY to this email. If you
need additional information please contact us.
