[Phish] Telephone phishing thread

Author	All Replies
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	[Phish] Telephone phishing thread I am hoping this can be made a sticky thread for reporting telephone phishing (includes vishing - voice phish as well as fax phish). Note that ordinary phishes should be reported to »/phishtrack rather than here. -- AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12
	to forum · permalink · · 2008-02-25 16:42:07 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	Fax phish - 914-293-2651 (paypal) Excerpts from phish: Your account access will be limited if in less than 48 hours we do not receive the fax with the information asked. # (Your case ID for this reason is PP-136-124-102.) and Please send us all of the following information so we can verify your identity with our records. (we require a fax in less than 48 hours) 1) Photocopy of a government-issued photo identification (identity card or passport) 2) Photocopy of your credit card (front and back side are required) Please be informed that the photocopies must be specific and readable otherwise they will not be taken in consideration. Please send us only one fax message that will contain all the photocopies required. Please send us the information requested to the fax number or address below. Faxing from US: 914-293-2651 Faxing from outside US: +1 914-293-2651 Excerpt from mail headers: Received: from hs16.order-vault.net (ftp.hs16.order-vault.net [65.18.148.238]) by mp.cs.niu.edu (8.14.2/8.14.2) with ESMTP id m1PKWmoK022961 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Mon, 25 Feb 2008 14:32:51 -0600 (CST) Received: from User ([74.8.99.49]) (authenticated (0 bits)) by hs16.order-vault.net (8.11.6/8.11.6) with ESMTP id m1PKVwS20195; Mon, 25 Feb 2008 15:31:58 -0500 -- AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12
	to forum · permalink · · 2008-02-25 16:46:22 ·
SnowyOne Premium join:2003-04-05 Kailua, HI ·RoadRunner Cable ·Clearwire Wireless	reply to nwrickert Re: [Phish] Telephone phishing thread said by nwrickert : I am hoping this can be made a sticky thread for reporting telephone phishing (includes vishing - voice phish as well as fax phish). Agreed.
	to forum · permalink · · 2008-02-25 18:13:56 ·
Kibbles Premium join:1999-07-31 Mission Viejo, CA	reply to nwrickert Would you get in trouble if you fax'd a FBI cover sheet? Looks like the call goes to NY...or is that forwarded somewhere else?
	to forum · permalink · · 2008-02-25 20:14:46 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL	I would guess it might be a VOIP number, in which case it could be anywhere.
	to forum · permalink · · 2008-02-25 20:16:23 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	reply to nwrickert Hope these are useful to someone... February 21: quote: Visa ATM/Check Card Deactivation Message from: Customer Service Date: 02/21/2008 We detected irregular activity on your Gesa ATM/Check Card on 02/20/2008. For your protection we have had to suspend any future authorizations being conducted with your Gesa Visa ATM/Check Card. For your security we have deactivate your card. How to activate/re-activate your card ? You may stop by your branch or call our Activation Center. Activation Center: (509) 210-4256 (24 Hour Line) Headers: Return-path: <gesa@accountsecurity.com> Envelope-to: gumu@removed.us Delivery-date: Thu, 21 Feb 2008 14:33:59 -0500 Received: from mail.netafrique.com ([63.219.177.34]:3983 helo=MC100814) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <gesa@accountsecurity.com>) id 1JSHB5-0000Hc-0J for gumu@removed.us; Thu, 21 Feb 2008 14:33:58 -0500 Received: from 66-52-78-214.jklmail.com [66.52.78.214] by MC100814 with SMTP; Thu, 21 Feb 2008 14:34:28 -0500 Reply-To: <noreply@gesa.com> From: "Gesa Credit Union"<gesa@accountsecurity.com> Subject: SECURITY ALERT! Date: Thu, 21 Feb 2008 11:30:32 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="koi8-u" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Subject: *SPAM* SECURITY ALERT! X-Spam-Status: Yes, score=10.6 X-Spam-Score: 106 X-Spam-Bar: ++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Visa ATM/Check Card Deactivation Message from: Customer Service Date: 02/21/2008 We detected irregular activity on your Gesa ATM/Check Card on 02/20/2008. For your protection we have had to suspend any future authorizations being conducted with your Gesa Visa ATM/Check Card. [...] Content analysis details: (10.6 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 MISSING_MID Missing Message-Id: header 2.1 SUBJ_ALL_CAPS Subject is all capitals 1.3 MISSING_HEADERS Missing To: header 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.7967] 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:23:20 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	February 20: quote: Dear customer, Due to recent online fraud, all cardholders are required to contact our Town North Bank, Security Departament at our total free number : 972-546-0398 Contacting this number will enable us to monitor your account closely, and suspend it as soon as we notice any fraudulent activity. CONTACTING THIS NUMBER IS MANDATORY, OR YOUR CARD WILL BE CONSIDERED A SECURITY RISK AND IT WILL BE BLOCKED FROM ONLINE USAGE ! Please DO NOT reply to any emails asking for sensitive information, as many of our customers have been frauded for considerable ammounts of money. If you receive any type of email please report it immediately ! Please note the total free number : +1 972-546-0398 Town North Bank Security Departamanet , PO Box 814810 Dallas, Texas 75381-4810 Headers: Return-path: <security@townnorthbank.com> Envelope-to: gumu@removed.us Delivery-date: Wed, 20 Feb 2008 07:44:37 -0500 Received: from host74.host74-server.com ([66.49.248.230]:46981) by laredo.root--servers.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <security@townnorthbank.com>) id 1JRoJN-0002Qe-Ew for gumu@removed.us; Wed, 20 Feb 2008 07:44:37 -0500 Received: from User (ev1s-209-62-3-50.ev1servers.net [209.62.3.50] (may be forged)) (authenticated bits=0) by host74.host74-server.com (8.12.11/8.12.11) with ESMTP id m1KCiNY4010269; Wed, 20 Feb 2008 07:44:24 -0500 Message-Id: <200802201244.m1KCiNY4010269@host74.host74-server.com> From: "Town North Bank"<security@townnorthbank.com> Subject: Urgent Notification Date: Wed, 20 Feb 2008 06:44:22 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Subject: *SPAM* Urgent Notification X-Spam-Status: Yes, score=11.0 X-Spam-Score: 110 X-Spam-Bar: +++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear customer, Due to recent online fraud, all cardholders are required to contact our Town North Bank, Security Departament at our total free number : 972-546-0398 Contacting this number will enable us to monitor your account closely, and suspend it as soon as we notice any fraudulent activity. [...] Content analysis details: (11.0 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.8 TVD_PH_SUBJ_URGENT TVD_PH_SUBJ_URGENT 1.3 MISSING_HEADERS Missing To: header 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9726] 0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:24:32 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	February 19: quote: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. To start the update process please call at total free number : 847-481-8194 The information provided will be treated in confidence and stored in our secure database. If you fail to provide information about your account you'll discover that your account has been automatically deleted from our database. Please note the total free number : +1 847-481-8194 Copyright © VISA Debit Card, All Rights Reserved Headers: Return-path: <debit@visa.com> Envelope-to: gumu@removed.us Delivery-date: Tue, 19 Feb 2008 12:32:34 -0500 Received: from host101.host101-server.com ([66.49.199.16]:56250) by laredo.root--servers.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <debit@visa.com>) id 1JRWKV-0001Me-9y for gumu@removed.us; Tue, 19 Feb 2008 12:32:34 -0500 Received: from User (playa-capital74.ucn.net [63.110.44.74] (may be forged)) (authenticated bits=0) by host101.host101-server.com (8.12.10/8.12.10) with ESMTP id m1JHWAmb003323; Tue, 19 Feb 2008 12:32:12 -0500 Message-Id: <200802191732.m1JHWAmb003323@host101.host101-server.com> From: "VISA Debit Card"<debit@visa.com> Subject: Urgent Notification Date: Tue, 19 Feb 2008 09:36:34 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by host101.host101-server.com id m1JHWAmb003323 X-Spam-Subject: *SPAM* Urgent Notification X-Spam-Status: Yes, score=10.0 X-Spam-Score: 100 X-Spam-Bar: ++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. [...] Content analysis details: (10.0 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.8 TVD_PH_SUBJ_URGENT TVD_PH_SUBJ_URGENT 1.3 MISSING_HEADERS Missing To: header 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95% [score: 0.9225] 0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:25:25 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	February 13: quote: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. To start the update process please call at total free number : 805-203-4523 The information provided will be treated in confidence and stored in our secure database. If you fail to provide information about your account you'll discover that your account has been automatically deleted from our database. Please note the total free number : +1 805-203-4523 Copyright © VISA Debit Card, All Rights Reserved Headers: Return-path: <debit@visa.com> Envelope-to: gumu@removed.us Delivery-date: Wed, 13 Feb 2008 11:42:35 -0500 Received: from host50-server.com ([66.49.136.205]:42309 helo=host50.host50-server.com) by laredo.root--servers.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <debit@visa.com>) id 1JPKgp-0007YL-VN for gumu@removed.us; Wed, 13 Feb 2008 11:42:35 -0500 Received: from User (host-209-174-182-70.champaignschools.org [209.174.182.70] (may be forged)) (authenticated bits=0) by host50.host50-server.com (8.12.10/8.12.10) with ESMTP id m1DGl9M4002562; Wed, 13 Feb 2008 11:47:09 -0500 Message-Id: <200802131647.m1DGl9M4002562@host50.host50-server.com> Reply-To: <debit@visa.com> From: "VISA Debit Cards"<debit@visa.com> Subject: Urgent Notification Date: Wed, 13 Feb 2008 10:45:05 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by host50.host50-server.com id m1DGl9M4002562 X-Spam-Subject: *SPAM* Urgent Notification X-Spam-Status: Yes, score=11.0 X-Spam-Score: 110 X-Spam-Bar: +++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. [...] Content analysis details: (11.0 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.8 TVD_PH_SUBJ_URGENT TVD_PH_SUBJ_URGENT 1.3 MISSING_HEADERS Missing To: header 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9858] 0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:27:02 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	February 4: quote: Dear Empire Bank Cardholder, We detected irregular activity on your debit/credit card on 02/03/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. Empire Bank is serious about safeguarding your personal information online. Unlocking your profile will take approximately one minute to complete . To reactivate your debit/credit card : Immediately call 1-(800) 929-3209 Monday-Friday during office hours. or after hours and on weekends to reactivate your debit/credit card. Member FDIC · Equal Housing Lender· © 2007 Empire Bank Headers: Return-path: <gribble.dale+caf_=gumu=removed.us@gmail.com> Envelope-to: gumu@removed.us Delivery-date: Mon, 04 Feb 2008 10:49:54 -0500 Received: from ug-out-1314.google.com ([66.249.92.168]:31498) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <gribble.dale+caf_=gumu=removed.us@gmail.com>) id 1JM3Zu-0001UP-Ow for gumu@removed.us; Mon, 04 Feb 2008 10:49:54 -0500 Received: by ug-out-1314.google.com with SMTP id q2so17805uge.50 for <gumu@removed.us>; Mon, 04 Feb 2008 07:49:49 -0800 (PST) Received: by 10.78.162.4 with SMTP id k4mr12433546hue.66.1202140188297; Mon, 04 Feb 2008 07:49:48 -0800 (PST) X-Forwarded-To: gumu@removed.us X-Forwarded-For: gribble.dale@gmail.com gumu@removed.us Delivered-To: gribble.dale@gmail.com Received: by 10.78.156.16 with SMTP id d16cs104683hue; Mon, 4 Feb 2008 07:49:46 -0800 (PST) Received: by 10.78.137.7 with SMTP id k7mr12431855hud.68.1202140185490; Mon, 04 Feb 2008 07:49:45 -0800 (PST) Received: from centralfloridafair.com (cfsvr1.centralfloridafair.com [64.90.0.1]) by mx.google.com with ESMTP id p25si1948067hub.29.2008.02.04.07.49.44; Mon, 04 Feb 2008 07:49:45 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning info@empirebank.com does not designate 64.90.0.1 as permitted sender) client-ip=64.90.0.1; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning info@empirebank.com does not designate 64.90.0.1 as permitted sender) smtp.mail=info@empirebank.com Received: from User ([64.62.123.42]) by centralfloridafair.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 4 Feb 2008 10:43:42 -0500 From: "Empire Bank"<info@empirebank.com> Subject: Irregular Check Card Activity Date: Mon, 4 Feb 2008 07:48:39 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Message-ID: <CFSVR14Ogddu5qE8DzH0000178c@centralfloridafair.com> X-OriginalArrivalTime: 04 Feb 2008 15:43:42.0656 (UTC) FILETIME=[B83DE400:01C86744] X-Spam-Subject: *SPAM* Irregular Check Card Activity X-Spam-Status: Yes, score=11.9 X-Spam-Score: 119 X-Spam-Bar: +++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Empire Bank Cardholder, We detected irregular activity on your debit/credit card on 02/03/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. [...] Content analysis details: (11.9 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] -0.0 SPF_PASS SPF: sender matches SPF record 1.3 MISSING_HEADERS Missing To: header 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:29:31 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	January 23: quote: Dear Cardholder, We detected irregular activity on your debit card on 01/22/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. To reactivate your account, you must contact us at (800) 564-9401 and fallow the instructions . Copyright © National Credit Union Administration . Headers: Return-path: <support@ncua.gov> Envelope-to: gumu@removed.us Delivery-date: Wed, 23 Jan 2008 23:57:11 -0500 Received: from adsl-75-41-76-14.dsl.chcgil.sbcglobal.net ([75.41.76.14]:6758 helo=emailserver.nmct.net) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <support@ncua.gov>) id 1JHu9D-0005z9-7J for gumu@removed.us; Wed, 23 Jan 2008 23:57:11 -0500 Received: from User ([24.65.64.219]) by emailserver.nmct.net with Microsoft SMTPSVC(5.0.2195.6713); Wed, 23 Jan 2008 22:50:56 -0600 From: "National Credit Union Administration"<support@ncua.gov> Subject: Irregular Check Card Activity Date: Wed, 23 Jan 2008 21:51:18 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Message-ID: <EMAILSERVER66lRCR5Y00000609@emailserver.nmct.net> X-OriginalArrivalTime: 24 Jan 2008 04:50:56.0625 (UTC) FILETIME=[B4EC9610:01C85E44] X-Spam-Subject: *SPAM* Irregular Check Card Activity X-Spam-Status: Yes, score=14.9 X-Spam-Score: 149 X-Spam-Bar: ++++++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Cardholder, We detected irregular activity on your debit card on 01/22/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. [...] Content analysis details: (14.9 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 3.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?24.65.64.219>] 0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 1.3 MISSING_HEADERS Missing To: header 0.0 HTML_MESSAGE BODY: HTML included in message 1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:31:57 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	January 23: quote: Dear PUDCU Cardholder, We detected irregular activity on your debit/credit card on 01/21/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. Snohomish County PUD Credit Union is serious about safeguarding your personal information online. Unlocking your profile will take approximately one minute to complete . To reactivate your debit/credit card : Immediately call 1-(800) 319-9621 Monday-Friday during office hours. or after hours and on weekends to reactivate your debit/credit card. © 2008 Snohomish County PUD Credit Union Headers: Return-path: <account@pudcu.com> Envelope-to: gumu@removed.us Delivery-date: Wed, 23 Jan 2008 11:17:32 -0500 Received: from [76.12.61.28] (port=4637 helo=ds134642-1) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <account@pudcu.com>) id 1JHiI4-0006LC-EV for gumu@removed.us; Wed, 23 Jan 2008 11:17:32 -0500 Received: from s0106003065fb8258.fm.shawcable.net [24.65.64.219] by ds134642-1 with SMTP; Wed, 23 Jan 2008 23:16:04 -0500 From: "PUDCU"<account@pudcu.com> Subject: Irregular Activity Date: Wed, 23 Jan 2008 09:15:27 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Subject: *SPAM* Irregular Activity X-Spam-Status: Yes, score=15.7 X-Spam-Score: 157 X-Spam-Bar: +++++++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear PUDCU Cardholder, We detected irregular activity on your debit/credit card on 01/21/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. [...] Content analysis details: (15.7 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.0 MISSING_MID Missing Message-Id: header 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 3.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?24.65.64.219>] 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) 1.3 MISSING_HEADERS Missing To: header 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-01 03:33:17 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs: 1 edit	January 21: quote: Dear Listerhill Credit Union Cardholder, We detected irregular activity on your debit/credit card on 01/21/2008. For your security, your online banking profile has been locked due to inactivity or because of too many failed login attempts. Listerhill Credit Union is serious about safeguarding your personal information online. Unlocking your profile will take approximately one minute to complete . To reactivate your debit/credit card : Immediately call 1-(800) 554-8147 Monday-Friday during office hours. or after hours and on weekends to reactivate your debit/credit card. Headers: Return-path: <callus@listerhill.com> Envelope-to: removed@laredo.root--servers.net Delivery-date: Mon, 21 Jan 2008 11:10:17 -0500 Received: from removed by laredo.root--servers.net with local-bsmtp (Exim 4.68) (envelope-from <callus@listerhill.com>) id 1JGzDx-0004sI-91 for removed@laredo.root--servers.net; Mon, 21 Jan 2008 11:10:17 -0500 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on laredo.root--servers.net X-Spam-Level: ************* X-Spam-Status: Yes, score=13.7 required=4.5 tests=AWL,BAYES_95, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_16, HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,INVALID_TZ_EST,MIME_HTML_ONLY, MISSING_HEADERS,MISSING_MID,RCVD_NUMERIC_HELO,RDNS_NONE autolearn=spam version=3.2.3 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 2.7 INVALID_TZ_EST Invalid date in header (wrong EST timezone) * 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 1.3 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% * [score: 0.9517] * 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words * 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag * 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * -1.7 AWL AWL: From: address is in the auto white-list Received: from [75.144.105.41] (port=3039 helo=mail) by laredo.root--servers.net with smtp (Exim 4.68) (envelope-from <callus@listerhill.com>) id 1JGzDx-0004sC-4R for gumu@removed.us; Mon, 21 Jan 2008 11:10:13 -0500 X-DN-AuthenticatedSender: WJNMJ6Y49E9A33NMKKNEHR39FEECX49W-7N7XuX6kOrPPID+RQx8MCC0DUOpXVR+x6PY47D02NwesRKSVkkrKacEUZe6cnhv/--- Received: from 24.65.64.219 ([24.65.64.219]) by mail (DeskNow) with SMTP ID 180; Mon, 21 Jan 2008 10:15:03 -0600 (EST) From: "Listerhill Credit Union"<callus@listerhill.com> Subject: ***SPAM* Irregular Check Card Activity Date: Mon, 21 Jan 2008 09:10:11 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Prev-Subject: Irregular Check Card Activity Message-Id: <E1JGzDx-0004sI-91@laredo.root--servers.net> That's just about it for 2008 so far. I won't bore you guys with copies of vish emails from 2007, unless you think they'll be useful... -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net**
	to forum · permalink · · 2008-03-01 03:34:14 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	March 11: quote: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. To start the update process please call at total free number : 803-825-4293 The information provided will be treated in confidence and stored in our secure database. If you fail to provide information about your account you'll discover that your account has been automatically deleted from our database. Please note the total free number : +1 803-825-4293 Copyright © VISA Debit Card, All Rights Reserved Headers: Return-path: <debit@visa.com> Envelope-to: gumu@removed.us Delivery-date: Tue, 11 Mar 2008 10:39:18 -0400 Received: from mail.altayyargroup.com ([212.100.194.83]:38490) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <debit@visa.com>) id 1JZ5dJ-0001w6-Sf for gumu@removed.us; Tue, 11 Mar 2008 10:39:18 -0400 Received: from User ([10.65.28.1]) by mail.altayyargroup.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 11 Mar 2008 17:41:43 +0300 Reply-To: <debit@visa.com> From: "VISA Debit Card"<debit@visa.com> CC: gump13@hotmail.com,gumpond@netscape.com,gumshoe@uscyber.com,gumu@removed.us,gunadanu@hotmail.com Subject: Urgent Notification! Date: Tue, 11 Mar 2008 15.51.35 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <MAILfMS9stbDEa7fzCL00004a24@mail.altayyargroup.com> X-OriginalArrivalTime: 11 Mar 2008 14:41:44.0380 (UTC) FILETIME=[06D8FFC0:01C88386] X-Spam-Subject: *SPAM* Urgent Notification! X-Spam-Status: Yes, score=13.4 X-Spam-Score: 134 X-Spam-Bar: +++++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Customer, VISA Debit Card , Security Departament temporarily suspended your account. Reason: Fraud Atempts We require you to complete an account update so we can unlock your account. [...] Content analysis details: (13.4 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 INVALID_DATE Invalid Date: header (not RFC 2822) 2.8 TVD_PH_SUBJ_URGENT TVD_PH_SUBJ_URGENT 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 2.9 SUSPICIOUS_RECIPS Similar addresses in recipient list 1.3 MISSING_HEADERS Missing To: header 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6898] 0.0 FM_IS_IT_OUR_ACCOUNT Is it our account? 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES -- irc.removed.us - #dslr \| DSLR Phishtracker \| Email: removed@dslr.net
	to forum · permalink · · 2008-03-11 13:11:00 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert March 12: Colonial bank quote: Dear Customer, Colonial Bank temporarily suspended your account. Reason: Fraud Attempts To reactivate your account call the toll-free number: 1-334-246-4229 Never access Colonial Bank Web site by clicking on a link provided in an e-mail. Colonial Bank will never solicit you to provide or update personal or financial information. And, will never send an e-mail containing links to Web sites. Copyright 2008 Colonial Bank . All Rights Reserved. KYDXBXIQSQHWJJWPKRDPWGQCLXDWJFVBUYGUTF Return-Path: <online@colonialbank.com> Received: from neptune.webfusion.co.uk (neptune.webfusion.co.uk [212.67.202.9]) by mp.cs.niu.edu (8.14.2/8.14.2) with ESMTP id m2CDKBmL001529 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for <munged@cs.niu.edu>; Wed, 12 Mar 2008 08:20:17 -0500 (CDT) Message-Id: <200803121320.m2CDKBmL001529@mp.cs.niu.edu> Received: from adsl-67-37-18-250.dsl.bcvloh.ameritech.net ([67.37.18.250] helo=User) by neptune.webfusion.co.uk with esmtpa (Exim 4.54) id 1JZQsM-0007eZ-Ce; Wed, 12 Mar 2008 13:20:10 +0000 Reply-To: <do-not-reply@colonialbank.com> From: "Colonial Bank"<online@colonialbank.com> Subject: Colonial Bank temporarily suspended your account. Date: Wed, 12 Mar 2008 09:20:12 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 -- AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12
	to forum · permalink · · 2008-03-12 10:01:53 ·
Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX ·AT&T U-Verse	reply to nwrickert Phone Phish delivered to my Mom's Yahoo email: X-Apparently-To: x@yahoo.com via 66.163.178.133; Wed, 12 Mar 2008 13:34:09 -0700 X-YahooFilteredBulk:64.40.243.82 X-Originating-IP:[64.40.243.82] Return-Path:<netspend@netspendsecurity.com> Authentication-Results:mta358.mail.mud.yahoo.com from=netspendsecurity.com; domainkeys=neutral (no sig) Received:from 64.40.243.82 (EHLO mail.travinfo1.net) (64.40.243.82) by mta358.mail.mud.yahoo.com with SMTP; Wed, 12 Mar 2008 13:34:08 -0700 Received:from User ([65.101.57.222]) by mail.travinfo1.net (Merak 7.6.4) with ASMTP id VOV40501; Wed, 12 Mar 2008 14:49:50 -0500 Reply-to:<noreply@netspend.com> From:"NetSpend" <netspend@netspendsecurity.com> Add Mobile Alert Subject:SECURITY ALERT! Date:Wed, 12 Mar 2008 12:49:49 -0700 MIME-Version:1.0 Content-Type:text/html; charset="Windows-1251" Content-Transfer-Encoding:7bit X-Priority:3 X-MSMail-Priority:Normal X-Mailer:Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Length:2383 Card Deactivation Message from: Customer Service Date: 03/12/2008 We detected irregular activity on your NetSpend® Card on 03/11/2008. For your protection we have had to suspend any future authorizations being conducted with your NetSpend® Card. For your security we have deactivate your card. How to activate/re-activate your card ? You may stop by your branch or call our Activation Center. Activation Center: (888) 721-9034 (24 Hour Line) Our automated system allows you to quickly activate your card. We apologize for any inconvenience this may cause. NetSpend Corporation Card Department PO Box 2136 Austin, TX 78768-2136 Only thing changed was my mom's email name. I replaced it with the 'x'. -- "The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
	to forum · permalink · · 2008-03-12 23:02:25 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Colonial bank (334) 830-4240 Another Colonial bank vish - different phone number quote: > Colonial Bank Online department temporary disabled your account. You no longer have access to the account registered with this email address After three unsuccessful login attempts your account was temporary disabled until further investigations. Colonial Bank will never ask you any information via e-mail. Call this number (334) 830-4240 - Toll Free You must reactivate your account immediately, or you won't be able to use your cards again. > Sorry for any inconvenience this may cause and thank you for your patience. > To reactivate your account call us: (334) 830-4240 - Toll Free 2004-2008 Colonial Bank KFVIQCXMNBHRXJSRFIYSQJKLNMGFNRBSFENPMZ Return-Path: <update@colonialbank.com> Received: from EXTRANET.COMUNICACION (extranet.tecfa.com [62.93.180.61]) by mp.cs.niu.edu (8.14.2/8.14.2) with ESMTP id m2DIbLDr024400 for <munged@cs.niu.edu>; Thu, 13 Mar 2008 13:37:26 -0500 (CDT) Received: from User ([67.37.18.250]) by EXTRANET.COMUNICACION with Microsoft SMTPSVC(5.0.2195.6713); Thu, 13 Mar 2008 19:47:44 +0100 Reply-To: <update@colonialcolonial.com> From: "Colonial Bank"<update@colonialbank.com> Subject: Colonial Bank Online department temporary disabled your account. Date: Thu, 13 Mar 2008 14:37:20 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Message-ID: <EXTRANETEEmYDKFJ2I10000216a@EXTRANET.COMUNICACION> X-OriginalArrivalTime: 13 Mar 2008 18:47:44.0828 (UTC) FILETIME=[B9961FC0:01C8853A] -- AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12
	to forum · permalink · · 2008-03-13 15:02:58 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	Got the same one as you did about the 334-830-4240 number. Headers: Return-path: <colonial@colonialbank.com> Envelope-to: gumu@removed.us Delivery-date: Thu, 13 Mar 2008 14:45:01 -0400 Reply-To: <colonial@colonialbank.com> From: "Colonial Bank"<colonial@colonialbank.com> Subject: NOTICE ID: DIITNVWFWE Date: Thu, 13 Mar 2008 18:46:49 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit Bcc: Message-ID: <SERVER-1odYE4KveYKW000065e5@nicholasashley.com> ID: DIITNVWFWE preview: > Colonial Bank Online department temporary disabled your account. You no longer have access to the account registered with this email address After three unsuccessful login attempts your account was temporary disabled until further investigations. [...] Content analysis details: (11.2 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9907] 1.5 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org 2.1 SUBJ_ALL_CAPS Subject is all capitals 1.3 MISSING_HEADERS Missing To: header 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook -0.2 AWL AWL: From: address is in the auto white-list
	to forum · permalink · · 2008-03-13 17:46:25 ·
removed Crisis Management Squad Premium,VIP join:2002-02-08 Houston, TX clubs:	March 14: quote: Dear customer, VISA Debit Card, Security Departament suspended your acccount. Reason: Energy Breakdown After the energy breakdown from 13/03/2008 it appears that some of our hardware is not working properly. The data of five thousands customers stored on computer backup tapes was lost. Some restrictions applied untill you update your account. To reactivate your account please call at : 209-683-4515 Please note our number : +1 209-683-4515 The information provided will be treated in confidence and stored in our secure database. If you fail to provide information about your account you'll discover that your account has been automatically deleted from VISA Debit Card database. Headers: Return-path: <debit@visa.com> Envelope-to: gumu@removed.us Delivery-date: Fri, 14 Mar 2008 08:05:16 -0400 Received: from mail.privatehealthnews.com ([63.84.188.168]:1802) by laredo.root--servers.net with esmtp (Exim 4.68) (envelope-from <debit@visa.com>) id 1Ja8eu-0005A1-PS for gumu@removed.us; Fri, 14 Mar 2008 08:05:16 -0400 Received: from User [63.246.1.148] by mail.privatehealthnews.com with ESMTP (SMTPD-9.20) id A9F40238; Fri, 14 Mar 2008 08:05:08 -0400 From: "VISA Debit Card"<debit@visa.com> Subject: Urgent Notification Date: Fri, 14 Mar 2008 12:00:35 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <200803140805858.SM02840@User> X-Spam-Subject: *SPAM* Urgent Notification X-Spam-Status: Yes, score=11.5 X-Spam-Score: 115 X-Spam-Bar: +++++++++++ X-Spam-Report: Spam detection software, running on the system "laredo.root--servers.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear customer, VISA Debit Card, Security Departament suspended your acccount. Reason: Energy Breakdown After the energy breakdown from 13/03/2008 it appears that some of our hardware is not working properly. The data of five thousands customers stored on computer backup tapes was lost. [...] Content analysis details: (11.5 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 2.8 TVD_PH_SUBJ_URGENT TVD_PH_SUBJ_URGENT 1.3 MISSING_HEADERS Missing To: header 0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Flag: YES
	to forum · permalink · · 2008-03-14 11:17:09 ·
Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX ·AT&T U-Verse	reply to nwrickert Re: [Phish] Telephone phishing thread A Franklin Bank phone phish sent to my mom's Yahoo email: (I submitted a regular one of these just now to Phishtracker - it too has a phone number in it as well, probably bogus.) As with the last one I posted, the only thing changed was in the X-Apparently-To: field. X-Apparently-To: x@yahoo.com via 66.163.178.140; Fri, 21 Mar 2008 12:47:59 -0700 X-YahooFilteredBulk:65.97.182.163 X-Originating-IP:[65.97.182.163] Return-Path:<not-reply@bankfranklin.com> Authentication-Results:mta110.mail.re2.yahoo.com from=bankfranklin.com; domainkeys=neutral (no sig) Received:from 65.97.182.163 (EHLO mail.1010xl.com) (65.97.182.163) by mta110.mail.re2.yahoo.com with SMTP; Fri, 21 Mar 2008 12:47:59 -0700 Received:from User ([208.69.59.178]) by mail.1010xl.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 Mar 2008 14:33:03 -0400 Reply-to:<not-reply@bankfranklin.com> From:"Franklin Bank" <not-reply@bankfranklin.com> Subject:Account Suspended. Date:Fri, 21 Mar 2008 13:34:15 -0500 MIME-Version:1.0 Content-Type:text/plain; charset="Windows-1251" Content-Transfer-Encoding:7bit X-Priority:1 X-MSMail-Priority:High X-Mailer:Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Return-Path:not-reply@bankfranklin.com Message-ID:<SBRSBS2oHzGkzMcvsq900002c75@mail.1010xl.com> X-OriginalArrivalTime:21 Mar 2008 18:33:04.0328 (UTC) FILETIME=[00127C80:01C88B82] X-TM-AS-Product-Ver:SMEX-7.5.0.1166-5.0.1023-15788.002 X-TM-AS-Result:No--8.198000-5.000000-31 X-TM-AS-User-Approved-Sender:No X-TM-AS-User-Blocked-Sender:No Content-Length:361 Message from Franklin Bank Customer Service Account Suspended. Date: 3/21/2008 All Franklin Bank accounts were recently updated with a new security enhancement. Your account has been temporary suspended. To activate your account please call the security department at 972-704-2837 Thank you for banking with Franklin Bank. Copyright © 2008 Franklin Bank. -- "The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
	to forum · permalink · · 2008-03-21 21:00:03 ·


Friday, 27-Nov 08:37:11	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF