Title: Just got this E-mail from OKPAY, I think it's phishing Post by: Remember remember the 5th of November on April 13, 2012, 10:18:19 PM Quote Dear partners, Due to legal issues OKPay will close all operations by May 1. 2012. Please use this time to withdraw your available balance. Sincerely yours, Konstantin Romanovsky OKPay CEO http://www. okpay .com r z e What do you think? I've never registered to this site, but I got the mail. Headers Quote Delivered-To: xxxxxxx Received: by 10.112.27.135 with SMTP id t7csp15106lbg; Fri, 13 Apr 2012 09:02:51 -0700 (PDT) Received: by 10.204.156.12 with SMTP id u12mr691269bkw.33.1334332970837; Fri, 13 Apr 2012 09:02:50 -0700 (PDT) Return-Path: <support@okpay.com> Received: from 173.194.69.27 (cairo.perfect-privacy.com. [41.215.241.234]) by mx.google.com with SMTP id t8si3645873bkd.28.2012.04.13.09.02.48; Fri, 13 Apr 2012 09:02:50 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning support@okpay.com does not designate 41.215.241.234 as permitted sender) client-ip=41.215.241.234; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning support@okpay.com does not designate 41.215.241.234 as permitted sender) smtp.mail=support@okpay.com Received: from 112.2.44.70 by ; Fri, 13 Apr 2012 19:55:47 +0300 Message-ID: <RPOFLGCWBXOHPJYIWJGKZ@msn.com> From: "OKPAY" <support@okpay.com> Reply-To: "OKPAY" <support@okpay.com> To: xxxx, xxxx Subject: OKPAY Closing Date: Fri, 13 Apr 2012 15:01:47 -0200 X-Mailer: AOL 7.0 for Windows US sub 118 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--15733187150045582" X-Priority: 3 X-MSMail-Priority: Normal ----15733187150045582 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: Red Emerald on April 13, 2012, 10:20:28 PM Quote Dear partners, Due to legal issues OKPay will close all operations by May 1. 2012. Please use this time to withdraw your available balance. Sincerely yours, Konstantin Romanovsky OKPay CEO http://www. okpay .com r z e What do you think? I've never registered to this site, but I got the mail. Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: Stephen Gornick on April 13, 2012, 10:43:22 PM Yup, someone hates OKPay for whatever reason and is sending out messages to the list of e-mail addresses that was obtained last June when Mt. Gox got hacked.
Here's a prior spam campaign, possibly by the same perpetrator: - https://bitcointalk.org/index.php?topic=76270.0 Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: Red Emerald on April 13, 2012, 11:22:40 PM cairo.perfect-privacy.com sure sounds legit lol
Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: apetersson on April 14, 2012, 09:28:03 AM excerpt from my headers:
Quote X-Spam-Status: Yes, score=17.6 required=4.0 X-Spam-Report: * 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [41.215.241.234 listed in zen.spamhaus.org] * 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1 * 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary * 1.4 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com * 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant) * 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4 * 0.1 TVD_RCVD_IP TVD_RCVD_IP * 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should * 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines * 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this * 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com) * 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP * 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora this is about the worst possible spam-score. pretty weak attempt. Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: rjk on April 14, 2012, 01:25:12 PM excerpt from my headers: Which spam classification tool is giving you those headers? It looks fairly intelligent.Quote X-Spam-Status: Yes, score=17.6 required=4.0 X-Spam-Report: * 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [41.215.241.234 listed in zen.spamhaus.org] * 1.4 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1 * 0.3 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary * 1.4 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com * 2.0 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant) * 1.5 TVD_RCVD_IP4 TVD_RCVD_IP4 * 0.1 TVD_RCVD_IP TVD_RCVD_IP * 1.2 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should * 0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines * 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this * 2.2 FORGED_MSGID_YAHOO Message-ID is forged, (yahoo.com) * 1.0 TWO_IPS_RCVD Received: Relay identifies itself as wrong IP * 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 2.5 FORGED_MUA_EUDORA Forged mail pretending to be from Eudora this is about the worst possible spam-score. pretty weak attempt. Title: Re: Just got this E-mail from OKPAY, I think it's phishing Post by: apetersson on April 14, 2012, 01:47:57 PM SpamAssasin
|