Sunday 8 February 2009

A Phishing Mail From London

The new phishing spam

I received the following phishing attempt in mail today morning. It was too funny that I could not help posting it here.

Was looking for Nigerian origins, but strangely, looks like from China / Taiwan. I have added a wee bit of markup since this looks strange in blogspot's rendering.

From metropol.investigation ( at )gmail.com Sat Feb 07 23:52:42 2009
Return-path:
Envelope-to: paivakil ( at )localhost
Delivery-date: Sat, 07 Feb 2009 23:52:42 +0530
Received: from localhost ([127.0.0.1] helo=home.amd)
by home.amd with esmtp (Exim 4.69)
(envelope-from )
id 1LVrp8-0001YW-NB
for paivakil ( at )localhost; Sat, 07 Feb 2009 23:52:40 +0530
X-Apparently-To: paivakil ( at )yahoo.co.in via 203.84.221.15; Sat, 07 Feb 2009 21:46:22 +0530
X-YahooFilteredBulk: 61.219.218.115
X-YMailISG: 7KQ9HBAWLDu6R1F4irIwJm5qIQiIU6P6S2AX31Uv9G2bYZVffjR.c9lIhvyLmVKqwPpLYa0fp.mK8UxJiekEjJuiSh7IT.JMzwGjYos0gjwf1.5tK3HgWcTvaeJdvGgjwKO0bIC8qLIyDXY3rC8SBzT7wNaEB1BvJEzAf2nO3CwLxbRxuQBYlJzn3gvWbfzsKUcTlXipAHULWETGLGe_yNo5IxtXwMVkguKUPCDgNx9q
X-Originating-IP: [61.219.218.115]
Authentication-Results: mta107.mail.in.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from pop.plus.mail.fy4.b.yahoo.com [206.190.53.11]
by home.amd with POP3 (fetchmail-6.3.9-rc2)
for (single-drop); Sat, 07 Feb 2009 23:52:38 +0530 (IST)
Received: from 61.219.218.115 (EHLO changsing.com.tw) (61.219.218.115)
by mta107.mail.in.yahoo.com with SMTP; Sat, 07 Feb 2009 21:46:21 +0530
Received: by changsing.com.tw (Postfix, from userid 401)
id 52057701FF; Sun, 8 Feb 2009 00:16:18 +0800 (CST)
Received: from User (unknown [218.57.11.112])
by changsing.com.tw (Postfix) with ESMTP
id 0CA8A701FC; Sun, 8 Feb 2009 00:14:29 +0800 (CST)
Reply-To:
From: "Metropolitan Police Service"
Subject: Your payment overview
Date: Sat, 7 Feb 2009 17:16:00 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090207161429.0CA8A701FC ( at )changsing.com.tw>
To: undisclosed-recipients: ;
X-Virus-Status: No (Scaned by Clam Antivirus)
Status: RO
Content-Length: 2766
Lines: 41
LONDON METROPOLITAN POLICE SERVICE.
ANTI-MONEY LAUNDERING UNIT
Wellington House 67-73 Buckingham Gate
London SW1E 6BE
Attention: Beneficiary,
Dated: 7th/FEB/2009
RE: AN IN-DEPT INVESTIGATION INTO YOUR DELAYED PAYMENT
We wish to inform you that it has come to our notice through our online security service that a huge amount of United States Dollars was scheduled to be remitted into your bank account a few months ago.
According to the report we received from the paying bank here in London, it states expressly that you have been dealing with the wrong people who have used several fake documents to obtain money from you for payment of charges/fees which we consider to be obnoxious.
We have been mandated to step into your transaction and put a STOP ORDER pending until you revert to us for clarification why your money is been delayed more than is necessary. You are hereby advised to stop further communications with your partners in Africa and Europe and co-operate with us to assist you get your payment in record time.
The government of the United Kingdom will not hesitate to bring you to book if you ignore this notice as your payment is causing so much embarrassment to our government and global financial Institutions who repose so much trust in the British banking sector for competence and accountability.
We have resolved with the internal Minister that your money should be paid to you through an Interswitch ATM Card (Automatic Teller Machine) You will only be allowed to withdraw $50,000 per day. The ATM will be loaded with $10,000,000.00 (Ten Million United States Dollars Only. This is inline with the international monetary regulations that not more than $10M should be loaded in an ATM Card. The PIN (Personal Identification Number) would be sent to you alone to your private email box for security reasons.
In view of the foregoing, you are expected to send us your mailing address where you wish the ATM card to me mailed to you by a UK Courier Company. You must also send us proof of ownership of the said fund before we can be able to process your ATM Card. This is for security reasons as there are many fraudsters on the internet.
We look forward to hearing from you at your earliest convenience.
My direct telephone number is:+44 70457 17275
Direct fax:+44 8709 743597 We are glad to be of services to you.
Yours faithfully,
Inspector Donald Boldman
Metropolitan Police Service
London, England.
CC: British Home Office Logistics Department
CC: United States Financial Action Task Force (FATF)

I am sure that the apammers are going to pick up this post, and goung to send out more mails apparently originating from paivakil.