Password phishing emails originating from West Africa

[Igulinka]

Online Wells Fargo <nfo@saengvivat.com> wrote:


Dear Customer

We sincerely apologies for the inconvenience, we are having a general system failure and we advice every customer to update their account information for security reasons,So please browse through the link below to update your account with us.

saengvivat.com/Important2015/online.wellsfargo.com/online.wellsfargo.com/online.wellsfargo.com/authenticating/das/session.cgi/-sessargs=mZsth/updatetoday DO NOT CLICK!!!!


Thank you for banking with Wells Fargo.

X-Originating-IP: [192.185.12.247]

Yours sincerely

[Igulinka]

Chase Admin <admin@saengvivat.com> wrote:


Dear Customer

We sincerely apologies for the inconvenience, we are having a general system failure and we advice every customer to update their account information for security reasons,So please browse through the link below to update your account with us.

saengvivat.com/Mdk-update/chaseonlinebanking/Chase/Fullz DO NOT CLICK!!!

Thank you for banking with Chase Bank.

Yours sincerely

X-Originating-IP: [192.185.12.247]

[FrumpyBB]

VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE

You are advised to verify and re-confirm your Yahoo account to enable us upgrade your account. Any Yahoo member who fails to respond or upgrade his or her account will automatically loose the Yahoo account. Response to this urgent mail would enable us upgrade our data system for your security.

TO VERIFY THAT YOUR ACCOUNT IS VALID AND ACTIVE, SIMPLY CLICK ON THE LINK BELOW.


CLICK HERE TO VERIFY YOUR ACCOUNT NOW


Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You MUST verify your email address before you can use Yahoo on services that require an email address.

For your security, please keep your email address information up-to-date. If this information changes, you can always update it by signing to your Yahoo! account and changing it from the "My Account" option.

If you can't click the sign in button, you can verify your email address by clicking on the hyperlink below

upgrade1.altervista.org/login/access/

Warning!!! Any account owner that refuses to update his or her account before three days of receiving this warning will lose his or her account permanently.

Thank you for using Yahoo.


Return-Path: <compaingua@gmail.com>
Received: from 197.255.165.142 ([154.118.6.14])
From: "Yahoo! Mail" <compaingua@gmail.com>
X-Google-Original-From: "Yahoo! Mail" <mtv.adim@login.com>
Return-Path: mtv.adim@login.com
Reply-To: mtv.adim@login.com
Subject: Your Yahoo! Account Information

IP: 197.255.165.142
ISP: Dynamically Allocated to WIMAX Customers
Organization: Spectranet
Country: Nigeria
City: Lagos

[Igulinka]

VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE

You are advised to verify and re-confirm your Yahoo account to enable us upgrade your account. Any Yahoo member who fails to respond or upgrade his or her account will automatically loose the Yahoo account. Response to this urgent mail would enable us upgrade our data system for your security.

TO VERIFY THAT YOUR ACCOUNT IS VALID AND ACTIVE, SIMPLY CLICK ON THE LINK BELOW.


CLICK HERE TO VERIFY YOUR ACCOUNT NOW

Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You MUST verify your email address before you can use Yahoo on services that require an email address.

For your security, please keep your email address information up-to-date. If this information changes, you can always update it by signing to your Yahoo! account and changing it from the "My Account" option.

If you can't click the sign in button, you can verify your email address by clicking on the hyperlink below


upgrade1.altervista.org/login/access/ DO NOT CLICK!!!


Warning!!! Any account owner that refuses to update his or her account before three days of receiving this warning will lose his or her account permanently.

Thank you for using Yahoo.

[FrumpyBB]

Stanbic IBTC User Austhentication (Trusteer)
Stanbic IBTC Bank

Dear valued customer
Stanbic IBTC eLectronic Notification Service

Stanbic IBTC Online banking is now reloaded with more exciting features to make your banking better, faster, and smarter.

To help us serve you better and prevent service interruption,

kindly register your details on our new online platform from the below url:


ibanking.stanbicibtcbank.com/corp/BANKAWAY?Action.RetUser.Init.001

Regards
StanbicIBTC Bank

For any queries please call
0700 CALL STANBIC
(0817 7588 878) or
+234 1 2709690

Our lines are open 24 hours

Alternatively please
Email customercarenigeria@stanbicibtc.com or
Fax: +234 1 2709690.


X-Originating-IP: [100.42.63.243]
Subject: Stanbic IBTC User Austhentication (Trusteer)
From: Stanbic IBTC Bank <plumbloco@hotmail.co.uk>

[coolbreeze1975]

Important Message from USAA Online Banking
email addy = USAA usaa@usaa.com

IP NOT IN RS DB - I will post to MF

IP: 69.252.207.38
ISP: Comcast Cable
Country: United States

header =

Return-Path: <usaa@usaa.com>
Received: from resqmta-ch2-06v.sys.comcast.net (resqmta-ch2-06v.sys.comcast.net [69.252.207.38])

email

Dear USAA Customer,
During our usual security enhancement protocol, we observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account for security reasons, we have temporarily suspend your account and your access to online banking and will be restricted if you fail to update.



Confirm your account information to Unlock your account and your online access. Sign in to Online Banking



Thank you,
USAA

[FrumpyBB]

Stanbic IBTC Transaction Notification
Stanbic IBTC Bank

Dear valued customer
Stanbic IBTC eLectronic Notification Service
We wish to inform you that a transaction occurred on your account with us.

The details of this transaction are shown below:

The beneficiary with details below was successfully added to your Internet Banking profile.

Beneficiary Name : OKAFOR PETER O
Beneficiary Account : 4871099491
Beneficiary Bank : UNION BANK

If did not add the beneficiary kindly follow the below link to suspend/de-active unauthorize access on your account

ibanking.stanbicibtcbank.com/corp/BANKAWAY?Action.RetUser.Init.001

Regards
StanbicIBTC Bank

Banner

For any queries please call
0700 CALL STANBIC
(0817 7588 878) or
+234 1 2709690

Our lines are open 24 hours

Alternatively please
Email customercarenigeria@stanbicibtc.com or
Fax: +234 1 2709690.


X-Originating-IP: [100.42.63.243]
Received: from verificatnupdati by great816.hostpapavps.com with local (Exim 4.85)
Subject: Stanbic IBTC Transaction Notification
From: Stanbic IBTC Bank <sulema@netvision.net>

[FrumpyBB]

Email Alert Notification
Yahoo Account Update

Dear E-mail Client,
You have exhausted the 5GB Bandwidth of your email account and for this reason some of your incoming mails with files and documents above 50KB have been filtered and placed pending.

Your e-mail account's Bandwidth has been upgraded to 10GB to enable us serve you better. Kindly Click on the below link to complete the upgrade on your account in order to receive your pending mails and enjoy better quality and efficient service delivery.

Follow this link to complete the process: CLICK HERE

Once the information provided matches the records on our database, your account will function normal again.

Sincerely,

Mail Service Team.
****************************************************************************************** *****************************************************************************************
Disclaimer:
The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.If you are not the intended recipient of this message any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited and your are requested to notify the sender & delete this message from your system. Any unauthorized use or dissemination of this message in whole or
in part is strictly forbidden.

Return-Path: <bitrusmark@gmail.com>
X-Originating-IP: [74.125.82.68]
Reply-To: mail@service.com
Subject: Email Alert Notification
From: Yahoo Account Update <bitrusmark@gmail.com>
To: undisclosed-recipients:;

[FrumpyBB]

Dear Customer,

This is a confirmation that the password for your AccessOnline account has just been changed,

If you didn't request or make this password change, Kindly follow the the Secured link ibank.accessbankplc.com/RetailBank/ for security purpose.

If you made this password change kindly follow this link to review your account informations ibank.accessbankplc.com/RetailBank/


Thank you for banking with us.

Terms & Conditions | Do Not Call Registry | Disclaimer | Multilingual Disclaimer | Code of Commitment |
Group Code of Business Conduct and Ethics | Use of Unparliamentary Language by Customers | Privacy | USA Patriot Act Certification


Received: from 127.0.0.1 (EHLO great816.hostpapavps.com) (100.42.63.243)
Received: from verificatnupdati by great816.hostpapavps.com with local (Exim 4.85)

Subject: Password Change Alert
From: Access Bank Plc <ekishili@kcco.net>
Reply-To:
X-AntiAbuse: Sender Address Domain - great816.hostpapavps.com
X-Get-Message-Sender-Via: great816.hostpapavps.com: authenticated_id: verificatnupdati/only user confirmed/virtual account not confirmed

[FrumpyBB]

Dear Valued Customer,

You have logged into your FirstOnline account on Sunday, April 5, 2015 at 12:29 PM

If this login is not you, please follow any of the links below for adequate security measure

Click Below Link To Start

ibank.firstbanknigeria. com/FBN/Login/alert/security/verification/individual For Individual Users

OR

1stbanknigeria-online.com/corp/BANKAWAY?/Login/security/alerts/verification/corparate For Corporate Users

Thank you for banking with FirstBank.

Signed,
First Bank Nigeria Limited.

Observe security policies, do not reveal your online banking password(s), token generated number(s) and email passwords to anyone; FirstBank will never ask for these.
To sign up for your free e-statement, if in doubt of any email you receive, and for all other enquiries on FirstBank products and services, please call 0700FIRSTCONTACT (0700-34778-2668228), 01-4485500, 0708-062-5000, SMS Short Code 30012 or email firstcontact@firstbanknigeria.com . FirstBank is ISO 27001 and ISO 22301 certified. ****************************************************************************** This e-mail and the attachments transmitted with it are confidential and intended solely for the use of the addressee. If you have received this e-mail in error, kindly notify the sender. If you are not the addressee, you should not disseminate, distribute or copy this e-mail. Any views or opinions expressed in this e-mail or attachments are solely those of the sender and may not necessarily represent the views and opinions of First Bank Of Nigeria Ltd. This e-mail may however contain information which is protected by legal, professional or other privileges. The contents of this e-mail and its attachments have been scanned for all viruses and all reasonable precautions have been taken to ensure that no viruses are present. You should however carry out your own virus checks before opening this e-mail or its attachments as First Bank Of Nigeria Ltd cannot accept responsibility for any loss or damage arising from the use of this e-mail or its attachments. **********


Received: from 127.0.0.1 (EHLO great816.hostpapavps.com) (100.42.63.243)
Received: from verificatnupdati by great816.hostpapavps.com with local (Exim 4.85)
Subject: Login Alert
From: firstonline <venpres@venpres.net>
Reply-To:
X-Get-Message-Sender-Via: great816.hostpapavps.com: authenticated_id: verificatnupdati/only user confirmed/virtual account not confirmed

[FrumpyBB]

From: Robert Harmon <harmonlaw@yahoo.com>
Reply-To: Robert Harmon <harmonlaw@yahoo.com>


Please see the attached.


Robert Harmon Esq.
1732 1st Ave, #27234
New York, NY 10128
1-914-265-2120

Pursuant to Treasury Regulations, any U.S. federal tax advice contained in this communication, unless otherwise stated, is not intended and cannot be used for the purpose of avoiding tax-related penalties. The information contained in this E-mail message is privileged, confidential, and may be protected from disclosure; please be aware that any other use, printing, copying, disclosure or dissemination of this communication may be subject to legal restriction or sanction. If you think that you have received this E-mail message in error, please reply to the sender. This E-mail message and any attachments have been scanned for viruses and are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened. However, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Robert B. Harmon Esq. for any loss or damage arising in any way from its use.


Attached pdf NOT opened.

:::::::::::::::::::::::

=> Skype: Robert Harmon, harmonlaw1


IP: 107.191.32.203
Hostname: 107.191.32.203.choopa.net
ISP: Choopa, LLC

proxy, been used in scams before

[FrumpyBB]

Return-Path: <parcener@berjayavn.com>
Received: from scotlandtravelpuertomadero.com (cpc69684-irvi1-2-0-cust393.14-1.cable.virginm.net [86.7.5.138])
Message-ID: <4w7okc9pti516@berjayavn.com>

From: "Jennie Muraoka" <parcener@berjayavn.com>
X-Mailer: Fantasizer v5.20

Subject: Your account #726198735654 has been banned


Your account #726198735654 was banned for violation of our TOS.
Please see attached.

---
Jennie Muraoka
New Tec Recreation Inc
7716 Hwy 89 W,=20

CANADA
705-412-7483

[FrumpyBB]

Return-Path: <diacidic@imsm.com>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
Received: from bilbaoasesores.com (79.109.114.155.dyn.user.ono.com [79.109.114.155])
From: "Rick Widdoes" <diacidic@imsm.com>
X-Mailer: Winepress v3.98
Subject: Copy from +07811185721
Size:
28 KB

MMS: +07811185721
Size: 19525
ID: HEB.547648CFD.1285
Filename: HEB.547648CFD.1285.cab

--
Rick Widdoes

[FrumpyBB]

Subject: Yahoo Security Upgrade!
From: E-mail Team <revedet29738@gmail.com>
To: undisclosed-recipients:;



Dear E-mail User,

We detected suspicious activity on your Yahoo account which is sending viruses to our server system due to the file you recently downloaded.

You're required to verify your account to keep sending and receiving mails, if not your email will be blocked in few hours.

Please visit this link to keep your account safe.

Thanks for taking these additional steps to keep your account safe.

Yahoo


Replies sent to this email cannot be answered.

[FrumpyBB]

BVN

Dear valued customer,

We have upgraded our system to serve you better.

In order to keep our service secured we kindly plead that you update all your records with us correctly

or your online account access will be suspended within 24hrs
You would have to apply for the upgrade on your account on our website:

Login here and follow the procedure :

ibank.accessbankplc.com/RetailBank/

We strongly advise you take part in this update by login through our website as given above.

Thank you for your continued patronage.

Access Bank Plc.

sdss
dd
For enquiries / clarification, please contact our 24/7 interactive Contact Center - Accessonline on:
dd
dd dd +2349028666333, 2927000, 4647000, 0700ACCESSBANK
dd dd
dd dd

From Access Bank Plc
Return-Path: <highhostcontrol@server217.live-servers.net>
Received: from 127.0.0.1 (EHLO server217.live-servers.net) (217.174.254.22)
Received: from highhostcontrol by server217.live-servers.net with local (Exim 4.85)
Subject: Compulsory Security Upgrade
From: Access Bank Plc <chrisim@cantv.net>
Reply-To: