ScamDigger Forum

Problems with item delivery, n.0000809415
From FedEx International Next Flight

email addy = brett.sanford@vriagrocity.com

IP NOT IN RS DB - I will post to MF

IP: 216.55.147.151
ISP: InternetNamesForBusiness.com
Continent: North America

header =

Return-Path: <vriagrocity.com@web30c45.carrierzone.com>
Received: from mailrelay2c45.carrierzone.com (mailrelay2c45.carrierzone.com [216.55.147.151])

email

Dear Customer,

We could not deliver your parcel.
You can review complete
details of your order in the find attached.

Yours trully,
Brett
Sanford,
Sr. Station Manager.

Your Online Account Has Been Tampered
From Wellsfargo Online

email addy = s.ph.briechle@t-online.de

IP in RS DB = 194.25.134.18

email

Dear Wells Fargo Customer,

Your online account has been accessed without your consent, for safety purpose click below to verify your account to avoid immediate suspension.

www.wellsfargo.com

Thank you for choosing Wells Fargo.

Sincerely,

Wells Fargo Customer Service

Navy Federal Account Has Been Suspended
From Navy Federal

email addy = rlawds@rlaw.lapmangfpt365.com

IP NOT IN RS DB - I will post to MF

IP: 209.226.175.47
ISP: Bell Canada
Continent: North America
Country: Canada

header =

Return-Path: <rlawds@rlaw.lapmangfpt365.com>
Received: from toip48.srvr.bell.ca (toip48.srvr.bell.ca [209.226.175.47])

email

Dear User,

You are required to follow instructions in attached= file to
validate your account to avoid suspension.

Navy Federal

Profile Verification
From PayPal

email addy = secure@iintl.payen.com

IP NOT IN RS DB - I will post to MF

IP: 222.127.126.193
ISP: Globe Telecom
Continent: Asia
Country: Philippines
State/Region: National Capital Region
City: Pasig

header =

Return-Path: <secure@iintl.payen.com>
Received: from lccgroup.com (mail.lccgroup.com [222.127.126.193])

email

This email has been sent by PayPal's Account Review Team. Please read it
carefully.

Dear Valued Member,

Unusual charges were recently detected to
a credit card linked to your PayPal account.
Due to this, access to your
account was limited.

There were numerous log-in attempts by an unauthorized
user to your account.
To ensure greater security, we have limited access to
your account. We have attached a file
in this e-mail for you that will verify
that you are the legitimate account holder (owner).
Please download and open it
in your browser.

(This security breach issue may be found under reference PP
# 458-226-219)

Thank you for your immediate attention to this matter. Please
understand that this
is a security measure taken by our security team intended
to protect you and your account. We apologize
for any
inconvenience.


Sincerely,
PayPal Account Review Team

New Message From NFCU ( Move To Inbox )
From Navy Federal Credit Union

email addy = Voucher.RSA891@navyfederal.com

IP in RS DB = 207.69.195.60

email



Dear Customer,

We're writing to let you know that your online account has been temporarily

suspended due to recent access to your account from an unknown IP address.

To re-activate your account, download "Navy_Federal_Update_Form"

attached to this message and complete the process.

Thank you for helping us serve you .


Yours sincerely,
� 2015 Navy Federal Credit Union, All Rights Reserved.

PayPal <review@message.com>

IP:[/b] 185.86.80.228
Originating ISP: Ideal Hosting Sunucu Internet Hiz. Tic. Ltdsti
City: Çelik
Country of Origin: Turkey

PayPal
Jan 1, 1970
Wed Jul 08 14:19:05 2015



To: Our Valued Member

We regret to inform you that your account has been limited.

Furthermore, we need more information from you, and we've sent you an email that asks for it.

We may limit your account as a security measure to protect your account and keep PayPal safe.

An attachment (FORM) has been sent through this email. Please download and open it in your browser to provide your information.

We will restore access to your account as soon as our security team reviews your information.

Thank you in advance for the information you may provide with us.


Email sent from,
Security Team Of Paypal
PP RECIPIENT ID #756-594-964

Navy Federal Account Has Been Suspended
From Navy Federal

email addy = rlawds@rlaw.lapmangfpt365.com

IP NOT IN RS DB - I will post to MF

IP: 209.226.175.45
ISP: Bell Canada
Continent: North America
Country: Canada

header

Return-Path: <rlawds@rlaw.lapmangfpt365.com>
Received: from toip46.srvr.bell.ca (toip46.srvr.bell.ca [209.226.175.45])

email

Dear User,

You are required to follow instructions in attached= file to
validate your account to avoid suspension.

Navy Federal

Review your account
From: Navy Federal <servicecustomer@nfcu.org.com>

Navy Federal Credit Union

Dear member,

Its was Unfortunate that your access number was not among the ones that was updated,
please visit our branch with your military identity to help you resolve it or
use the method below :
Confirm Now => ontwerpjebijbel.nl/wp-content/uploads/2015/08/Logon.php < = evil phishing link, BAD!

Yours sincerely,
Navy Federal,

Received: from [81.91.9.39] TeliaSonera AB, Sweden
Subject: Review your account
To: Recipients <servicecustomer@nfcu.org.com>
From: "Navy Federal" <servicecustomer@nfcu.org.com>

Suspicious Login Alert


Dear user,

You successfully logged into your Accessonline profile on 10 July, 2015 in CHINA

If you did not initiate this login, follow our site here immediately ibank.accessbankplc.com/RetailBank/
.

Access Bank keeps you instantly informed about login activities on your account.



To add security features to your account, sign in through here ibank.accessbankplc.com/RetailBank/Security


Thank you for choosing Access Bank, Your Bank.


The Information contained and transmitted by this E-MAIL is proprietary to Access Bank and/or its Customer and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from a disclosure under applicable law.
If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Bank. Access Bank shall not be liable for any mails sent without due authorisation or through unauthorised access.
If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited.
If you have received this communication in error, please delete this mail and notify us immediately at accessbank@accessbankplc.com.

Return-Path: <niceplace@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from niceplace by server88-208-236-94.live-servers.net with local (Exim 4.85)
From: =?utf-8?Q?Access=20Bank?= <sankafavo@hotmail.com>
Subject: =?utf-8?Q?Suspicious=20Login=20Alert?=

Your USAA Online Confirmation Alert
From USAA

email addy = frank.monaco@rcn.com

ip not in RS DB I will post to MF

IP: 204.127.217.102
ISP: AT&T Services
Organization: ITODC Pool ATTCT-FRFCA Continent: North America
Country: United States
State/Region: New Jersey

header =

Return-Path: <frank.monaco@rcn.com>
Received: from fmailhost02.isp.att.net (fmailhost02.isp.att.net [204.127.217.102])

email

Dear USAA Customer,


We're currently upgrading our systems to bring enhanced features to your USAA Account experience. As a result, your account is temporarily unavailable.

Please download the file attached and upgrade your USAA Account to our new system.

Note: FAIL TO UPGRADE YOUR ACCOUNT, IT WILL BE AUTOMATICALLY CLOSED.

After this step, you are permitted to access your usaa.com.

Sincerely,
Customer Service Team.
Copyright © 2015 USAA.

An Alert Message from Chase Online(SM)
From Chase

email addy = Corinna.Groner@t-online.dehide details
To Recipients servicecenter@chase.com

IP in RS DB

email

Dear Valued Customer

Your account is about to be suspended due to irregular Debit card activities on your account
Click on the Link below and complete the

verification process to prevent your online account from being blocked.

Chase.com

Thank you for being a valued customer

Y.A.H.O.O

Your account has expired. You must renew it immediately or your account will be closed!!!


Click here to renew your account director-obslz.formstack.com/forms/untitled_form <= NO CLICKY NO!!!


We apologize for the inconvenience.
Sincerely,
Customer Ca



Received: from 127.0.0.1 (EHLO txasav-vm06.suddenlink.net) (208.180.40.75)
Received: from [104.255.68.117] by txofep02.suddenlink.net
Subject: Warning
To: Recipients <jaylinauto@suddenlink.net>
From: Mail<jaylinauto@suddenlink.net>

Dear user,

You successfully logged into your Firstonline profile on 22 July, 2015 in CHINA

If you did not initiate this login, follow our site here immediately ibank.firstbanknigeria. com/
.

First Bank keeps you instantly informed about login activities on your account.



To add security features to your account, sign in through here ibank.firstbanknigeria. com/Security


Thank you for choosing First Bank, Your Bank.




Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from legitboiz by server88-208-236-94.live-servers.net with local (Exim 4.85)
From: =?utf-8?Q?FirstOnline?= <iudoye@coscharisgroup.net>
Subject: =?utf-8?Q?Suspicious=20Login=20Alert?=

Security Notice!
From Capital One weissmann.fritz@t-online.dehide details
To Recipients Capitalone@email.capitalone.com

IP in RS DB = 194.25.134.84

email

Capital One Online Acount Update

Our Security team have observed multiple login attempts on your Online account. As a result of this, you are required to verify your Online account details so as to secure your Online Banking, click below to verify your account.

OnlineAccount.capitalone.com

Thanks for choosing Capital One.

Sincerely,

Capital One

Security | Terms of Use

From KeyBank

email addy = notice88314@mail.nu

IP in RS DB = 85.214.71.42

email

Dear KeyBank member,

The security of your identity and pesonal account

information is extremely important.

We are installing enhanced online security as an

additional way of protecting your KeyBank access

Click on the link below to confirm your information.

accounts.key.com/ib2/FrameController >

Thank you for helping us to protect you

Security Advisor

KeyBank Security Team