An
Email with the Subject "[POSSIBLE SPAM] Bank of America Alert: Online Banking Passcode Reset" was
received in one of Scamdex's honeypot email accounts on Tue, 12 Apr 2011 06:48:43 -0700
and has been classified as a Generic Scam Email.
The sender shows as "Bank of America Alert" <onlinebanking@ealerts.bankofamerica.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
bankverificationcheckpromotionaccountcustomerservicecustomsecuresentonlinedeliverymailbank online bank spam] bank bank from bank your bank 2011 bank referencespamsecurity[possible spam]
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => paypal@o7e.net
[delivery-date:] => Tue, 12 Apr 2011 06:48:43 -0700
[received:] => Array
(
[0] => from mk-filter-3-a-1.mail.tiscali.co.uk ([212.74.100.54] helo=mk-filter-3-a-1.mail.uk.tiscali.com)by chester.loopbiz.com with esmtp (Exim 4.69)(envelope-from )id 1Q9dxR-0006yR-Nkfor paypal@o7e.net; Tue, 12 Apr 2011 06:48:43 -0700
[1] => from 80-46-78-29.static.dsl.as9105.com (HELO mail.hartlaw.co.uk) ([80.46.78.29]) by smtp.tiscali.co.uk with ESMTP; 12 Apr 2011 14:48:40 +0100
[2] => from ealerts.bankofamerica.com ([174.136.39.208]) by mail.hartlaw.co.uk with Microsoft SMTPSVC(6.0.3790.4675); Tue, 12 Apr 2011 14:49:00 +0100
)
[x-trace:] => 603382696/mk-filter-3.mail.uk.tiscali.com/B2C/$b2c-THROTTLED/b2c-CUSTOMER-STATIC-IP/80.46.78.29/None/onlinebanking@ealerts.bankofamerica.com
[x-sbrs:] => None
[x-remoteip:] => 80.46.78.29
[x-ip-mail-from:] => onlinebanking@ealerts.bankofamerica.com
[x-smtp-auth:] =>
[x-originating-country:] => GB/UNITED KINGDOM
[x-mua:] => Produced By Microsoft MimeOLE V6.00.3790.4721
[x-ip-bhb:] => Once
[x-ironport-anti-spam-filtered:] => true
[x-ironport-anti-spam-result:] => ApLRADxXpE1QLk4d/2dsb2JhbAAkAgEEA4IyhQuPGYFvDQKMOAIfgUchAk2eFAEBhj0BP4lQBIJ2gWMBhGQCAQaIeYFygQQbgl0EhVuLaROHDg
[subject:] => [POSSIBLE SPAM] Bank of America Alert: Online Banking Passcode Reset
[x-ip-spam-verdict:] => SUSPECTEDSPAM
[x-ironport-av:] => E=Sophos;i="4.64,195,1301871600"; d="scan'208,217";a="603382696"
[x-pmwin-version:] => 3.0.1.0
[from:] => "Bank of America Alert"
[to:] =>
[x-mimeole:] => Produced By Microsoft MimeOLE V6.00.3790.4721
[date:] => 12 Apr 2011 08:48:38 -0500
[message-id:] => <20110412084838.BF5583D3BC7F18E4@ealerts.bankofamerica.com>
[mime-version:] => 1.0
[content-type:] => text/html;charset="iso-8859-1"
[content-transfer-encoding:] => quoted-printable
[x-originalarrivaltime:] => 12 Apr 2011 13:49:01.0140 (UTC) FILETIME=[60F52140:01CBF918]
[x-spam-status:] => No, score=2.0
[x-spam-score:] => 20
[x-spam-bar:] => ++
[x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: To ensure delivery, add onlinebanking@ealerts.bankofamerica.comto your address book. Online Banking Alert Online Banking Passcode ResetSecurity Checkpoint: You last signed in to Online Banking on 07/04/2011. [...]Content analysis details: (2.0 points, 4.5 required)pts rule name description---- ---------------------- ---------------------------------------------------0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, lowtrust[212.74.100.54 listed in list.dnswl.org]2.4 TVD_PH_BODY_ACCOUNTS_PRE BODY: TVD_PH_BODY_ACCOUNTS_PRE-0.0 SPF_HELO_PASS SPF: HELO matches SPF record0.0 SPF_FAIL SPF: sender does not match SPF record (fail)[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=onlinebanking%40ealerts.bankofamerica.com;ip=212.74.100.54;r=chester.loopbiz.com]0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%[score: 0.0000]0.0 HTML_MESSAGE BODY: HTML included in message0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts0.8 HTML_TAG_BALANCE_HEAD BODY: HTML has unbalanced "head" tags0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars0.0 T_REMOTE_IMAGE Message contains an external image
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
To ensure delivery, add onlinebanking@ealerts.bankofamerica.com to your address book.
Online Banking Alert
Online Banking Passcode Reset
Security Checkpoint:
You last signed in to Online Banking on 07/04/2011.
Remember: Always look for your SiteKey® before entering your Passcode.
To: Bank of America Customer
Account: PERSONAL CHECKING/SAVINGS ACCOUNT
Date: 07/04/2011
Your Online Banking Passcode was reset on 07/04/2011.
Your security is important to us. If you are unaware of this change, click here to use the Secure Messaging feature.
This Alert relates to your Online Banking profile, rather than a particular account. The account listed here is for verification purposes only.
Want to confirm this email is from Bank of America? Sign in to Online Banking and go to Alerts. The Alerts History lists the Alerts sent to you in the past 60 days.
Like to get more Alerts? Sign in to your Online Banking account at Bank of America and within the Accounts Overview page select the Alerts tab.
Security Checkpoint: This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America. Remember to look for your SiteKey every time you sign in to Online Banking.
Email Preferences
This is a service email from Bank of America. Please note that you may receive service email in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
