An
Email with the Subject "Online Banking - 3rd attempt failed !" was
received in one of Scamdex's honeypot email accounts on Sun, 21 Oct 2012 00:33:43 -0700
and has been classified as a Generic Scam Email.
The sender shows as Westpac <security@onlineupdate.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
bankloginsuspendendedcheckswinsafeaccountcustomercustomchecksentonlinemailonline bankreference will security(895-461238)dearhttps://online.westpac.co...fs
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => js_submissions@scamdex.com
[delivery-date:] => Sun, 21 Oct 2012 00:33:43 -0700
[received:] => Array
(
[0] => from mail1.skola.hallsberg.se ([193.44.212.114]:4739 helo=AS_GWISE_01.skola.hallsberg.se)by lester.newsblaze.com with esmtp (Exim 4.80)(envelope-from )id 1TPq2Y-0001BF-EMfor js_submissions@scamdex.com; Sun, 21 Oct 2012 00:33:43 -0700
[1] => from onlineupdate.com (0116300745.0.fullrate.dk [95.166.14.3])by AS_GWISE_01.skola.hallsberg.se with ESMTP; Wed, 17 Oct 2012 03:53:37 +0200
)
[from:] => Westpac
[to:] => js_submissions@scamdex.com
[subject:] => Online Banking - 3rd attempt failed !
[date:] => 17 Oct 2012 03:53:28 +0200
[message-id:] => <20121017035328.BC7B26B8F1290922@onlineupdate.com>
[mime-version:] => 1.0
[content-type:] => text/html;charset="iso-8859-1"
[content-transfer-encoding:] => quoted-printable
[x-spam-subject:] => ***SPAM*** Online Banking - 3rd attempt failed !
[x-spam-status:] => Yes, score=4.6
[x-spam-score:] => 46
[x-spam-bar:] => ++++
[x-spam-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Dear Westpac Customer, Within Westpac latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account. For your safety, Westpac set your account status to limited. For your account status to get back to normal, you will have to Sign in correctly at: https://online.westpac.com.au/esis/Login/SrvPage?session={5uOr40Ld3Ckw-013dk-2D46D4190} [...] Content analysis details: (4.6 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [193.44.212.114 listed in bb.barracudacentral.org] 1.1 TRACKER_ID BODY: Incorporates a tracking ID number 0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.0 T_REMOTE_IMAGE Message contains an external image
[x-spam-flag:] => YES
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Within Westpac latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account.
For your safety, Westpac set your account status to limited. For your account status to get back to normal, you will have
to Sign in correctly at: https://online.westpac.com.au/esis/Login/SrvPage?session={5uOr40Ld3Ckw-013dk-2D46D4190}
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from:
*.*.4.218.lsw.ru
Invalid login from:
*.*.24.144
Invalid login from:
*.*.41.rr.com
CONFIRMATION CODE:
2TuXK0AqZq8ML3fIu3v4nx83
This message is mandatory, if you do not complete it in less then 24 hours, your account may get suspended.
