An
Email with the Subject "Dear email user," was
received in one of Scamdex's honeypot email accounts on Tue, 11 Jun 2013 22:53:02 -0700
and has been classified as a Advance Fee Fraud/419 Scam Email.
The sender shows as Webmaster <c2nguyenhue.hagiang@moet.edu.vn>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
loginaccountmailyenuserwebmail will dearcooperationhttp://webmail7updateteam...
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => info@stoptot.com
[delivery-date:] => Tue, 11 Jun 2013 22:53:03 -0700
[received:] => Array
(
[0] => from mail-ea0-f181.google.com ([209.85.215.181]:41932)by lester.newsblaze.com with esmtps (TLSv1:RC4-SHA:128)(Exim 4.80)(envelope-from )id 1UmdzR-000471-Cjfor info@stoptot.com; Tue, 11 Jun 2013 22:53:02 -0700
[1] => by mail-ea0-f181.google.com with SMTP id a15so4306527eae.12 for ; Tue, 11 Jun 2013 22:52:59 -0700 (PDT)
[2] => by 10.15.91.78 with HTTP; Tue, 11 Jun 2013 22:52:59 -0700 (PDT)
)
[x-google-dkim-signature:] => v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=0DXnq1tJI7i28mYOtkBM6jNrJwFEygovUBN7W4a01+w=; b=mqyT7uk2B7CYOUrCrikDKW+QzALKF4KjGdlPkOaxVQkIReEY5OUv9jTcCCEmSWI3Gm ue1f5ErOhFSL27ag9v3WSf7pBRS0YZH7Rok93WMYqNPXfk29O/q9/pZmYbUnDFrJIg43 qX5iZUpYMLeccPBZwIlV8QBebsAJkk4G82UYfiwgbmz53c4xFpIkj3tAOCYUaXXJbwZs fQz8svpRIgMRPLFUjl7HN68WKF7WPwY6Au3JgdNxsEsr14LiGGc39kMMQs2y5LbT6FKj jjDzoiOG8GA02bptlnPMfNrmfK6CJtel30FVEoocyRGjtHAiuqbHxwcJ9JRqQCGY3FPY lc3Q==
[mime-version:] => 1.0
[x-received:] => by 10.14.47.196 with SMTP id t44mr7727042eeb.18.1371016379447;Tue, 11 Jun 2013 22:52:59 -0700 (PDT)
[date:] => Wed, 12 Jun 2013 06:52:59 +0100
[message-id:] =>
[subject:] => Dear email user,
[from:] => Webmaster
[to:] => undisclosed-recipients:;
[content-type:] => multipart/alternative; boundary=001a1133d77e47695904deeea0ec
[bcc:] => info@stoptot.com
[x-gm-message-state:] => ALoCoQlgS/rVVRtPouxa9qm6uk08g1ZH1NaZbXm+dmQxRG6QUagROKo0/OF0nZTVOhn05RNlRGMB
[x-spam-status:] => No, score=3.4
[x-spam-score:] => 34
[x-spam-bar:] => +++
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Dear email user, Please note that your email account has exceeded storage capacity. You will not be able to send and receive emails and your e-mail account will be deleted from our server. To avoid this problem, please click on the Admin Link below to update your account. [...] Content analysis details: (3.4 points, 5.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: webmail7updateteamlogin.jimdo.com] 0.0 HTML_MESSAGE BODY: HTML included in message 3.4 EMAIL_URI_PHISH Email account phishing using web form
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
storage capacity. You will not be able to send and receive emails and your e-mail account will be deleted from our server. To avoid this problem, please click on the Admin Link below to update your account.
Dear email user,Please note that your email account has exceededstorage capacity. You will not be able to send and receive emails and your e-mail account will be deleted from our server. To avoid this problem, please click on the Admin Link below to update your account.
http://webmail7updateteamlogin.jimdo.com Thank you for your cooperation,Management Team.
