An
Email with the Subject "[Bulk?]URGENT: Verification of Recent Activities Required" was
received in one of Scamdex's honeypot email accounts on Sun, 01 Sep 2013 02:02:46 -0700
and has been classified as a Generic Scam Email.
The sender shows as "Chase Online" <smrfs@chaseonline.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
boxbanklog inverificationcontactaccountcustomerserviceprocessurgentcustomsecuresentonlineonline bank will security[bulk?]dearfs
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => mc_mxw@o7e.net
[delivery-date:] => Sun, 01 Sep 2013 02:02:46 -0700
[received:] => Array
(
[0] => from c2mds.mailcentro.com ([208.67.179.143]:53919)by lester.newsblaze.com with esmtp (Exim 4.80.1)(envelope-from )id 1VG3YT-0008F4-L3for mc_mxw@o7e.net; Sun, 01 Sep 2013 02:02:46 -0700
[1] => from mail.codejock.com (mail.codejock.com [64.9.201.6])by c2mds.mailcentro.com (8.13.8(MC-AXH/MJD-001)/8.13.8.axh-mjd) with ESMTP id r8192dVs001952for ; Sun, 1 Sep 2013 02:02:40 -0700
[2] => from ([216.229.51.113]) by mail.codejock.com (Welcome to Codejock Software - All Traffic is being logged) with ASMTP id 201309010424392740; Sun, 01 Sep 2013 04:24:39 -0400
)
[message-id:] => <201309010902.r8192dVs001952@c2mds.mailcentro.com>
[x-mc-sender:] => smrfs@chaseonline.com
[x-mc-ipaddr:] => mail.codejock.com [64.9.201.6]
[content-type:] => multipart/alternative; boundary="===============1903833619=="
[mime-version:] => 1.0
[subject:] => [Bulk?]URGENT: Verification of Recent Activities Required
[to:] => Recipients
[from:] => "Chase Online"
[date:] => Sun, 01 Sep 2013 08:24:54 +0000
[x-mc-filter:] => 7.6.9
[x-mc-filter-antivirus:] => Scanned for virus - Status 0
[x-mc-deliveryid:] => 130
[x-mc-ctfilter:] => CT RefID = str=0001.0A090208.522302B5.0049,ss=3,pt=R_F_19363275,fgs=0 - Class:Bulk - Virus Threat:Unknown - Phishing Threat:Low
[x-mc-filterskip:] => 0
[x-mc-spamscore:] => 40 T 49
[x-spam-status:] => No, score=1.0
[x-spam-score:] => 10
[x-spam-bar:] => +
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Dear Chase OnlineSM Customer: A message regarding -A Multiple Log On Attempt Into Your Online Banking Account - has been sent to your Secure Message Center. To see your message, click here to log on Chase.com and fill in the required details appropriately for -Verification-. Submit when done, you can see your message (s) at any time by visiting the Secure Message Center. [...] Content analysis details: (1.0 points, 4.5 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: bigfootinteractive.com] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
A message regarding "A Multiple Log On Attempt Into Your Online Banking
Account " has been sent to your Secure Message Center. To see your message,
click here to log on
Chase.com
and fill in the required details appropriately for "Verification". Submit when done, you can see
your message (s) at any time by visiting the Secure Message Center.
The message will be available in your Secure Message Center until as soon as
you complete this process.
Thank you for being a valued Chase customer.
Dear Chase OnlineSM Customer:
A message regarding "A Multiple Log On Attempt Into Your Online Banking
Account " has been sent to your Secure Message Center. To see your message,
click here to log on
Chase.com
and fill in the required details appropriately for "Verification". Submit when done, you can see
your message (s) at any time by visiting the Secure Message Center.
The message will be available in your Secure Message Center until as soon as
you complete this process.
Thank you for being a valued Chase customer.
ABOUT THIS MESSAGE
If you want to contact Chase, please do not
reply to this message, but instead go to
www.chase.com. For faster service,
please enroll or log in to your account.
Replies to this message will not be read or
responded to.
