@isenaecher
das hört sich aber nach einer pishing-mail wie in nicht nach €urocollect an.
Druckbare Version
@isenaecher
das hört sich aber nach einer pishing-mail wie in nicht nach €urocollect an.
Möglich wärs.
Ist auf jeden Fall wesentlich professioneller aufgemacht, als die "Mahnungen" die bis jetzt bei mir aufgeschlagen sind.
Im Falle diesen Falles Mods bitte tackern.
Modedit:
[x] getackert
Ist Malware:
header:Im Anhang eine Payment Confirmation.zip01: Received: from mail.bwbilisim.com (server-178.211.54.211.as42926.net02: [178.211.54.211])03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))04: (No client certificate requested)05: by x (Postfix) with ESMTPS ID: [ID filtered]06: for <x>; Tue, 14 May 2019 xx:xx:xx +0200 (CEST)07: Received: from ([154.124.24.90]) by bwbilisim.com with MailEnable WebMail; Tue,08: 14 May 2019 xx:xx:xx +0300
header:01: Received: from gmail.com (unknown [185.222.57.85])02: by x (Postfix) with ESMTP ID: [ID filtered]03: for <x>; Thu, 13 Jun 2019 xx:xx:xx +0200 (CEST)Der Anhang entsprechent "interessant":Zitat:
Good day,
Please find attached Vaka Online Hardware Quotation for the items
requested.Your order was successfully collected thank for doing
business with Vaka.
Did you know that if you purchase with Vaka Online Hardware, you
stand a chance to win free 10 bags of PC 15 cement through a
raffle draw of all sales to be made this month, then a random
pick will be done and sale to be picked will be our winner, you
could be our May winner, so DON'T MISS OUT!!
Vaka Sales Team
O*
CALL OR WHATSAPP ON:
0778 335 057
VISIT US: SHOP 13 LONGCHENG PLAZA, BELVEDERE, CNR SAMORA AND
MUTLEY BEND, HARARE
Im Anhang eine Excel-Tabelle.
header:01: Received: from mail.agasi.com.my (ptr1.agasi.com.my [101.99.66.21])02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))03: (No client certificate requested)04: by x (Postfix) with ESMTPS ID: [ID filtered]05: for <x>; Tue, 18 Jun 2019 xx:xx:xx +0200 (CEST)06: [...]07: Received: from [::1] (port=53316 helo=agasi.com.my)08: by vps13276.agasi.com.my with esmtpa (Exim 4.91)09: (envelope-from <rbaleros [at] hamad.qa>)10: ID: [ID filtered]11: Received: from 154.124.25.90 ([154.124.25.90])12: (SquirrelMail authenticated user poor [at] spamvictim.tld)13: by agasi.com.my with HTTP;14: Mon, 17 Jun 2019 xx:xx:xx -0000Zitat:
Dear Sir,
Kindly find attached the bank transfer for the whole amount.
Thank you.
I remain at your disposal should you require any further information.
Best regards.
R* B* N*
Purchasing & Production Manager
L'atelier du miel
Tabaris, Beirut,
+961 (71) 002608
whois:
header:01: Received: from pore.com (unknown [216.108.232.82])02: by x (Postfix) with ESMTP ID: [ID filtered]03: for <x>; Wed, 17 Jul 2019 xx:xx:xx +0200 (CEST)04: Received: from mail.ohioz.cf (localhost [IPv6:::1])05: by pore.com (Postfix) with ESMTPA ID: [ID filtered]06: Tue, 16 Jul 2019 xx:xx:xx -0700 (PDT)Mit einem schönen Anhang, versteht sich:Zitat:
Good Day,
I have tried your Office number but seems not connecting, please see
attached payment made today on behalf of our client who is your customer
as advance payment for the shipment, check the attached remittance
details and let us know if the bank details marked in red is correct.
P* S*
PwC | Corporate Finance | Associate Director
Office: +64 3 374 304 | Mobile: +64 27 308 9181
Pricewaterhouse Coopers New Zealand
5 Sir Gil Simpson Drive, Canterbury Technology Park, Christchurch 8053,
New Zealand
header:01: Received: from x (x [82.149.229.6])02: by x (Postfix) with ESMTP ID: [ID filtered]03: for <x>; Wed, 17 Jul 2019 xx:xx:xx +0200 (CEST)04: X-Greylist: delayed 4259 seconds by postgrey-1.32 at mx2; Wed, 17 Jul 2019 xx:xx:xx CEST05: Received: from sendmail.contentgrill.com (sendmail.contentgrill.com06: [13.232.241.17])07: (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))08: (No client certificate requested)09: by x (Postfix) with ESMTPS ID: [ID filtered]10: for <x>; Wed, 17 Jul 2019 xx:xx:xx +0200 (CEST)11: Received: from localhost (localhost [127.0.0.1])12: by sendmail.contentgrill.com (Postfix) with ESMTP ID: [ID filtered]13: Wed, 17 Jul 2019 xx:xx:xx +0000 (UTC)14: Received: from sendmail.contentgrill.com ([127.0.0.1])15: by localhost (sendmail.contentgrill.com [127.0.0.1]) (amavisd-new, port 10032)16: with ESMTP ID: [ID filtered]17: Received: from localhost (localhost [127.0.0.1])18: by sendmail.contentgrill.com (Postfix) with ESMTP ID: [ID filtered]19: Wed, 17 Jul 2019 xx:xx:xx +0000 (UTC)20: X-Virus-Scanned: amavisd-new at contentgrill.com21: Received: from sendmail.contentgrill.com ([127.0.0.1])22: by localhost (sendmail.contentgrill.com [127.0.0.1]) (amavisd-new, port 10026)23: with ESMTP ID: [ID filtered]24: Received: from sendmail.contentgrill.com (sendmail.contentgrill.com [10.0.1.92])25: by sendmail.contentgrill.com (Postfix) with ESMTP ID: [ID filtered]26: Wed, 17 Jul 2019 xx:xx:xx +0000 (UTC)Jetzt ist eine ISO-Datei im Anhang.Zitat:
Good day,
Please find attached OUR Request For Quotation and kindly quote your best price for the
listed goods.
Kindly advise the following details:
- Your FOB Prices and FOB Port of loading.
- Your Mode of Payment.(L/C or T/T)
- Your estimated delivery time
Awaiting your best offer.
Best Regards
Heute eingetrudelt:
header:01: Received: from mysmtp5.southcentralus.cloudapp.azure.com02: ([13.84.176.201]) by03: mx-ha.gmx.net (mxgmx016 [212.227.15.9]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from SureboyRDP.ndghby3tobievon1xedvkal13c.xx.internal.cloudapp.net (unknown05: [52.175.230.219]) by mysmtp5.southcentralus.cloudapp.azure.com (Postfix) with ESMTPA06: ID: [ID filtered]
Als Anhang:Zitat:
REMINDER!!!
Dear Customer,
We attempted to deliver your item at 2:30pm on 1st August, 2019. (Read
enclosed file details)
The delivery attempt failed because nobody was present at the shipping
address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72
hours, it will be returned to the sender.
Label Number: (Read enclosed file details)
Class: Package Services
Service(s): (Read enclosed file details)
Status: e-Notification sent
Read the enclosed file for details.
Wahrscheinlich ein Verschlüsselungstrojaner, der jedoch noch nicht von allen Antivirenprogrammen erkannt wird.Zitat:
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.img"