PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : [Phishing] Bank of America



SpamRam
04.12.2005, 21:47
header:
01: Return-Path: <nobody [at] host60.ipowerweb.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to mymail [at] gmx.net
04: Received: (qmail invoked by alias); 04 Dec 2005 xx:xx:xx -0000
05: Received: from host60.ipowerweb.com (EHLO host60.ipowerweb.com) [66.235.195.160]
06: by mx0.gmx.net (mx013) with SMTP; 04 Dec 2005 xx:xx:xx +0100
07: Received: from nobody by host60.ipowerweb.com with local (Exim 4.43)
08: ID: [ID filtered]
09: for mymail [at] gmx.net; Sun, 04 Dec 2005 xx:xx:xx -0800
10: To: mymail [at] gmx.net
11: Subject: Bank of America - Important Online Banking Alert
12: From: <service [at] bankofamerica.com>
13: Reply-To: service.no.reply [at] bankofamerica.com
14: MIME-Version: 1.0
15: Content-Type: text/html
16: Content-Transfer-Encoding: 8bit
17: Message-ID: [ID filtered]
18: Date: Sun, 04 Dec 2005 xx:xx:xx -0800
19: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
20: report
21: X-AntiAbuse: Primary Hostname - host60.ipowerweb.com
22: X-AntiAbuse: Original Domain - gmx.net
23: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
24: X-AntiAbuse: Sender Address Domain - host60.ipowerweb.com
25: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
26: X-GMX-Antispam: 0 (Mail was not recognized as spam)
27: X-GMX-UID: [UID filtered]
Mail-Text: (HTML)


[Your privacy and security partner]

Protecting your information
Ensuring your accounts are secure
Providing safety tips

{Learn more} (LINK)


[Privacy Policies]
{Your privacy is our priority} (LINK)


[Online Banking]
{Safe, secure, and easy to use} (LINK)

Dear Customer (Mymail @ gmx.net ),

We recently noticed an attempts to log in to your online banking account from a foreign IP address and we found one or more your information changed. Because of that we have reasons to believe that your account was used by a third party without your authorization.

The login attempt was made from:

IP Address : 172.25.210.66 ([B]Private block address)
ISP Host : cache-66.proxy.aol.com
Login Date : 04-December-2005

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. Therefore, if you are the rightful account holder, click on the link below to log into your account and follow the instructions.

<SPAN style="FONT-WEIGHT: 700"> <BR><BR>
<A target="_blank" onfiltered="a('https://www.paypal.com/cgi-bin/webscr?cmd=_login-run');return true"
onfiltered=b() href="http://www.diperta-jatim.go.id/application/https/bankofamerica.com/cgi-bin/ias/MbrezU2xs8o0u_LYXs2iLSUyHCYJF6hVvHqksi1580602/1/bofa/ibd/IAS/presentation/sso.login.controller.htm" >
<span style="font-size: 9pt">https://www.bankofamerica.com/cgi-bin/ias/1580602/1/bofa/ibd/IAS/sso.login.controller</span></a><BR><BR></SPAN> {https:// www.bankofamerica.com/cgi-bin/ias/1580602/1/bofa/ibd/IAS/sso.login.controller}
(So sieht man den Link; mit dem tatsächlichen Ziel kann ich nichts anfangen!)
We need you to update and confirm your account information that has been changed, so we can verify your information with our new data. If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.

If you received this notice and you are not the authorized account holder, please be aware that at it is in violation of Bank of America online banking policy to represent oneself as another Bank of America online banking user. Such action may also be in violation of local, national, and/or international law. Bank of America is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that impersonators are prosecuted to the fullest extent of the law.

Thank you for your patience as we work together to protect your account.

Sincerely,
Bank of America Account Security Department
Account Manager,

DavID: [ID filtered]



THIS IS A E-MAIL FROM BANK OF AMERICA, AND YOU MAY OPT-OUT FROM OUR E-MAILS AT ANY TIME. IF YOU'D LIKE TO BE OPTED-OUT WITHIN 10 BUSINESS DAYS, PLEASE UPDATE YOUR {E-MAIL PREFERENCES}.

The security and confidentiality of your personal information is important to us. BECAUSE E-MAIL IS NOT A SECURE FORM OF COMMUNICATION, THIS E-MAIL BOX IS NOT EQUIPPED TO HANDLE REPLIES. If you are a Bank of America customer and have sensitive account-related questions, please call the phone number provided on your account statement or the appropriate phone number indicated in the following "Contact Us" link so we can properly verify your identity. For all other questions or comments, please use the Web forms available via {Contact Us}.

We respect your privacy, and you can rest assured that we protect your information, including your e-mail address, and will never sell or share it with marketers outside Bank of America. To find out more, please read our {Privacy Policy}.

Bank of America E-mail, 6th Floor, 101 North Tryon Street, Charlotte, NC 28255-0001

Bank of America, N.A. Member FDIC. {Equal Housing Lender}
© 2005 Bank of America Corporation. All rights reserved.

This e-mail was sent to: Mymail @ gmx.net

Mail an abuse @ bankofamerica.com ist raus! Ich denke, die werden sich kümmern!

icewastl
15.06.2006, 14:30
Heute eingeschlagen:

Hier der Link:

http://www.onlineaccesss34549.com/index.htm/bankofamerica/bankofamerica/onlineid.signin/bankofamerica/online_bofa_banking/e-online-banking/


From BankOfAmerica Thu Jun 15 xx:xx:xx 2006
X-Apparently-To: yxyxyxyx [at] yahoo.de via 217.12.10.225; Wed, 14 Jun 2006 xx:xx:xx -0700
X-YahooFilteredBulk: 69.16.197.229
X-Originating-IP: [69.16.197.229]
Return-Path: <nobody [at] fhs.globehosting.net>
Authentication-Results: mta112.mail.mud.yahoo.com from=bankofamerica.com; domainkeys=neutral (no sig)
Received: from 69.16.197.229 (EHLO fhs.globehosting.net) (69.16.197.229) by mta112.mail.mud.yahoo.com with SMTP; Wed, 14 Jun 2006 xx:xx:xx -0700
Received: from nobody by fhs.globehosting.net with local (Exim 4.52) ID: [ID filtered]
An: yxyxyxyxyx [at] yahoo.de [Bearbeiten - Löschen]
Betreff: Bank Account Update Alert!
Von: "BankOfAmerica" <customers [at] bankofamerica.com> Ins Adressbuch
Antwortadresse:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-ID: [ID filtered]
Datum: Thu, 15 Jun 2006 xx:xx:xx +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fhs.globehosting.net
X-AntiAbuse: Original Domain - yahoo.de
X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
X-AntiAbuse: Sender Address Domain - fhs.globehosting.net
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: onlyfreeservers.com:/public_html/users/jchman/fooling
Content-Length: 1585




Security Update Alert

--------------------------------------------------------------------------------
Bank Of America is constantly working to increase security for all Online Banking users. To ensure the integrity of our online payment system, we periodically review accounts.
Your account might be place on restricted status. Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds.

To lift up this restriction, you have to complete our verification process. You must confirm your credit card details and your billing information as well. All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have updated your billing information on records. To initiate the update confirmation process. Please follow the link below and fill in the necessary requirements :

https://www.bankofamerica.com/c gi-bin/imcpprd. dll/Ctrl.jsp?BV_UseBVCookie=yes

Thank you for your patience as we work together to protect your account.

Sincerely,
Bank of America Customer Service

*Important*
Please update your records on or before 48 hours, a failure to update your records will result in a temporal hold on your funds.


--------------------------------------------------------------------------------
Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2006 Bank of America Corporation. All rights reserved.

Goofy
15.06.2006, 14:38
Der Phisher-Link geht nicht, kein Domain-Eintrag im DNS.

icewastl
15.06.2006, 20:03
hm, hatte die Mail weitergeleitet...

LazyDog
12.08.2006, 08:12
X-Envelope-From: <updates [at] bankofamerica.com>
X-Envelope-To: <poor [at] spamvictim.tld>
X-Delivery-Time: 1155352066
Received: from 192.168.1.200 (pd95b16a7.dip0.t-ipconnect.de [217.91.22.167])
by mailin.webmailer.de (8.13.6/8.13.6) with SMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Sat, 12 Aug 2006 xx:xx:xx +0200 (MEST)
Received: from 89.241.116.188 by ; Sat, 12 Aug 2006 xx:xx:xx +0500
Message-ID: [ID filtered]
From: "Bank of America" <updates [at] bankofamerica.com>
Reply-To: "Bank of America" <updates [at] bankofamerica.com>
To: poor [at] spamvictim.tld
Subject: Your account information needs to be updated
Date: Sat, 12 Aug 2006 xx:xx:xx +0600
X-Mailer: Internet Mail Service (5.5.2650.21)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--9657933413414031438"
X-Priority: 1
X-MSMail-Priority: High
X-PMFLAGS: 570966400 0 1 PV4KZE8K.CNM

<HTML><p><b><font size="2" face="Arial, Helvetica, sans-serif">Dear Bank Of America customer,</font></b></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">Due to concerns, for the
safety and integrity of the online<br>
banking community we have issued this warning message. <br>
<br>
It has come to our attention that your account information needs <br>
to be updated due to inactive members, frauds and spoof reports.<br>
If you could please take 5-10 minutes out of your online experience and renew<br>
your records you will not run into any future problems with the online service.<br>
However, failure to update your records will result in account erasure.<br>
This notification expires on <font color="#FF0000"><strong>August 14th, 2006.</strong></font><br>
<br>
Once you have updated your account records your internet banking<br>
service will not be interrupted and will continue as normal. <br>
<br>
Please follow the link below <br>
and renew your account information:</font><br>
<a
target="_blank" href="http://onlineid.bankofamerica.com.dfgj.us/kacamaca/index.html"
onfiltered="status='';return
true">https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller/</a></p>
<p><a href="http://sutv-wgtn-cm-63-173-39-122.sutv.com/partners/www.bankofamerica.com/index.html" target="_blank"><img src="http://valdosta.biz/images/bankofamericamortgage/bankofamericaANI_175x146.gif"
alt="Bank of America" width="175" height="146" border="0"></a> <br>
<font size="2" face="Arial, Helvetica, sans-serif">Bank of America, N.A. Member FDIC.
Equal Housing Lender<br>
&copy; 2006 Bank of America Corporation. All rights reserved. </font><br>
</HTML>

Dear Bank Of America customer,
Due to concerns, for the safety and integrity of the online
banking community we have issued this warning message.

It has come to our attention that your account information needs
to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and renew
your records you will not run into any future problems with the online service.
However, failure to update your records will result in account erasure.
This notification expires on August 14th, 2006.

Once you have updated your account records your internet banking
service will not be interrupted and will continue as normal.

Please follow the link below
and renew your account information:
https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller/

Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2006 Bank of America Corporation. All rights reserved.

Goofy
12.08.2006, 13:48
Die Phisherseite scheint bei Yuchuu! gehostet zu sein.
Der Link geht offensichtlich auf:
h-t-t-p://onlineid.bankofamerica.com.dfgj.us/kacamaca/index.html

Dort allerdings scheint doch schon der Server geputzt zu sein ("Forbidden").

Wuschel_MUC
12.08.2006, 16:18
Der Absender der BOA-Phishing-Mail glaubt anscheinend, dass die Bank of America eine Publikumsbank ist. Oder doch nicht?

Ich würde hier eher auf Malware auf der beworbenen Website tippen - aber sie ist ja ohnehin schon gesperrt!

Wuschel

truelife
28.12.2006, 13:13
Und wieder hochaktuell, man beachte das Datum...


Dear Customer,

As the Internet and information technology enable us to expand our services, we are committed to maintaining the trust customers have placed in us for protecting the privacy and security of information we have about you. In order to protect your information against unauthorized access, identity theft and account fraud we earnestly ask you to update your profile.

If you received this notice and you are not the authorized account holder, please be aware that it is in violation of our policy to represent oneself as another Bank of America user. Such action may also be in violation of local, national, and/or international law. Bank of America is committed to assist law enforcement with any inquiries related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.

To confirm your On-Line Safety Account Information please click the link below.

https://bankonline.bankofamerica.com/efs/servlet/login.jsp

Please note:

If we don't receive your account verification within 72 hours from you, we will further lock down your account untill we will be able to contact you by e-mail or phone.

2007 Bank of America Administration. All rights reserved.

Das ganze leitet weiter zu http://www.babinc.org/.verification/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm und diese Seite wurde längst versenkt..

Return-Path: <support [at] online-bankofamerica.com>
X-Flags: 1001
Delivered-To: GMX delivery to poor [at] spamvictim.tld
Received: (qmail invoked by alias); 25 Dec 2006 xx:xx:xx -0000
Received: from mail2.fhautism.com (EHLO FHSVR01.futurehorizons-autism.local) [69.15.68.98]
by mx0.gmx.net (mx088) with SMTP; 25 Dec 2006 xx:xx:xx +0100
Received: from User ([71.224.31.112]) by FHSVR01.futurehorizons-autism.local with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 25 Dec 2006 xx:xx:xx -0600
Reply-To: <no-reply [at] bankofamerica.com>
From: "Bank Of America"<support [at] online-bankofamerica.com>
Subject: Maintaining the trust of our customers !
Date: Mon, 25 Dec 2006 xx:xx:xx -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: [ID filtered]
X-OriginalArrivalTime: 25 Dec 2006 xx:xx:xx.0703 (UTC) FILETIME=[AF6CD570:01C727F3]
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 2 (GMX Team content blacklist)
X-GMX-UID: [UID filtered]

cmds
16.01.2007, 10:06
anscheinend gehen die Phisher ins Volle, bei mir schlug Bank of America auf:

Received: from 81.9.193.99 (HELO cm-81-9-193-99.telecable.es) (81.9.193.99)
by mta155.mail.re4.yahoo.com with SMTP; Tue, 16 Jan 2007 xx:xx:xx -0800
Received: from [68.232.48.68] (HELO zipolite.com)
by ipromogroup.com with SMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Tue, 16 Jan 2007 xx:xx:xx -0800
Sender: "Bank of America" <manager_9757427662ib [at] bankofamerica.com>
From: "Bank of America" <online_id40145912948ib [at] bankofamerica.com>
To: "xxx" <poor [at] spamvictim.tld>
Subject: Bank of America - important information
Sender: "Bank of America" <manager_9757427662ib [at] bankofamerica.com>
User-Agent: Internet Mail Service (5.5.2650.21)
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="A7ENUJGKAVXGSFT6.C3EJJ"
X-CheckCompat: OKUrl verweist auf: http://www.bankofamerica.com.onlinebankingid30355211.wwwhealt.info/session.cgi

Chris

truelife
17.01.2007, 08:26
Jetzt URL auf: http://mail.gspa-buu.net/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.php

Return-Path: <online [at] boa.com>
X-Flags: 1001
Delivered-To: GMX delivery to poor [at] spamvictim.tld
Received: (qmail invoked by alias); 16 Jan 2007 xx:xx:xx -0000
Received: from webhost5.puntoweb.cl (EHLO mail2.puntoweb.cl) [200.14.80.122]
by mx0.gmx.net (mx062) with SMTP; 16 Jan 2007 xx:xx:xx +0100
Received: from User ([75.30.188.105])
by mail2.puntoweb.cl (Merak 7.4.2) with ASMTP ID: [ID filtered]
Tue, 16 Jan 2007 xx:xx:xx -0300
From: "Bank Of America"<online [at] boa.com>
Subject: Your Online Is Blocked
Date: Tue, 16 Jan 2007 xx:xx:xx -0800
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: [ID filtered]
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 5 (MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,MIME_HTML_ONLY ,MISSING_HEADERS,ROUND_THE_WORLD,TO_CC_NONE,X_PRIORITY_HIGH)
X-GMX-UID: [UID filtered]



Aber durch den Spam-Rank 23: X-GMX-Antispam: 5 hat es die Mail voll in den Spamordner gehauen...

webeinspunktnull
06.08.2007, 15:25
falls es diese Meldung schon gibt, bitte verschmelzen, sorry - habe aber nix dergleichen gefunden

Mail kam nun in Quelltextform

We recently reviewed your account, and suspected

that your

Bank of America account might have been accessed by an unauthorized

third

party. Protecting the security of your account is our primary concern.

Therefore, as a preventative measure, we have temporarily limited

access to

sensitive account features

To restore your account

access, we need you to confirm your identity, to do so we need you to

follow

the link below and proceed to confirm your

information:



href="http://www.parachute-paris.fr/docs/TMP/www.bankofamerica.com/index.htm">https://www.bankofamerica.com/cgi-bin/imcpprd.dll/Ctrl.jsp?BV_UseBVCookie=yes</a><o:p></o


Thank you for your

patience as

we work together to protect your account.

Important
Please update your records on or before 48 hours, a

failure to update your records will result in a temporal hold on your

funds.


Return-Path: <www-data [at] server8.bieger-media.de>
X-Flags: 1001
Delivered-To: GMX delivery to
Received: (qmail invoked by alias); 06 Aug 2007 xx:xx:xx -0000
Received: from bieger-media.de (EHLO server8.bieger-media.de) [80.81.252.40]
by mx0.gmx.net (mx020) with SMTP; 06 Aug 2007 xx:xx:xx +0200
Received: by server8.bieger-media.de (Postfix, from userID: [ID filtered]
ID: [ID filtered]
To:
Subject: Online Banking Alert!
From: Bank Of America <customercare [at] bankofamerica.com>
Message-ID: [ID filtered]
Date: Mon, 6 Aug 2007 xx:xx:xx +0200
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: [UID filtered]

Eniac
31.08.2007, 08:46
Dumer Iwan mit Todeswunsch, der seinen phishing-Schrott direkt auf meine aa419.org-Adresse abgekippt hat. Domain ist aber bereits suspendiert, da war wohl schon jemand schneeler als ich.

Return-Path: <SRS0=wVl1=N4=service.com=BankofAmerica [at] srs.kundenserver.de>
X-Original-To: frank_hilgenfelder [at] team.aa419.org
Delivered-To: poor [at] spamvictim.tld
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])
by mail.aa419.org (Postfix) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 31 Aug 2007 xx:xx:xx +0200 (CEST)
Received: from s15235712.domainepardefaut.fr [87.106.96.162] (helo=User)
by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis),
ID: [ID filtered]
From: "©2007 Service Bank of America"<BankofAmerica [at] service.com>
Subject: Security - Update Your Information
Date: Fri, 31 Aug 2007 xx:xx:xx +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: [ID filtered]
X-Provags-ID: [ID filtered]
GQj/0e3TC6OPPVEQhiN6oCDGTzdPs/O3ckS21tGF0LTb4GOBCU
YXEXe7BQIw=
To: undisclosed-recipients:;

http://pagosalazar.com/ixed/www.bankofamerica.com/repution/bankofamerica/online_bofa_banking/e-online-banking/


Eniac

kjz1
18.06.2010, 10:35
Nach langer Zeit mal wieder mit gecracktem Server-Account:

Received: from bonnappliances.com (unknown [116.255.28.46])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Fri, 18 Jun 2010 xx:xx:xx +0200 (CEST)
Received: from User ([121.215.234.59]) by bonnappliances.com with
Microsoft SMTPSVC(6.0.3790.3959);
Thu, 17 Jun 2010 xx:xx:xx +1000

http://bankjogja.com/components/com_expose/www%5B1%5D.bankofamerica.com/www.bankofamerica.com/

IP: 202.169.224.32 ---> host-202-169-224-32.jogjamedianet.com


- kjz

kjz1
07.08.2010, 17:58
neuer Versuch:

Received: from mail.pikosoft.net (mail.pikosoft.net [217.11.237.81])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sat, 7 Aug 2010 xx:xx:xx +0200 (CEST)
Received: from User (93-152-108-127.cultrix.managedbroadband.co.uk
[93.152.108.127])
by mail.pikosoft.net (Postfix) with ESMTP ID: [ID filtered]
Sat, 7 Aug 2010 xx:xx:xx +0200 (CEST)

IP: 93.152.108.127 ---> 93-152-108-127.cultrix.managedbroadband.co.uk

http://irwim.t35.com

IP: 69.10.48.106 ---> T35.net/Interserver

Dazu wird das Ganze dann noch per Form übermittelt:

http://www.formbuddy.com/cgi-bin/form.pl

IP: 67.222.1.10 ---> host.formbuddydns.com/PrivateSystems Networks


- kjz

Eniac
25.03.2011, 08:07
Received: from User (adsl196-127-47-217-196.adsl196-10.iam.net.ma [196.217.47.127])
by sv368.xserver.jp (Postfix) with ESMTP ID: [ID filtered]
Thu, 24 Mar 2011 xx:xx:xx +0900 (JST)
Reply-To: <intl.paypal.com [at] sv368.xserver.jp>
From: "Bank Of America Alert"<onlinebanking [at] ealerts.bankofamerica.com>
Subject: Bank Of America Alert : Account Suspended
Date: Thu, 24 Mar 2011 xx:xx:xx -0000
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Message-ID: [ID filtered]
To: undisclosed-recipients:;
X-Junkmail-SD-Raw: score=suspect(3),
refid=str=0001.0A0B0202.4D8B5EA3.0055,ss=2,fgs=0,
ip=219.94.203.69,
so=2009-06-02 xx:xx:xx,
dmn=5.7.1/2009-08-27,
mode=single engine
Return-Path: onlinebanking [at] ealerts.bankofamerica.com


Dear Valued Member,

We noticed invalID: [ID filtered]
Due to this, we have temporarily suspended your account.
We need you to update your account information for your online banking to be re-activated
please update your billing information today by clicking

here http://animalerie-jardinerie-boutique.com/BankOfAmerica.Com/bankofamerica/ After a few clicks,

just verify the information you entered is correct.
Sincerely,



BOA Member Services Team

P.S. The link in this message will be expire within 24 Hours . You have to update your payment information

© 2010 BOA LLC. All Rights Reserved.


Eniac

Eniac
08.03.2012, 15:56
Received: from USER ([208.115.236.121]) by DC2003.IVEPE-HQ.ivepe.gr with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 8 Mar 2012 xx:xx:xx +0200
Content-Type: text/html
SUBJECT: Online Banking Alert
FROM: Bank of America <ebanking [at] ealerts.bankofamerica.com>
Message-ID: [ID filtered]
Date: 8 Mar 2012 xx:xx:xx +0200
MIME-Version: 1.0
X-Junkmail-SD-Raw: score=unknown,
refid=str=0001.0A0B0208.4F58B15E.0094,ss=1,fgs=0,
ip=195.97.0.94,
so=2009-06-02 xx:xx:xx,
dmn=5.7.1/2009-08-27,
mode=single engine
Return-Path: ebanking [at] ealerts.bankofamerica.com


Online Banking Alert

Due to concerns, for the safety and integrity of your online account we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports.

We ask you to visit the following link to start the procedure of confirmation on customers data.

To get started, please click HERE. --> http://data-verification.online.tc/bankofamerica.com/

Please don't reply directly to this automatically-generated e-mail message.

IP: 208.115.236.121 = 123Systems Solutions


Eniac

schara56
15.04.2012, 13:37
Received: from mail.gmportal.co.il (unknown [213.8.93.186])
by x (Postfix) with ESMTP ID: [ID filtered]
for <x>; Sun, 15 Apr 2012 xx:xx:xx +0200 (CEST)
Received: from User ([176.31.104.159]) by mail.gmportal.co.il with Microsoft SMTPSVC(6.0.3790.4675);
Sun, 15 Apr 2012 xx:xx:xx +0200
http://www.motolobo.com/gallery2/.xo.php -> weiter zu http://augen-blick.li/bofa/
Die Absende-IP verweist auf einen SBS2003 *shudda*
Der Hoster ist informiert.

cmds
06.03.2013, 20:46
Neue Runde mit verseuchtem CERT im Anhang

rom - Wed Mar 06 xx:xx:xx 2013
X-Account-Key: account5
X-UIDL: [UID filtered]
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: (qmail 6034 invoked from network); 6 Mar 2013 xx:xx:xx +0000
Received-SPF: softfail (vsXXXXX.netfabrik.de: transitioning domain of bankofamerica.com does not designate 90.83.8.13 as permitted sender) client-ip=90.83.8.13; envelope-from=cashproonline_notification [at] bankofamerica.com; helo=13-8.83-90.static-ip.oleane.fr;
Received: from 13-8.83-90.static-ip.oleane.fr (90.83.8.13)
by vsXXXXXX.vserver.de with SMTP; 6 Mar 2013 xx:xx:xx +0000
Date: Wed, 06 Mar 2013 xx:xx:xx +0200
Message-ID: [ID filtered]
MIME-Version: 1.0
To: poor [at] spamvictim.tld
From: cashproonline_notification [at] bankofamerica.com
Subject: Online Digital Certificate
Reply-To: cashproonline_notification [at] bankofamerica.com


Dear CashPro Customer,


This email is being sent to inform you that you have been granted a new digital
certificate for use with Bank of America CashPro Online.


Please open the attachment and you will be guided through a simple process to
install your new digital certificate.


If you have any questions or concerns, please contact the Bank of America
technical help desk.



Thank you for your business,



Bank of America

CashPro Online Security Team



Please do not reply to this email .



Copyright 2013 Bank of America Merrill Lynch.
All rights reserved.
CashPro is a registered trademark of Bank of America Corporation.

angehängt ist: CashPro_cert_18C9E4D39C.zip (101 KB)

Nachtrag: Scanergebnis (https://www.virustotal.com/de/file/41d2401b46768b31c40ccf16a639826fe765e5f585bdd1a37b7768698eedc74f/analysis/)

kjz1
09.12.2013, 20:29
Das müffelt wieder nach den Vlads:

Received-SPF: fail (mxbap3: domain of ealerts.bankofamerica.com does not
designate 137.135.203.175 as permitted sender) client-ip=137.135.203.175;
envelope-from=onlinebanking [at] ealerts.bankofamerica.com; helo=geor441;
Received: from geor441 ([137.135.203.175]) by mx.kundenserver.de (node=mxbap3) with ESMTP (Nemesis) ID: [ID filtered]
xx:xx:xx +0100
Received: from User ([127.0.0.1]) by geor441 with Microsoft SMTPSVC(7.5.7601.17514); Mon, 9 Dec 2013 xx:xx:xx +0000

IP: 137.135.203.175 ---> Microsoft


Bank of America
To ensure delivery, add onlinebanking [at] ealerts.bankofamerica.com to your
address
book.

Bank of America(R) http://indem.iiita.ac.in/.adobe/secureUpdate.htm


*Access to your Online Banking is currently restricted*

We believe that there might be some security problems on your Account.
So we
have restrict access to your account and an extra verification process is
required to ensure your identity and your account security.

_Click Here_ http://indem.iiita.ac.in/.adobe/secureUpdate.htm You will be
asked to enter your Online Banking Informations before you can access your
account online.

*Security Checkpoint:* This email includes a Security Checkpoint. The
information in this section lets you know this is an authentic
communication
from Bank of America.

*Email Preferences
*This is a service email from Bank of America.Please note that you may
receive
service email in accordance with your Bank of America service agreements,
whether or not you select to receive promotional email.

Bank of America, N.A. Member FDIC. Equal Housing Lender

IP: 117.239.94.246 ---> IIIT JHALWA, Indian Institute of Information Technology

Ich lach' mich schepp, ein 'Institute of Information Technology' (im Untertitel: 'a centre for excellence in IT'), dem man die Server crackt. Bei soviel 'Kompetenz' wiehern ja die Hühner...
Leute, lasst euch schleunigst das Lehrgeld wiedergeben, ihr habt's nicht drauf.

geht dann weiter auf:

http://www.rigips.ro/catalog/bofa/secure.bankofamerica.com/login/sign-in/signOnScreen.go.screenMsg=&request_locale=en-us.htm
IP: 89.36.25.38 ---> 1.a002.hostway.ro

Da haben wir dann die Vlads.

kjz1
15.07.2014, 18:44
Heute wieder der altbekannte Ganove mit seinen HTML-Anhängen:

Received: from mallaury.nerim.net ([178.132.17.101]) by mx-ha.gmx.net (mxgmx107) with ESMTP (Nemesis) ID: [ID filtered]
Received: from pronetenvironnement.fr (pronetservice.pck.nerim.net [213.41.252.34]) by mallaury.nerim.net (Postfix) with ESMTP ID: [ID filtered]
Received: from User ([93.71.8.246]) by pronetenvironnement.fr with Microsoft MTPSVC(6.0.3790.4675); Tue, 15 Jul 2014 xx:xx:xx +0200

IP: 93.71.8.246 ---> net-93-71-8-246.cust.vodafonedsl.it


Bank of America
To ensure delivery, add no_reply [at] ealerts.bankofamerica.com to your
address book.

Exclusively for: | Valued Customer
Bank of America(R) <https://www.bankofamerica.com/index.jsp>

*Online Banking Alert*
*Irregular Account Activity*

*Security Checkpoint:*
*Remember:* Always look for your SiteKey® before entering your Passcode.

To: *Valued Customer*
Account: *Account Temporarily Locked*
Date: *07/15/2014*

We detected irregular activity on your Bank of America Account. For your
protection, please kindly download the attach file and fill in the
information
to verify this activity so you can continue making debit card transactions
without interruption. If you do not verify, certain limitations may be
placed on
your debit card.

Please download the attached file to continue with the validation
process. We
will review and verify the activity on your account and take necessary
steps to
protect your account from fraud.
Please we sincerely apologize for the inconveniences.

Thank you for Banking with Bank of America.

*Security Checkpoint:* This email includes a Security Checkpoint. The
information in this section lets you know this is an authentic
communication
from Bank of America. Remember to look for your SiteKey every time you
sign in
to Online Banking.

*Email preferences*
This is a service email from Bank of America. Please note that you may
receive
service email in accordance with your Bank of America service agreements,
whether or not you elect to receive promotional email.

*Contact us about this email*
Please do not reply to this email with sensitive information, such as an
account
number, PIN, password, or Online ID. The security and confidentiality of
your
personal information is important to us. If you have any questions, please
either call the toll-free customer service phone number on your account
statement or visit the Bank of America website to access the Contact Us
<http://www.bankofamerica.com/contact/> page, so we can properly verify
your identity.

*Privacy and security*
Keeping your financial information secure is one of our most important
responsibilities. For an explanation of how we manage customer information,
please visit the Bank of America website to read our Privacy Policy
<http://www.bankofamerica.com/privacy/>. You can also learn how Bank of
America
keeps your personal information secure
<http://www.bankofamerica.com/privacy/index.cfm?template=privacysecur_prevent_fraud>

and how you can help protect yourself.

Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon St.,
Charlotte,
NC 28255-0001

Bank of America, N.A. Member FDIC. Equal Housing Lender
<http://www.bankofamerica.com/help/equalhousing.cfm>
© 2014 Bank of America Corporation. All rights reserved.

Gephisht wird hier:


<form method="post"action="http://nandrhepburn.x10.mx/booaa.php">
IP: 198.91.81.2 ---> X10 HOSTING/Singlehop