Am primit astazi un e-mail care vrea sa ma convinga ca este trimis de Natwest. Link din mesaj este de tip phishing, adica o clona la pagina de logare si care arata exact ca cea de pe site-ul NatWest. Daca nu te uiti in url, poti crede ca te loghezi in contul natwest.
Acesta este mesajul:
Link din e-mail:
Header e-mail:
Acesta este mesajul:
Cod:
Dear Customer,
Your online security is important to us. That is why we are committed to safeguarding your personal information to keep it secure and confidential.
There was an attempt to sign in to your Natwest online from an unrecognized device, for your protection you are hereby requested to perform some necessary information update
Review your account
To strengthen the security measures protecting your account, we have added additional security. We will review and verify the activity on your account with you and take necessary steps to protect your account.
We know what it means to serve you,
Yours sincerely,
Stephanie Clendenin
Natwest Online and mobile banking teamLink din e-mail:
Cod:
http://frompushconstructso.com/Mathematics/retail/index.htmHeader e-mail:
Cod:
X-Originating-IP: [128.84.13.243]
Authentication-Results: mta1140.mail.gq1.yahoo.com from=cornell.edu; domainkeys=neutral (no sig); from=cornellprod.onmicrosoft.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO limerock03.mail.cornell.edu) (128.84.13.243)
by mta1140.mail.gq1.yahoo.com with SMTP; Mon, 28 Nov 2016 11:11:05 +0000
X-CornellRouted: This message has been Routed already.
Received: from exchange.cornell.edu (sf-e2013-07.exchange.cornell.edu [10.22.40.54])
by limerock03.mail.cornell.edu (8.14.4/8.14.4_cu) with ESMTP id uASBAu0B013245;
Mon, 28 Nov 2016 06:11:01 -0500
Received: from sf-e2013-05.exchange.cornell.edu (10.22.40.52) by
sf-e2013-07.exchange.cornell.edu (10.22.40.54) with Microsoft SMTP Server
(TLS) id 15.0.1210.3; Mon, 28 Nov 2016 06:10:32 -0500
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (207.46.163.21)
by sf-e2013-05.exchange.cornell.edu (10.22.40.52) with Microsoft SMTP Server
(TLS) id 15.0.1210.3 via Frontend Transport; Mon, 28 Nov 2016 06:10:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=cornellprod.onmicrosoft.com; s=selector1-cornell-edu;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=gUHOHai20zHRMh2kDJAuTg2orfIJcfgrO36c4b0UjOk=;
b=TFIUFiXK86Tf750CWnbCqGRelSI9asp/N7wbk1+3pW9gKLTNctafOjO/ZtPwm4Tda5U4qFiGC3f+HVYTe2Fxh+TECiU77ENK2POnLdVmrLKqEZPfB2+9+cTaY26JFEnBQDYroCyADbiXKDtGsbynhLTDZJEvYv+553wWHjHVaRw=
Authentication-Results: spf=none (sender IP is )
[email protected];
Received: from Arrowhead-PB3.Home (209.181.111.60) by
CY1PR04MB2203.namprd04.prod.outlook.com (10.167.8.139) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.747.13; Mon, 28 Nov 2016 11:10:31 +0000
Content-Type: multipart/alternative; boundary="===============0683174951=="
MIME-Version: 1.0
Subject: Review your account
To: Recipients <[email protected]>
From: NatWest <[email protected]>
Date: Mon, 28 Nov 2016 04:10:30 -0700
X-Originating-IP: [209.181.111.60]
X-ClientProxiedBy: BY1PR18CA0014.namprd18.prod.outlook.com (10.162.126.24) To
CY1PR04MB2203.namprd04.prod.outlook.com (10.167.8.139)
Message-ID: <CY1PR04MB2203F1D6211DE856801C5136DB8A0@CY1PR04MB2203.namprd04.prod.outlook.com>
X-MS-Office365-Filtering-Correlation-Id: 93e7fa17-71f4-4aaf-86c9-08d4177f2bfc
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR04MB2203;
X-Microsoft-Antispam-PRVS: <CY1PR04MB22038370C7F8B4AE7017C9E8DB8A0@CY1PR04MB2203.namprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(209352067349851)(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6060326)(6040361)(6045199)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(6061324)(20161123560025)(20161123555025)(20161123564025)(20161123562025);SRVR:CY1PR04MB2203;BCL:0;PCL:0;RULEID:;SRVR:CY1PR04MB2203;
X-Forefront-PRVS: 01401330D1
Received-SPF: None (protection.outlook.com: cornell.edu does not designate
permitted sender hosts)
