title: Where is dat imporant words in this phishing email, Gmail?
Gmail failed on filtering out phising email again, a big time:

Oh, c’mon, its body is empty, where is dat important words? It doesn’t even have a subject line, alright, it has. “cc,” really, Gmail? What, attachment filename, you serious?
Here is a screenshot of that email, glad that Google Docs provides viewing on the net, so I don’t need to download it and worry if it contains virus, though Gmail said it has scanned it. But, even it really has virus, it may need to be specifically designed for attacking on Linux.
The ridiculous content is old, but method is little bit new to me — by using attachment. Poor Coca Cola, a victim as well.
1 Archive
1.1 Email headers
Delivered-To: livibetter@gmail.com Received: by with SMTP id ct5csp181759wib; Wed, 18 Apr 2012 00:01:23 -0700 (PDT) Received: by with SMTP id h8mr1003624yhe.79.1334732483236; Wed, 18 Apr 2012 00:01:23 -0700 (PDT) Return-Path: Received: from smtp.mail.wowway.com (smtp.wow.synacor.com. []) by mx.google.com with ESMTP id q25si22785285yhj.122.2012.; Wed, 18 Apr 2012 00:01:23 -0700 (PDT) Received-SPF: neutral (google.com: is neither permitted nor denied by best guess record for domain of dbhubbard@wowway.com) client-ip=; Authentication-Results: mx.google.com; spf=neutral (google.com: is neither permitted nor denied by best guess record for domain of dbhubbard@wowway.com) smtp.mail=dbhubbard@wowway.com Return-Path: X-Spam-Rating: None X_CMAE_Category: 0,0 Undefined,Undefined X-CNFS-Analysis: v=1.1 cv=+PD7zhiQh4wHAkX2ildB6Hz7oVUY6cTH2eYUHJ1YceI= c=1 sm=0 a=-4BUNljfCKEA:10 a=FKkrIqjQGGEA:10 a=AhRLOILGsKkA:10 a=gv4l6aEeuxxzeCLns_sA:9 a=K-QaQ4hbBhWg8AMYVz4A:7 a=QEXdDO2ut3YA:10 a=_W_S_7VecoQA:10 a=aIyur2oi7UP9Z7IZqwkA:9 a=IKIoO-ieCDEA:10 a=QLvOlBIuGJjmAZ5IHHaCwQ==:117 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine Authentication-Results: smtp01.wow.synacor.com smtp.mail=dbhubbard@wowway.com; spf=neutral Received-SPF: neutral (smtp01.wow.synacor.com: is neither permitted nor denied by domain of wowway.com) Received: from [] ([] helo=md02.wow.synacor.com) by smtp.mail.wowway.com (envelope-from ) (ecelerity r(29895/29896)) with ESMTP id 07/63-15061-0C66E8F4; Wed, 18 Apr 2012 03:01:20 -0400 Date: Wed, 18 Apr 2012 03:01:20 -0400 (EDT) From: Roland Mkemoff Reply-To: claimsgroup222@qatar.io Message-ID: <1725543783.781174.1334732480276.JavaMail.root@md02.wow.synacor.com> In-Reply-To: <2128347857.781166.1334732472431.JavaMail.root@md02.wow.synacor.com> Subject: cc MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_781172_32382883.1334732480274" X-Originating-IP: [] X-Mailer: Zimbra 6.0.5_GA_2328.RHEL5_64 (ZimbraWebClient - SAF3 (Win)/6.0.15_GA_2995)
1.2 Text of attachment, award.docx
This is to inform you that your email address has won prize money of (£500,000.00) GBP for been an active web-email user. This Lottery promotion was organized by COCA COLA PLC. A cheque of 500,000.00 GBP has been issued against your winning email and has been forward to Fair Ways Courier Company for delivery to your country of residence. You are required to contact us with the details below to claim your winnings 1. Full name: 2. Contact Address: 3. Age: 4. Telephone Number 5. Sex: 6. Occupation: 7. State: 8. Country: 9. Nationality: Contact: claimsgroup222@qatar.io MR Dave Dawes
Post a Comment
Note: Only a member of this blog may post a comment.