A few months ago, my Visa card received two sizable charges for airline
tickets from Nigeria to London. Fraud seems to be a cottage industry there.
Needless to say, my credit union took care of it and replaced my card.
Jim Nichols
Tullahoma, TN USA
On 11/5/2015 10:27 AM, Piers Hemy wrote:
Seems to have come via aol, from an IP address in .... Nigeria. Is Marseille in
Nigeria??
Piers
Headers slightly obfuscated:
Return-path: <Nsurxx@xxxxxxx>
Envelope-to: xxxxx@xxxxxxxxx
Delivery-date: Thu, 05 Nov 2015 11:52:27 +0000
Received: from oms-a020e.mx.aol.com ([204.29.186.163])
by h.hopeless.aa.net.uk with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.72)
(envelope-from <Nsurxx@xxxxxxx>)
id 1ZuJ5b-0006eo-HZ
for xxxxx@xxxxxxxxx; Thu, 05 Nov 2015 11:52:27 +0000
Received: from omr-a020e.mx.aol.com (omr-a020.mx.aol.com [10.72.105.231])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by oms-a020e.mx.aol.com (AOL Outbound OMS Interface) with ESMTPS id
9B0B738001DD
for < xxxxx@xxxxxxxxx >; Thu, 5 Nov 2015 06:52:14 -0500 (EST)
Received: from mtaout-mcc01.mx.aol.com (mtaout-mcc01.mx.aol.com [172.26.253.77])
by omr-a020e.mx.aol.com (Outbound Mail Relay) with ESMTP id 8CC3A380009D
for < xxxxx@xxxxxxxxx >; Thu, 5 Nov 2015 06:52:14 -0500 (EST)
Received: from HOLI-PC (unknown [154.118.16.236])
by mtaout-mcc01.mx.aol.com (MUA/Third Party Client Interface) with
ESMTPA id EC81138000095
for < xxxxx@xxxxxxxxx >; Thu, 5 Nov 2015 06:52:13 -0500 (EST)
From: "Bill Barber" <Nsurxx@xxxxxxx>
Subject: Travel Issue......Help
To: xxxxx@xxxxxxxxx
Content-Type: multipart/alternative;
boundary="HNmqy=_9GpwnsoamnSYUZVgQHfQCRwEtJp0"
MIME-Version: 1.0
Reply-To: Nsurxx@xxxxxxx
Date: Thu, 5 Nov 2015 06:52:10 -0500
X-Antivirus: avast! (VPS 151105-0, 11/05/2015), Outbound message
X-Antivirus-Status: Clean
x-aol-global-disposition: S
X-SPAM-FLAG: YES
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
s=20150623; t=1446724334;
bh=9s8mwlbgu2EO4sWyKgxvmhDrQlHd+DQU9MquOIknfVw=;
h=From:To:Subject:Date:MIME-Version:Content-Type;
b=2KHqdjfTGmN/KI9eFWm4CXYTNgH5M6TUK2nQCmxDuCPgF2oNFhz1iIeJ0hrMKUwLx
52SYmWVvHn4cHDfsR3Q+QeAWyj7mHAI6vleKXvirGsgeRvjy2Aovpax/a2V2r8ecQb
Qy8C8wKfNbDLRXwwSr8WvlaxWGtxM9dVaeNGCez0=
X-AOL-REROUTE: YES
x-aol-sid: 3039ac1afd4d563b42ed2f55
X-AOL-IP: 154.118.16.236
X-Message-Linecount: 80
X-Connected-IP: 204.29.186.163:41698
X-Body-Linecount: 47
X-Message-Size: 3783
X-Body-Size: 2204
X-Received-Count: 4
X-Recipient-Count: 1
X-Local-Recipient-Count: 1
X-Local-Recipient-Defer-Count: 0
X-Local-Recipient-Fail-Count: 0
X-Spam-Score: 1.8
X-Spam-Score-Int: 18
X-Spam-Bar: +
X-Spam-Report: Spam detection software, running on the system
"d.spamless.aa.net.uk", has
processed this message and it scored (1.8 points).
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
(nsurxx[at]aol.com)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[204.29.186.163 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.1 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5044]
-0.1 DKIM_VERIFIED No description available.
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.5 MISSING_MID Missing Message-Id: header
0.0 RCVD_NOT_IN_IPREPDNS Sender not listed at
http://www.chaosreigns.com/iprep/
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
X-AA-Info: Message ran through Aliases
X-AA-Info: Message ran through Aliases
X-Spam-Mark-Threshold: 9
X-Spam-Reject-Threshold: 20 (System default as User or Domain preference has
not set)
X-Spam-User: yyyy@xxxxxxxxx
X-Spam-Flag: NO
X-Delivered-To: xxxxx@xxxxxxxxx (yyyy@xxxxxxxxx)
X-Message-Age: 4
X-SpamSubject:
X-AA-BETA: r=v_u m2=18 m3= m4= m5= m8= m9= reqint=90
-----Original Message-----
From: olympus [mailto:olympus-bounces+piers.hemy=gmail.com@xxxxxxxxxxxxxxxxx]
On Behalf Of Jez Cunningham
Sent: 05 November 2015 13:13
To: Olympus Camera Discussion
Subject: Re: [OM] Fwd: Travel Issue......Help
Do you still have the email - can you have a look at the headers to see
whence it cometh?
It's often just 'spoofed' rather than 'hacked' - see:
http://lifehacker.com/5875848/how-can-i-find-out-why-my-email-account-just-spammed-my-friends-and-family
Jez
On 5 November 2015 at 12:30, ChrisB <ftog@xxxxxxxxxxxxxx> wrote:
Looks like Bill’s AOL account has been hacked. I started to believe it,
although the "tears in my eyes" sounded a discordant note.
I’ve reported it to AOL’s abuse line via SpamCop.
Chris
Begin forwarded message:
From: "Bill Barber”
snip
Good Morning ,
I'm writing this with tears in my eyes, my family and i came down here
to Marseille on a short vacation,unfortunately we were mugged at the park
of the hotel where we stayed all cash,credit card and mobile phone were
stolen off us but luckily we still have our passports with us.
snip
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|