Nedbank Group Limited <[email protected]>

Header Analysis Quick Report<br>Originating IP: 105.236.51.4<br>Originating ISP: Mtn Business Solutions (pty) Ltd<br> City: Johannesburg<br>Country of Origin: South Africa<br>* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.227.64.193 with SMTP id f1csp93356wbi;
Mon, 6 Jan 2014 00:40:50 -0800 (PST)
X-Received: by 10.68.134.98 with SMTP id pj2mr124024525pbb.110.1388997649753;
Mon, 06 Jan 2014 00:40:49 -0800 (PST)
Return-Path: <[email protected]>
Received: from out01.mta.xmission.com (out01.mta.xmission.com. [166.70.13.231])
by mx.google.com with ESMTPS id nu5si54127757pbc.28.2014.01.06.00.40.49
for <multiple recipients>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 06 Jan 2014 00:40:49 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 166.70.13.231 as permitted sender) client-ip=166.70.13.231;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 166.70.13.231 as permitted sender) [email protected];
dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
Received: from in01.mta.xmission.com ([166.70.13.51])
by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.76)
(envelope-from <[email protected]>)
id 1W05jl-00066P-Fs; Mon, 06 Jan 2014 01:40:41 -0700
Received: from 105-236-51-4.access.mtnbusiness.co.za ([105.236.51.4] helo=User)
by in01.mta.xmission.com with esmtpa (Exim 4.76)
(envelope-from <[email protected]>)
id 1W05jk-0002WE-1t; Mon, 06 Jan 2014 01:40:41 -0700
Reply-To: <[email protected]>
From: "NEDBANK GROUP LIMITED"<[email protected]>
Date: Mon, 6 Jan 2014 10:40:39 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <[email protected]>
X-XM-AID: U2FsdGVkX1+gXato/5E57IizVK0IiOX4
X-SA-Exim-Connect-IP: 105.236.51.4
X-SA-Exim-Mail-From: [email protected]
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sa01.xmission.com
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=62.8 required=8.0 tests=ADVANCE_FEE_2_NEW_MONEY,
ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW,
ADVANCE_FEE_4_NEW_MONEY,ADVANCE_FEE_5_NEW,ADVANCE_FEE_5_NEW_MONEY,ALL_TRUSTED,
AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_50,DCC_CHECK,DEAR_BENEFICIARY,
FORGED_MUA_OUTLOOK,FORM_FRAUD_5,FROM_MISSPACED,FROM_MISSP_EH_MATCH,
FROM_MISSP_MSFT,FROM_MISSP_PHISH,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,
FSL_NEW_HELO_USER,LOTS_OF_MONEY,MILLION_USD,MISSING_HEADERS,MONEY_FORM_SHORT,
MONEY_FRAUD_3,MONEY_FRAUD_5,MONEY_FROM_MISSP,NSL_RCVD_HELO_USER,
REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,TVD_RCVD_IP,
T_FILL_THIS_FORM_SHORT,T_XMDrugObfuBody_08,XMSlimDrugH,XMSolicitRefs_0,
XM_OfRef6,XM_OfRef7,XM_OfRef8,XM_OfRef9 autolearn=disabled version=3.3.2
X-Spam-Report:
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
* 3.4 DEAR_BENEFICIARY BODY: Dear Beneficiary:
* 3.2 MILLION_USD BODY: Talks about millions of dollars
* 4.5 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
* 0.0 TVD_RCVD_IP TVD_RCVD_IP
* 3.9 NSL_RCVD_HELO_USER Received from HELO User
* 1.0 XMSlimDrugH Weight loss drug headers
* 0.0 MISSING_HEADERS Missing To: header
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.4688]
* 3.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
* [sa01 1397; Body=27 Fuz1=27 Fuz2=many]
* 0.2 XM_OfRef9 Contains 9 or more suspicious of references
* 3.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
* 1.0 T_XMDrugObfuBody_08 obfuscated drug references
* 0.2 XM_OfRef6 Contains 6 or more suspicious of references
* 1.5 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
* 2.5 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
* 0.2 XM_OfRef8 Contains 8 or more suspicious of references
* 0.1 XMSolicitRefs_0 Weightloss drug
* 2.5 LOTS_OF_MONEY Huge... sums of money
* 1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
* 2.2 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
* 0.2 XM_OfRef7 Contains 7 or more suspicious of references
* 1.8 MONEY_FROM_MISSP Lots of money and misspaced From
* 4.3 FROM_MISSP_PHISH Malformed, claims to be from financial organization
* - possible phish
* 2.5 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
* 2.0 FROM_MISSPACED From: missing whitespace
* 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
* 0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
* 0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
* 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
* 0.0 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
* 4.3 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
* 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
* 2.3 MONEY_FRAUD_5 Lots of money and many fraud phrases
* 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
* information
* 4.4 MONEY_FRAUD_3 Lots of money and several fraud phrases
* 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
* 2.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
* 0.8 MONEY_FORM_SHORT Lots of money if you fill out a short form
* 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
X-Spam-DCC: XMission; sa01 1397; Body=27 Fuz1=27 Fuz2=many
X-Spam-Combo: **************************************************;
X-Spam-Relay-Country:
Subject: DID YOU SEND Diane L. Mcallister TO CLAIM YOUR FUND????
X-Spam-Flag: YES
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)

From the Desk of:
Dr Dr Lordman Walter
Managing Director
Admin Department
Nedbank Group Limited
85 ST GEORGES MALL CAPE TOWN
South Africa



Attention:Beneficiary.

We received instruction from our correspondence bank to transfer the
sum of $11.5 million (Eleven Million Five Hundred Thousand United
States Dollars Only)into your account which we are on the process to
open an online banking account on your name and forward to you the
account information so that you can transfer your fund into your
regular account in your country by your self, to avoid any problem.

But we are surprise this morning when we are about to open your online
banking account and received another email from Ms Diane L. Mcallister
whom claim to be your representative and forward to us the following
account information for us to transfer the fund into her account.
The account which she forward to us as follow.


Bank of America
St. Petersburg, Florida, USA
Diane L. Mcallister
Account# 003767127294
Routing # 063100277


Please, Do reconfirm to us as a matter of urgency if this lady is from
you and has your authority to receive your fund If this lady is not
your representative, You are requested to fill and send this
information for verification purpose,so that your fund value of
$11.5million united state dollars will be paid to you through online
banking method.


1) Your Full Name ..........................

2)Your Full Address..........................

3) Home Telephone/ Cell ......................

4) AGE.........................................

5)Your Occupations.................... ............

8. BANK DETAILS WERE YOUR FUND WILL BE TRANSFER INTO.......


HOWEVER, WE SHALL PROCEED TO ISSUE ALL PAYMENT DETAILS TO THE SAID
MRS.Diane L.Mcallister, IF WE DO NOT HEAR FROM YOU WITHIN THE NEXT
SEVEN (7) WORKING DAYS FROM TODAY, WE WILL PROCESS AND RELEASE THE
FUND INTO Ms Diane L. Mcallister ACCOUNT.


Confirm your receipt of this mail without delay.....

Yours in service

Dr Lordman Walter
Managing Director
Admin Department


Nedbank Group Limited
South Africa