FRAUDULENT BANKING SCAMS VIA EMAILING

THIS IS THE LATEST BANKING EMAIL SCAM THE HAS BEEN FORWARDED ONTO THE AUSTRALIAN PUBLIC.

CIRCULATING - PLEASE DELETE IF RECIEVED 1ST SEPT 2008

EMAILS FROM CHINA PLEASE READ THIS HERE

To protect the company we have eliminated the name

I've received the following email from "xxxxxxxxx" which claims to be a domain registration company in China. Here is the email:

As in their words written:

Dear Manager: We are xxxxxxxxx Group Stocks Limited in China, which is a domain registration agent authorised by Chinese Industrial and Commercial Department. We professionally engage in chinese and international domain names registration as well as trademark registration service . We also offer English and Chinese web design. We have received a formal application online. An international company wants to apply \"switchbanks\" for its own Internet Trademark and CN domain name on Sep 1,2008 in China. However, we have confirmed that it will conflict with your trademark via our confirmation.It is our duty to inform you of this issue according to the regulations of CNNIC. You are the owner of this trademark,so you have the preferential right to register and protect by yourself. Of course ,if you do not have any disagreement on this issue or you intend to give up the registration,any individual has the right to register those domains and internet keyword,which is legal. Then we will take the formal registration for that applicant. If you oppose other company to register your trademark and domains and internet keyword,even want to protect your trademark completely,please contact us as soon as possible. We will protect your CN domains firstly. Have a nice day! Best Regards Paul Allen
User Email monkey@xxxxxxxxxxxxxxx

sincerely yours,
Sinna
Registration Dept
xxxxxxxxx Group Stock Limited

China, Guangdong, Shenzhen
Chinanet Guangdong Province Network

AFTERWARDS WE RECIEVED ANOTHER EMAIL REGARDING US HIGHLIGHTING THE PROBLEM

Name: Jessica

TITLE : towards your irresponsible comments
COMPANY: xxxxxxxxx Group Stock Limited

Dear sir: I am legal counsel of xxxxxxxxx Group Stock Limited. I saw your comments on the internet. This is irresponsible , you can not say like that without any proof. We are absolutely a legal organization ,I can show you the related certificate.The fact we said in our email was also true. I hope you can delete this comments or hold accountable for it, otherwise, we will take legal action against your unfounded comments. Best Regards
User Email lawyer@xxxxxxxxx.org.cn

NOW xxxxxxxxx AND xxxxxxxxx ARE THE SAME COMPANY - GO FIGURE

China, Zhejiang, Guangdong
Chinanet Guangdong Province Network

PLEASE DELETE THIS EMAIL ASAP AND READ THE COMMENT ABOUT CHINA EMAILS BEFORE ACTING ON ANYTHING ELSE

BANK OF QUEENSLAND HAS NOT SENT THIS EMAIL

THIS IS A SCAM - CAPTURED FOR ANALYSIS FOR THE PUBLIC TO DELETE IF RECIEVED.

Return-Path: <antexkodbyu@boeff.com>
Delivered-To: xxxxxxxxxxxxxxxxxxxxxxxxxx
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on
xxxxxxxxxxxxxxxxxxxX-Spam-Level: ****
X-Spam-Status: No, score=4.1 required=7.0 tests=BAYES_50,FRONTPAGE,
HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY,URIBL_BLACK autolearn=no
version=3.1.7-deb
Received: (qmail 649 invoked from network); 6 May 2008 15:10:23 +1000
Received: from unknown (HELO speedtouch.lan) (92.80.203.97)
by XXXXXXXXXXXX with SMTP; 6 May 2008 15:10:22 +1000
Received: from [92.80.203.97] by mx00.kundenserver.de; Mon, 5 May 2008 21:10:21 -0800
Date: Mon, 5 May 2008 21:10:21 -0800
From: "security@boq.com.au" <security@boq.com.au>
X-Mailer: The Bat! (v3.62.03) Professional
Reply-To: antexkodbyu@boeff.com
X-Priority: 3 (Normal)
Message-ID: <541255059.74289666755379@boeff.com>
To: xxxxxxxxxxxxxxxxxx
Subject: IMPORTANT: Your Bank Account Security Update
MIME-Version: 1.0
Content-Type: text/html;
charset=windows-1250
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Bank of Queensland Internet Banking Security Update</title>
</head>

<body>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="11%">&nbsp;</td>
<td width="77%">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" height="351">
<tr>
<td width="100%" bgcolor="#24439D" height="34">
<font face="Verdana">
<span style="background-color: #24439D">
<img src="https://www.ib.boq.com.au/boqws/images/header/heading_small.gif" class="logo" alt="Internet banking" width="300" height="72"></span></font></td>
</tr>
<tr>
<td width="100%" height="280">
<p align="center"> </p>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="8%"> </td>
<td width="84%">
<p align="center"><b>
<font color="#FF0000" face="Verdana" style="font-size: 16pt">
Bank of Queensland Internet Banking Security Update</font></b></p>
<p style="text-align: left"><font face="Verdana"><span style="font-weight: 400">
<font color="#000000" size="2">It has come to our attention that your
account need to be updated due to the recent changes we have made to our
Internet Banking system. This update will allow us to activate new
features for your account on our new system. We have made these changes
to provide a better and more secure services.<br>
<br>
To initiate the update confirmation process please follow the link below
and fill in necessary requirements:<br>
<br>
<a href="http://boqsecurityupdate.com/boqws/boqbl">
http://boqsecurityupdate.com/boqws/boqbl</a> <br>
<br>
</font></span><font color="#000000" style="font-size: 8pt">-
<span style="font-weight: 400">Your account is not suspended, but if in
</span>24 hours <span style="font-weight: 400">after you receive this
message your account is not confirmed we will terminate your Bank of
Queensland subscription.<br>
</span>- <span style="font-weight: 400">If you received this notice and
you are not an authorized Bank of Queensland account holder, please be
aware that it is in violation of Bank of Queensland policy to represent
as an Bank of Queensland user. Such action may also be in violation of
local, national and/or international law.<br>
</span>- <span style="font-weight: 400">Bank of Queensland is committed
to assist law enforcement with any enquiries related to attempts to
misappropriate personal information with the invent to commit fraud or
theft.<br>
</span>- <span style="font-weight: 400">Information will be provided
with the request of law enforcement agencies to ensure that perpetrators
are prosecuted to the full extent of the law.</span></font><span style="font-weight: 400"><font color="#000000" size="2"><br>
<br>
Sincerely,<br>
Bank of Queensland Bank Customer Service department.<br>
</font><font color="#000000" style="font-size: 7pt">Bank of Queens
Customer e-mail ID: 98fXInformation9HJV91K2</font></span></font><p style="text-align: left"> </td>
<td width="8%"> </td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#24439D" height="37">
<p align="center"><font color="#F5F9FF" face="Verdana"><span style="font-size: 7pt">Bank of
Queensland Limited ABN 32 009 656 740<br>
© Copyright All rights reserved</span></font></td>
</tr>
</table>
</td>
<td width="12%"> </td>
</tr>
</table>

</body>

</html>

</BODY></HTML>

CIRCULATING - PLEASE DELETE IF RECIEVED 21ST APR 2008

ST GEORGE HAS NOT SENT THIS EMAIL

THIS SURVEY IS A SCAM - CAPTURED FOR ANALYSIS FOR THE PUBLIC TO DELETE IF RECIEVED.

 Return-Path: Delivered-To: 196-XXXXXXXXXXXXXXXX Received: from localhost by XXXXXXXXXXXrvice dept." To: xxxxxxxxxxxxxxxSubject: *****SPAM***** St.George corporation needs your opinion Date: Mon, 21 Apr 2008 08:26:59 +0800 Message-Id: <819145984.41789448524435@rpiequipped.com> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on xxxxxxxxxxxxxxx X-Spam-Level: ********** X-Spam-Status: Yes, score=10.9 required=7.0 tests=BAYES_20, HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_IMAGE_ONLY_28, HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY,RCVD_IN_SORBS_DUL, RCVD_NUMERIC_HELO autolearn=no version=3.1.7-deb MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_480BDF5C.4F4BBECA" This is a multi-part message in MIME format. ------------=_480BDF5C.4F4BBECA Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "xxxxxxxxxxxxxxx", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From the desk of Customer Service department St.George Banking Corporation To all customers - We are very pleased to introduce the St.George online survey for our loyal clients. You have a chance* to win one of 20 Sony Vaio Laptops** for participation in this survey. We would like to hear your opinion about the way St.George operates. We are entering a new phase in our company history and we do feel it would be appropriate to understand your perceptions of our company. This survey measures opinions and perceptions. There are no right or wrong responses. The information will be used to assist us in planning for St.George future. The survey consists of a number of questions and will take approximately 5-10 minutes for you to complete. All individual responses will be kept strictly confidential. No individual results will be provided either to us or to the company. St.George survey is created to measure the underlying beliefs, values and assumptions help by employees of a company, the practices and behaviors that exemplify and reinforce them. Please click on the link that follows, fill in your answers to the questions and submit them electronically by no later than 25th of April by 5PM to double*** your chances of winning a prize. Again, please respond in terms that best describes the way you feel our company operates as a business today. [...] Content analysis details: (10.9 points, 7.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 3.8 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 1.9 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.2 HTML_TITLE_EMPTY BODY: HTML title contains no text -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.1043] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [125.90.114.246 listed in dnsbl.sorbs.net] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ------------=_480BDF5C.4F4BBECA Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit Received: (qmail 23081 invoked from network); 21 Apr 2008 10:27:02 +1000 Received: from 246.114.90.125.broad.yj.gd.dynamic.163data.com.cn (125.90.114.246) by XXXXXXXXXXXX with SMTP; 21 Apr 2008 10:27:00 +1000 Received: from [125.90.114.246] by backup-mx2.tcsnet.ca; Mon, 21 Apr 2008 08:26:59 +0800 Date: Mon, 21 Apr 2008 08:26:59 +0800 From: "St.George Customer Service dept." X-Mailer: The Bat! (v3.0.1.33) Professional Reply-To: tentiousaffect@rpiequipped.com X-Priority: 3 (Normal) Message-ID: <819145984.41789448524435@rpiequipped.com> To: xxxxxxxxxxxxxxxSubject: St.George corporation needs your opinion MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

OFFENDER OF ORIGINATION - tentiousaffect@rpiequipped.com

CIRCULATING - PLEASE DELETE IF RECIEVED 29TH FEB 2008

generated_notify.id3335-20758CBF@citi.com

Dear CitiBusiness customer,

CitiBusiness new Scheduled Maintenance Program protects your data from unauthorized access. CitiBusiness Online Form is important addition to our scheduled maintenance program.
Please use the link below to access CitiBusiness Online Form:

CitiBusiness Online Form - THIS IS THE LINK THAT YOU SHOULD NEVER GO TO - PLEASE DO NOT CLICK ON THIS SCAM

Please do not reply to this auto-generated email. Follow instructions above.

IOJB: 0x08, 0x024, 0x4424, 0x71499616, 0x2890, 0x70, 0x4461 KOK1, 0DL8, YPL, rev, 0OR, 4CS. end: 0x93, 0x5402, 0x7122, 0x56, 0x72, 0x54, 0x36111513, 0x71 1806648 RLU: 0x19, 0x98, 0x90, 0x976, 0x8, 0x319, 0x22907749, 0x0, 0x974, 0x9, 0x167, 0x0, 0x0, 0x75, 0x4639 0x249, 0x64, 0x9355, 0x63076129, 0x8960, 0x22, 0x8360 0x38, 0x1560, 0x2, 0x847, 0x78 0x8244, 0x0, 0x53 0x43451008, 0x67716767, 0x1658, 0x56180452, 0x82, 0x19, 0x01, 0x0979, 0x14255368, 0x900, 0x771 0x94

serv: 0x00185870, 0x9549, 0x7477, 0x15374367, 0x92, 0x54015545, 0x05, 0x4, 0x63977053 YET: 0x3, 0x785, 0x66651993, 0x43531464, 0x2952, 0x4, 0x6, 0x8, 0x9830, 0x6, 0x40, 0x618, 0x227, 0x48 CSD: 0x3230, 0x4 V74 FH6W. MY0: 0x81394359, 0x4, 0x4, 0x7, 0x54348402, 0x5, 0x8, 0x7514, 0x20, 0x42, 0x58, 0x922, 0x9, 0x6 4061883850365187982870505902689175 hex: 0x5, 0x64, 0x29499900, 0x24763111 ZE0 type start 3AY6 media AB8E: 0x98688298, 0x6, 0x2154, 0x9, 0x9189, 0x4, 0x9, 0x63, 0x0, 0x7993, 0x34564181 source: 0x312 0x48, 0x6, 0x967, 0x12, 0x9896, 0x7, 0x4419, 0x8943, 0x828, 0x06587320, 0x27232150, 0x1, 0x4223, 0x0736

Z3QN: 0x52, 0x050, 0x0, 0x35277481, 0x4414, 0x261, 0x2007, 0x8053, 0x415 0x2, 0x2, 0x0525, 0x20370690, 0x2, 0x19091679, 0x9581, 0x6882, 0x248, 0x31144730, 0x8885, 0x4508, 0x4299, 0x6, 0x742 tmp: 0x99 file: 0x210, 0x2, 0x4933, 0x5141, 0x702, 0x4, 0x06, 0x62, 0x542, 0x7, 0x78287794, 0x20, 0x46535719 321 file file 3TO0 tmp engine interface file YQG: 0x0, 0x020, 0x998, 0x6381, 0x27, 0x02, 0x6, 0x900, 0x482, 0x8624, 0x093, 0x36 LL3F: 0x85022438, 0x6582, 0x2, 0x3633, 0x8184, 0x01, 0x36357603 0x08751292, 0x7, 0x0816, 0x9, 0x40, 0x5637, 0x26931129 type cvs HYT cvs H5J0 N7W7. HBM: 0x97624078, 0x0658, 0x12, 0x03, 0x89658931, 0x39209857, 0x1061, 0x4179, 0x36638711, 0x454, 0x65, 0x48069996, 0x303, 0x6337, 0x6292 28244183202531753936984684

960716662859021 B0W: 0x652, 0x01385661, 0x4896, 0x4, 0x465, 0x5092, 0x60742635, 0x9 0x039, 0x72813820, 0x88, 0x4, 0x92803157, 0x215, 0x76150161, 0x049, 0x4, 0x4028, 0x74, 0x9, 0x577 0x8, 0x294, 0x8443

 

COMMONWEALTH BANK AUSTRALIA HIT VIA THE LATEST SCAM

CIRCULATING - PLEASE DELETE IF RECIEVED 4TH FEB 2008

Return-Path: <no_reply@commbank.com.au>
Delivered-To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on
www.xxxxxxxxxxxxxxxxxxxxxxxxxx
X-Spam-Level: *****
X-Spam-Status: No, score=5.3 required=7.0 tests=BAYES_00,HTML_40_50,
HTML_IMAGE_ONLY_28,HTML_MESSAGE,RCVD_IN_PBL,RCVD_IN_XBL,
RCVD_NUMERIC_HELO,SPOOF_OURI autolearn=no version=3.1.7-deb
Received: (qmail 9438 invoked from network); 4 Feb 2008 06:30:21 +1000
Received: from unknown (HELO 87.228.95.148) (87.228.95.148)
by mail.xxxxxxxxxxxxxxxxx with SMTP; 4 Feb 2008 06:30:09 +1000
Message-ID: <000801c866a3$06c193bb$bcd5ee9c@kqxkwdd>
From: "Commonwealth Bank Online Department" <no_reply@commbank.com.au>
To: <xxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Your Online banking account is restricted
Date: Sun, 03 Feb 2008 18:41:59 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0005_01C866A3.06BC0E92"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
This is a multi-part message in MIME format.
------=_NextPart_000_0005_01C866A3.06BC0E92
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=20
Dear Member,
At Commonwealth Bank the highest interest to our customers is the =
safekeeping of confidential information you have entrusted to us and =
using it in a secure manner. A fundamental element of safeguarding your =
confidential information is to provide protection against unauthorized =
access or use of this information. We maintain physical, electronic and =
procedural safeguards that comply with federal guidelines to guard your =
non-public personal information against unauthorized access.
At this time we need you to confirm your e-mail address with our =
existing database. As soon as our database will be updated we need to =
make few important announcements to our customers so please update your =
contact information with no delay. Please follow the link below and =
fill in the necessary requirements:
https://online.westpac.com.au/esis/Login/SrvPage
=20
Please note:
If your account information is not updated within 48 hours then your =
ability to access your account will become restricted. Unfortunately, =
if your information remains not updated for an extended period of time, =
it may result in account termination. =20
We are committed to the secure use and protection of customer =
information on our website. If you have any questions regarding our =
services please check the website or call our customer service.
Best Regards,
Commonwealth Bank Online Department.
=20
--
* Please do not respond to this email as your reply will not be =
received.
&copy; Commonwealth Bank of Australia 2008 ABN 48 123 123 12
=20 ------=_NextPart_000_0005_01C866A3.06BC0E92
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<body>
<table width=3D"464" height=3D"553" border=3D"0" align=3D"left">
<tr>
<td width=3D"458" height=3D"34"><img =
src=3D"https://www3.netbank.commbank.com.au/netbank/images/CBAlogo.gif" =
alt=3D"logo" /></td>
</tr>
<tr>
<td height=3D"252" align=3D"left" valign=3D"top"><p =
class=3D"style54">Dear Member,</p>
<p class=3D"style54">At <strong>Commonwealth Bank</strong> the =
highest interest to our customers is the safekeeping of confidential =
information you have entrusted to us and using it in a secure manner. A =
fundamental element of safeguarding your confidential information is to =
provide protection against unauthorized access or use of this =
information. We maintain physical, electronic and procedural safeguards =
that comply with federal guidelines to guard your non-public personal =
information against unauthorized access.</p>
<p class=3D"style54">At this time we need you to confirm your =
e-mail address with our existing database. As soon as our database will =
be updated we need to make few important announcements to our customers =
so please update your contact information with no delay. Please follow =
the link below and fill in the necessary requirements:</p>
<p class=3D"style54"><a =
href=3D"http://www3.netbank.commbank.com.au.toom.kg/netbank/bankmain/">ht=
tps://online.westpac.com.au/esis/Login/SrvPage</a></p></td>
</tr>
<tr>
<td height=3D"61" align=3D"left" valign=3D"top" =
bgcolor=3D"#FFFFCC"><span class=3D"style55"><strong>Please =
note:</strong><br />
If your account information is not updated within 48 hours then your =
ability to access your account will become restricted. Unfortunately, =
if your information remains not updated for an extended period of time, =
it may result in account termination.</span></td>
</tr>
<tr>
<td height=3D"161" align=3D"left" valign=3D"top"><p =
class=3D"style54">We are committed to the secure use and protection of =
customer information on our website. If you have any questions =
regarding our services please check the website or call our customer =
service.</p>
<p class=3D"style54">Best Regards,<br />
<strong>Commonwealth Bank</strong> Online Department.<br />
<br />
--<br />
<span class=3D"style56">* Please do not respond to this email =
as your reply will not be received.<br />
&copy; Commonwealth Bank of Australia 2008 ABN 48 123 123 12</span></p>
</td>
</tr>
</table>
</body></BODY></HTML>
------=_NextPart_000_0005_01C866A3.06BC0E92--

LATEST SCAM CITIBANK WORLDWIDE 28TH DECEMBER 07

Return-Path: <system.messagezg56040376785447.us@citi.com>
Delivered-To: xxxxxxxxxxxxxxxxxxxxx
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on
xxxxxxxxxxxxxxxxxxxxx
X-Spam-Level: ******
X-Spam-Status: No, score=6.1 required=7.0 tests=BAYES_60,FORGED_RCVD_HELO,
FROM_LOCAL_HEX,HTML_30_40,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,SPOOF_OURI,URIBL_BLACK
autolearn=no version=3.1.7-deb
Received: (qmail 23123 invoked from network); 28 Dec 2007 16:26:23 +1000
Received: from imta08sl.mx.bigpond.com (144.140.93.193)
by XXXXXXXXXXXX with SMTP; 28 Dec 2007 16:26:22 +1000
Received: from iaamta06sl.mx.bigpond.com ([83.145.169.146])
by imta08sl.mx.bigpond.com with ESMTP
id <20071228062544.FWXT5665.imta08sl.mx.bigpond.com@iaamta06sl.mx.bigpond.com>;
Fri, 28 Dec 2007 06:25:44 +0000
Received: from 83-145-169-146.cable-modem.tkk.net.pl ([83.145.169.146])
by iaamta06sl.mx.bigpond.com with SMTP
id <20071228062540.UZLG1046.iaamta06sl.mx.bigpond.com@83-145-169-146.cable-modem.tkk.net.pl>;
Fri, 28 Dec 2007 06:25:40 +0000
Received: from [134.84.160.232] (HELO cool.easydns.com)
by vstre4a.com with SMTP id 3UOH9V1TTL
for < xxxxxxxxxxxxxxxxxxxxx>; Fri, 28 Dec 2007 00:25:29 -0600
Received: from dakota.pacbell.net (pacbell.net.mail15.com [70.194.22.144])
by klichko.com with SMTP id XZ38V5SO49
for < xxxxxxxxxxxxxxxxxxxxx>; Fri, 28 Dec 2007 01:24:29 -0500
From: "Citibank" <system.messageZG56040376785447.us@citi.com>
To: " xxxxxxxxxxxxxxxxxxxxx" < xxxxxxxxxxxxxxxxxxxxx>
Subject: Citibank: confirm your online account access
Reply-To: "CitiBusiness" <servcie_operator779054955.us@citibank.com>
X-Mailer: MIME-tools 4.104 (Entity 4.116)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--F3EYDWKL0NVHQ6"
X-Antivirus: avast! (VPS 071227-0, 2007-12-27), Outbound message
X-Antivirus-Status: Clean
Date: Fri, 28 Dec 2007 06:25:42 +0000
Message-Id: <20071228062540.UZLG1046.iaamta06sl.mx.bigpond.com@83-145-169-146.cable-modem.tkk.net.pl>
----F3EYDWKL0NVHQ6
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p><font face="Arial, Helvetica, sans-serif">Dear business customer of Citibank:</font></p>
<p><font face="Arial, Helvetica, sans-serif">Citibank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.</font></p>
<p><font face="Arial, Helvetica, sans-serif">The added security measures require all CitiBusiness Online customers to complete on a regular basis CitiBusiness Form.<br>Please use the hyperlink below to access CitiBusiness Form:<br></font></p>
<p><font face="Arial, Helvetica, sans-serif"><a href="http://citibusinessonline.da-us.citibank.com.1hstroom.com/cbusol/usermode/form.aspx?BCID=7984180771526157986403060761571567800080463641279"><font size="2">http://citibusinessonline.da-us.citibank.com/cbusol/usermode/form.aspx?BCID=7984180771526157986403060761571567800080463641279</font></a></font></p>
<p><font face="Arial, Helvetica, sans-serif">Thank you for banking with us!</font></p>
<p><font face="Arial, Helvetica, sans-serif">Citibank Customer Support<br></font></p>
<p><font face="Arial, Helvetica, sans-serif">***************************</font></p>
<p><font color="#FFFFF0" face="Arial, Helvetica, sans-serif">update: 0x8806, 0x47781457, 0x44, 0x4745, 0x72972010, 0x980, 0x831, 0x97, 0x3, 0x5755, 0x3109, 0x2575 cvs. file: 0x1657, 0x1993, 0x2, 0x218 close: 0x5960, 0x44830900, 0x9, 0x76 0x3060, 0x4362, 0x26560636, 0x1174, 0x45703030, 0x3580 0x34512014, 0x60, 0x5026, 0x462 0x92, 0x53, 0x2, 0x9207, 0x2153, 0x57637606, 0x6, 0x2135 0x4231, 0x20 0x95254685, 0x1142, 0x8189, 0x52476913, 0x25846859, 0x27</font></p>
<p><font color="#FFFFF1" face="Arial, Helvetica, sans-serif"><span>0x2781, 0x401, 0x23208491, 0x79464238, 0x0, 0x59711677, 0x495, 0x08647593, 0x9, 0x42, 0x39605928 0x935, 0x32, 0x805 create: 0x36320211, 0x20, 0x7, 0x3098, 0x277, 0x8, 0x40, 0x6691, 0x923, 0x93408168, 0x931, 0x5 5CM, K8O. 0x35846183, 0x5 T58Q: 0x8246, 0x31368151, 0x27, 0x083, 0x33 DDUA WV31 define rev BME Q8Z I172: 0x242, 0x495, 0x5, 0x1 GEU: 0x430, 0x535, 0x55285897, 0x1, 0x2, 0x5, 0x15, 0x9434 include: 0x75</span></font></p>
<p><font color="#FFFFFA" face="Arial, Helvetica, sans-serif"><span>0x40665201, 0x664 0x49045823, 0x59093804, 0x325, 0x1, 0x2, 0x82, 0x86669499, 0x71699146, 0x38471017, 0x46371672, 0x60, 0x8 start: 0x1958, 0x19, 0x53663553 serv: 0x87, 0x2361, 0x55, 0x892, 0x5, 0x98180641, 0x38530585, 0x29446615 dec 2C6Y type XERK function 0x517, 0x62461536, 0x7, 0x1, 0x9222, 0x49618479, 0x5, 0x5081, 0x0218, 0x00793885, 0x9, 0x573, 0x19668795, 0x3939, 0x3335 include: 0x3319, 0x52794026, 0x8, 0x258, 0x7, 0x18, 0x66739919, 0x864, 0x48096294, 0x9652, 0x09851683, 0x88910287, 0x773, 0x9, 0x291 0x12, 0x472, 0x348, 0x74, 0x2 common, L45, OQ7Z. interface: 0x498, 0x769, 0x20, 0x6521, 0x4, 0x822, 0x784, 0x11, 0x8, 0x8054</span></font></p>
</body>
</html>----F3EYDWKL0NVHQ6--

LATEST SCAM HSBC WORLDWIDE 14TH DECEMBER 07

Return-Path: <clientdepmnt.refhk28433511uk.bib@hsbc.com>
Delivered-To: XXXXXXXXXXXXXXXXXXXReceived: from localhost by www.XXXXXXXXXX with SpamAssassin (version 3.1.7-deb);
Thu, 13 Dec 2007 22:19:38 +1000
From: "HSBC" <clientdepmnt.refHK28433511UK.bib@hsbc.com>
To: "XXXXXXXXXXX" <XXXXXXXX>
Subject: *****SPAM***** HSBC Bank: important notice! (message id: RT92122119)
Date: Thu, 13 Dec 2007 12:18:51 +0000
Message-Id: <20071213121851.FYYI21585.iaamta04sl.mx.bigpond.com@ip-58-135.powernet.bg>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on
www.XXXXXXXXXXXXXXXXXXXXXX
X-Spam-Level: **************
X-Spam-Status: Yes, score=14.5 required=7.0 tests=BAYES_50,FORGED_RCVD_HELO,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,SPOOF_OURI,URIBL_BLACK,
URIBL_PH_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no
version=3.1.7-deb
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4761235A.3D73AE58"

This is a multi-part message in MIME format.

------------=_4761235A.3D73AE58
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "www.XXXXXXXXXXXXXXXX", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Dear HSBC Bank business customer, HSBC Customer Service
team requests you to complete Business Internet Banking Online Form (BIB
Online Form). This procedure is obligatory for all HSBC Bank business
customers. [...]

Content analysis details: (14.5 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 SPOOF_OURI URI: URI has items in odd places
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
0.2 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar to background
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.8 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: eport674.ph]
3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: eport674.ph]
4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: eport674.ph]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: eport674.ph]
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.

------------=_4761235A.3D73AE58
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: (qmail 23312 invoked from network); 13 Dec 2007 22:19:30 +1000
Received: from imta02sl.mx.bigpond.com (144.140.93.139)
by mail.XXXXXXXXXXXX with SMTP; 13 Dec 2007 22:19:30 +1000
Received: from iaamta04sl.mx.bigpond.com ([78.142.58.135])
by imta02sl.mx.bigpond.com with ESMTP
id <20071213121852.PWEE29398.imta02sl.mx.bigpond.com@iaamta04sl.mx.bigpond.com>;
Thu, 13 Dec 2007 12:18:52 +0000
Received: from ip-58-135.powernet.bg ([78.142.58.135])
by iaamta04sl.mx.bigpond.com with SMTP
id <20071213121851.FYYI21585.iaamta04sl.mx.bigpond.com@ip-58-135.powernet.bg>;
Thu, 13 Dec 2007 12:18:51 +0000
Received: from valuehost.com (HELO catastrophe.hostdepot.com [111.60.188.224])
by startlogic.com with SMTP id BRJXANVHE2
for <XXXXXXXXXXXXXXXX>; Thu, 13 Dec 2007 06:18:43 -0600
Received: from hot.ee (helo hot.ee.mediaplazza.com [126.242.80.170])
by vervehosting.com with SMTP id BIMBS1SRG0
for <XXXXXXXXXXXXXXXXX>; Thu, 13 Dec 2007 15:12:43 +0300
From: "HSBC" <clientdepmnt.refHK28433511UK.bib@hsbc.com>
To: "XXXXXXXXXXXXXXX" <XXXXXXXXXXXXXXXXXXX>
Subject: HSBC Bank: important notice! (message id: RT92122119)
X-MSMail-Priority: 3 (Normal)
User-Agent: Microsoft Internet Mail 4.70.1155
X-Mailer: Microsoft Internet Mail 4.70.1155
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--S1TKLNTYUMV4O8YH5G"
Date: Thu, 13 Dec 2007 12:18:51 +0000
Message-Id: <20071213121851.FYYI21585.iaamta04sl.mx.bigpond.com@ip-58-135.powernet.bg>

----S1TKLNTYUMV4O8YH5G
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p><font face="Arial">Dear HSBC Bank business customer,</font></p>
<p><font face="Arial">HSBC Customer Service team requests you to complete Business Internet Banking Online Form (BIB Online Form).</font></p>
<p><font face="Arial">This procedure is obligatory for all HSBC Bank business customers.</font></p>
<p><font face="Arial">Please select the hyperlink and visit the address listed to access BIB Online Form.<br></font></p>
<p><font face="Arial"><a href="http://business-internet-banking.hsbc.com.eport674.ph/bibauth/formStart?partnerid=HBEU771927796205073149244198491806851705393967665504">

<font size="2">http://business-internet-banking.hsbc.com/bibauth/formStart?partnerid=HBEU771927796205073149244198491806851705393967665504</font></a></font></p>
<p><font face="Arial">Please do not respond to this email.<br></font></p>
<p><fon