2014-03-31 - Another FTC Scam Alert

FTC shuts down multi-million dollar phone scam by Colleen Tressler Consumer Education Specialist What do you say to a group of thieves that steal more than $20 million from tens of thousands of older consumers? The FTC says, “Gotcha!” Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

10 Tips For Android Security

From CSO Online:

10 Tips For Android Security

2013-03-31 - FTC Scam Alert

Helping victims of the Washington State mudslide — Make sure your donations count by Colleen Tressler Consumer Education Specialist When disaster strikes, you can be sure that scam artists will be close behind. The latest example is the massive mudslide in Oso, Washington. Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

HHS Data Breach Wall of Shame

Here's a website you never want to see your SMB listed on.

Dept. Health & Human Services: Data Breaches Affecting 500 or More Individuals

2014-03-31 Link of the Day: SANS Mobile Device Checklist

SMB's rely on their mobile devices to stay connected.  This reliance creates a new attack vector for cybercriminals.  The SANS Institute has developed a checklist to help mitigate the growing risks associated with mobile device use.

SANS Mobile Device Checklist

Special thanks to Ed Skoudis (@edskoudis) for this mornings tweet on this.

 

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

 

2014-03-26 Link of the Day: Protecting Your Mid-Size Business from Today’s Security Threats

This free eBook from Network World and HP explains the methods used by attackers and why your SMB should take cyber security seriously. 

Protecting Your Mid-Size Business from Today’s Security Threats

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Employee with Minnesota-based insurer risks data of 38K members

From SC Magazine:

Employee with Minnesota-based insurer risks data of 38K members

Repeat after me:

I WILL NEVER ALLOW EMPLOYEES TO TAKE HOME PERSONALLY IDENTIFIABLE INFORMATION!!!

I WILL NEVER ALLOW EMPLOYEES TO TAKE HOME PERSONALLY IDENTIFIABLE INFORMATION!!!

I WILL NEVER ALLOW EMPLOYEES TO TAKE HOME PERSONALLY IDENTIFIABLE INFORMATION!!!

Microsoft releases Fix It tool for Word 2010 vulnerability

Microsoft has released a tool to prevent .rtf formatted documents from opening in Word.  This appears to be a stop gap measure until an official update is released.

Microsoft Security Advisory (2953095) - Vulnerability in Microsoft Word Could Allow Remote Code Execution

MS Fix It solution

Microsoft Word 2010 0-day vulnerability being actively exploited

This goes hand in hand with my earlier post, 2014-03-25 Phishing Scam Alert, which included a text file (.txt) attachment.  Attackers can easily hide the correct file extension to make things appear to be a different file type.

By default Microsoft turns on "Hide extensions for known file types".  If this is enabled the true file extension is not displayed.  In other words, "Malicious File Attachment.txt.rtf" will be displayed to the user as "Malicious File Attachment.txt".  However when the file will open in Word because it is a Rich Text Format (.rtf) file.

Now for the alert which is being actively exploited in the wild:

Microsoft Releases Security Advisory

2014-03-25 Phishing Scam Alert

Wow, I'm entitled to compensation from the UN.  Who would've guessed?  This one came with an attachment titled "UN COMPENSATION FOR VICTIMS.txt".

===== Begin Phishing Email =====

Subject: RE: REPLY TO YOUR QUESTIONS

KINDLY GO THROUGH THE ATTACHMENT TO SEE THE CATEGORY YOU FALL INTO AS WE WANT YOU TO GET ALL YOU HAVE SPENT BACK NOW.

REGARDS,

MIKE

===== Begin Header Info =====

Return-path: <infoweb747@yahoo.co.nz>
Received: from mindseye-marketing.com ([unknown] [217.147.94.54])
 by vms172059.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <0N2Y00JKGJ35HH10@vms172059.mailsrvcs.net> for
 <recipient_address_omitted>; Mon, 24 Mar 2014 15:18:41 -0500 (CDT)
Received: from User (unknown [41.138.188.229]) by mindseye-marketing.com
 (Postfix) with ESMTPA id 9BCF088B9AB; Mon, 24 Mar 2014 20:28:45 +0000 (GMT)
Date: Mon, 24 Mar 2014 21:18:39 +0100
From: "MIKE"<infoweb747@yahoo.co.nz>
Subject: RE: REPLY TO YOUR QUESTIONS
X-Originating-IP: [217.147.94.54]
Reply-to: <frankbia@qq.com>
Message-id: <0N2Y00JKJJ35HH10@vms172059.mailsrvcs.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: multipart/mixed; boundary="Boundary_(ID_EmuTymv+ioSYNqS00skCvA)"
X-Priority: 3
X-MSMail-priority: Normal
Original-recipient: rfc822;<recipient_address_omitted>

Sources: Credit Card Breach at California DMV

Breaking News from Brian Krebs:

Sources: Credit Card Breach at California DMV

2014-03-24 Link of the Day: Introduction to Computer Security - Information Security Lesson #1 of 12

Here is the first video in a series by Dr. Daniel Soper that will benefit technical and non-technical users alike.

Introduction to Computer Security - Information Security Lesson #1 of 12

Dr. Soper does a very good job of explaining the basics of cyber security in an easily understandable manner.  Addressing topics such as threats posed by hardware failure, identifying and classifying data and assets, threats vs vulnerabilities, the CIA triad and so on.  If you're concerned about security in your SMB please invest some time in this video series.

Ex-Microsoft employee arrested, accused of stealing Windows RT, product activation secrets

From Network World:

Ex-Microsoft employee arrested, accused of stealing Windows RT, product activation secrets

With the epic failure of Windows 8.x Microsoft should be promoting this guy.  Considering rumors have been circling that they are going to make Windows 8.1 free for everyone this guy was helping them out.

Disclaimer: I in no way, shape or form advocate software piracy.  However considering how poorly the adoption rate for Windows 8.x has been giving it away may be the only way Microsoft can get people and organizations to use it.

FTC Scam Alert #2

Dialing for Dollars by Jennifer Leach Consumer Education Specialist, FTC There’s a new scam going around – and if your family name is from South Asia, there’s a chance you already know about it. If the scam sounds familiar, that’s because it’s been around for years, targeting one group, then another. Right now, the people being targeted seem to be from India and Pakistan; tomorrow: who can say? Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

---

This email was sent to <recipient_address_omitted> using GovDelivery, on behalf of: Federal Trade Commission · 600 Pennsylvania Ave., NW · Washington, DC 20580 · 1-877-382-4357

FTC Scam Alert #1

Mind your business (opportunity) by Lisa Lake Consumer Education Specialist, FTC Many people dream about being their own boss. Controlling their own schedule, running things their way, and being in charge of their own earning potential? What’s not to love? Chasing that dream wisely, though, means knowing the difference between a legitimate opportunity and a scam. Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

---

This email was sent to <recipient_address_omitted> using GovDelivery, on behalf of: Federal Trade Commission · 600 Pennsylvania Ave., NW · Washington, DC 20580 · 1-877-382-4357

 

2014-03-18 Link of the Day: Get Cyber Safe Canada

The Canadian government has put together an excellent web site for cyber security.  The site, Get Cyber Safe, offers a wealth of information on how to protect your SMB.  It also has great resources for home users.

Get Cyber Safe Canada

Get Cyber Safe Guide for Small and Medium Businesses

Latest email scam

If you receive an email from yourself that you didn't send it's a scam.  This is called email spoofing.  In this economy preying on the unemployed nauseates me.

===== Begin Scam Email =====

We are offering a shipping manager assistant position.

We are offering a distant job.

The job routine will take 2-3 hours per day and requires absolutely no investment.

You will work with big shops, suppliers, factories all around the States.

The communication line will flow between you and your personal manager, you will receive orders via email and phone, and our trained manager will be with you while every step to help you to work out first orders and answer any questions which may appear.

The starting salary is about ~2800 USD per month + bonuses.

You will receive first salary in 30 days after you will successfully complete your first task.

When the first working month will be over you will have a right to receive salary every 2 weeks.

The bonuses are calculated on the very last working day of each month, and paying out during a first week of the next month.

We will accept applications this week only!

To proceed to the next step we should register you in HR system so we will need a small piece of your personal information.

Please fill in the fields:

Full name:

Your Contact phone number:

Your email address :

City of residence :

We need your personal information to create HR file only, it will stay secure on the separate server till the moment it will be deleted (which take place every 2 days), and only HR people will have access to it.

Please send your answer to my secured email Kristine@usasodexo.com  I will reply you personally as soon as possible.

Sincerely,

Kristine Dillon

===== Begin Header Info =====

Return-path: <oftenestrr10@google.com>
Received: from bro67-1-81-56-100-130.fbx.proxad.net ([unknown] [81.56.100.130])
 by vms172083.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <0N2J00F2FKZ1E600@vms172083.mailsrvcs.net> for
 <recipient_address_omitted>; Sun, 16 Mar 2014 13:35:41 -0500 (CDT)
Received: from apache by pcbiphpgpagajh.regallager.com with local (Exim 4.67)
 (envelope-from <<sender_address_same_as_recipient_and_omitted>>)
 id 4UV2WA-YX1UC7-8X for <recipient_address_omitted>; Sun,
 16 Mar 2014 19:41:07 +0100
Date: Sun, 16 Mar 2014 19:41:07 +0100
From: <sender_address_same_as_recipient_and_omitted>
Subject: Manager position
X-Originating-IP: [81.56.100.130]
X-Sender: <sender_address_same_as_recipient_and_omitted>
To: <recipient_address_omitted>
Message-id: <5A3TKY-0PTIRR-JB@pcbiphpgpagajh.regallager.com>
MIME-version: 1.0
X-Mailer: PHP
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
X-Priority: 1
X-PHP-Script: pcbiphpgpagajh.anbid.com.br/sendmail.php for 81.56.100.130
Original-recipient: rfc822;<recipient_address_omitted>

Phishing: How many take the bait

I found this on Canada's Get Cyber Safe web site.  The full site will be posted as tomorrow's LOTD but in the mean time this infographic illustrates just how successful phishing campaigns are. Click the image for the full size version. 

After looking at this you should start thinking about educating your employees about how to spot and avoid phishing scams.

2014-03-17 Link of the Day: Group Policy Inventory (GPInventory.exe)

While browsing Microsofts download section I came across this tool:

Group Policy Inventory (GPInventory.exe)

Per Microsoft - Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network.

The Group Policy Inventory has an easy to use interface.  It also offers a range of useful queries such as; a number of RSOP queries, OS info, service packs/hotfixes installed, shares on the system, startup programs (very useful for detecting malware), memory, disk space ...  I'm sure security professionals and administrators will find this application to be a valuable tool.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Sophisticated scam targeting Verizon Wireless customers

From Network World:

Sophisticated scam targeting Verizon Wireless customers

"The Better Business Bureau recently warned of a scam targeting Verizon Wireless customers that tries to trick users into giving up personal information.

According to the BBB, the scam begins when a customer gets a call that appears to come from "Technical Support" and claims to be Verizon Wireless. It is a recorded message saying you are eligible to receive a voucher for your account. You need to visit a website to claim it. The web address given contains "Verizon" and the value of the voucher. One recent version of the scam used "verizon54.com," but watch for variations, the BBB stated."

Cyber warrior of the future

I came across this cartoon awhile ago.  It's a pretty good representation of how conflict has evolved.

Cybersecurity training to start with children as young as 11

From Sophos Naked Security:

Cybersecurity training to start with children as young as 11

Samsung - Android backdoor discovered

Just one of the many reason I prefer my iPhone.  From Dark Reading and InformationWeek:

Samsung Galaxy Security Alert: Android Backdoor Discovered

FTC Scam Alert #2

To receive these alerts send a subscribe email to Federal Trade Commission subscribe@subscribe.ftc.gov

Fake feds get people to pay by Amy Hebert Consumer Education Specialist, FTC Have you ever gotten one of these calls? Someone says they’re with a government agency or the sheriff’s office and threatens that you’ll be sued or arrested if you don’t pay a supposed debt. But really, the people contacting you are imposters looking to scare you into sending them money. Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

---

This email was sent to <recipient_address_omitted> using GovDelivery, on behalf of: Federal Trade Commission · 600 Pennsylvania Ave., NW · Washington, DC 20580 · 1-877-382-4357

FTC Scam Alert #1

To receive these alerts send a subscribe email to Federal Trade Commission subscribe@subscribe.ftc.gov

A lotto malarkey by Nat Wood Assistant Director, Consumer & Business Education, FTC At the FTC, we’ve been warning people away from foreign lottery scams for years. So when one of our colleagues recently got an official-looking mailer from Canada, titled “RE: PRIZE WINNING NOTIFICATION,” we turned to our own advice to check it out. Read more >   SUBSCRIBER SERVICES:  Manage Preferences  |  Unsubscribe  |  Help This is a free service provided by the Federal Trade Commission.

---

This email was sent to <recipient_address_omitted> using GovDelivery, on behalf of: Federal Trade Commission · 600 Pennsylvania Ave., NW · Washington, DC 20580 · 1-877-382-4357

Nigerian 419 Scam Alert of the day

These are coming at me like a Vin Diesel movie, Fast & Furious:

===== Begin Nigerian 419 Scam =====

Investment Fund Project , Can you handle USD$65.8M

Good day,

Can you handle USD$65.8M for a contract investment fund,(FIXED) deposited and i'll like to know how you can be trusted to execute this project with me?

If yes, Please kindly get back to me with your direct Cell-phone Number,Home Telephone Number and Contact Address if you can really be trusted, to enable us discuss further.

I await your prompt response.

Yours Sincerely,

Mrs. Alima coulibaly, Manager,

Engineering and Head of Project.

===== Begin Header Info =====

Return-path: <mrsalimacoulibaly@yahoo.co.jp>
Received: from palpatine.snhdns.com ([unknown] [208.76.82.26])
 by vms172063.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <0N2D00LFTWVZI5E0@vms172063.mailsrvcs.net> for
 <recipient_address_omitted>; Thu, 13 Mar 2014 12:07:12 -0500 (CDT)
Received: from localhost
 ([127.0.0.1]:46613 helo=webmail.tareetruckcentre.com.au)
 by palpatine.snhdns.com with esmtpa (Exim 4.82)
 (envelope-from <mrsalimacoulibaly@yahoo.co.jp>) id 1WO95F-0003cs-Tu; Thu,
 13 Mar 2014 13:06:17 -0400
Received: from 41.139.97.120 ([41.139.97.120]) (proxying for 41.139.97.120)
 (SquirrelMail authenticated user spares@tareetruckcentre.com.au)
 by webmail.tareetruckcentre.com.au with HTTP; Thu, 13 Mar 2014 13:06:17 -0400
Date: Thu, 13 Mar 2014 13:06:17 -0400
From: "Mrs. Alima coulibaly, Manager," <mrsalimacoulibaly@yahoo.co.jp>
Subject: Investment Fund Project , Can you handle USD$65.8M
X-Originating-IP: [208.76.82.26]
Reply-to: mrsalimacoulibaly@outlook.com
Message-id:
 <e4ccf8fd38cfaefafd0ee425eda5c655.squirrel@webmail.tareetruckcentre.com.au>
MIME-version: 1.0
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - palpatine.snhdns.com
X-AntiAbuse: Original Domain - verizon.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.co.jp
X-Get-Message-Sender-Via: palpatine.snhdns.com: authenticated_id:
 spares@tareetruckcentre.com.au
User-Agent: SquirrelMail/1.4.22
Original-recipient: rfc822;<recipient_address_omitted>

2014-03-14 (Happy Pi Day) Link of the Day: Microsoft’s Free Security Tools - Series Introduction

From Microsoft's Security Blog, a bit dated but will get you started with Microsofts free security offerings:

Microsoft’s Free Security Tools - Series Introduction

2014-03-13 Link of the Day: Security On Wheels Blog

World class information security professional and colleague Kevin Beaver:

Security On Wheels Blog

When's History Going to Repeat Itself In Your Organization (Excellent piece on why SMB's cannot be complacent when it comes to cybersecurity)

Phishing Scam Alert

Phishing, now in German!  This is the first non-English phish I think I've received.  It came with a malicious .pdf attachment named "Dem Gewinner.pdf" which I have not made available for obvious reasons.

===== Begin Phishing Email =====

HERZLICHEN GLUCKWUNSCH

Drucken Sie das Formular auf der angehängten Datei und füllen Sie schickte es zurück per Email oder Fax

Mit freundlichen Grüßen

Friedrich Müller

Evatos Grupo
evatos.consultant@aim.com

===== English Translation via Google Translate =====

We congratulate

Print the form on the attached file and fill you sent it back by email or fax

Sincerely yours

Friedrich Müller

Evatos Grupo
evatos.consultant @ aim.com

===== Header Info =====

Return-path: <jaraaint@gmail.com>
Received: from mail-lb0-f194.google.com ([unknown] [209.85.217.194])
 by vms172101.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <0N2B005PQQBQE740@vms172101.mailsrvcs.net> for
 <recipient_address_removed>; Wed, 12 Mar 2014 07:50:16 -0500 (CDT)
Received: by mail-lb0-f194.google.com with SMTP id q8so136729lbi.1 for
 <recipient_address_removed>; Wed, 12 Mar 2014 05:50:14 -0700 (PDT)
Received: by 10.114.172.205 with HTTP; Wed, 12 Mar 2014 05:50:13 -0700 (PDT)
X-Received: by 10.112.200.130 with SMTP id js2mr4717844lbc.28.1394628613264;
 Wed, 12 Mar 2014 05:50:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com;
 s=20120113; h=mime-version:date:message-id:subject:from:to:content-type;
 bh=ywpElAKT/PLN2q1D9DeELOAYqn20gMA1bSNnJIhDduE=;
 b=D04WNUtxuDhjsRrwLyXyKYVjDozA0WRtQGcOvGYhawtG7cdcQqHtB5WnVJ9waX9jlA
 I+xA0gwDLyG+ttnOV3BVKFp0mPpbjgFCyKkhwlAWHNLuK0Ebc5/mmVlQwmpLx+FamiWd
 +Xh4oXXJKt2f3pYcikxl20Q03cQT6uK+AkH6BCW0X3eSJTk3gSwZYl7fha5JfwoXxU+D
 GuzBiqvubRz1EvnygT0bNMpu1XEgaASNrw4k2Vcmk44/Pj3mp24CK/BdMLsZqKSUClDX
 f696Al3sJ641EuMBCVEUcp+TJL09uBtbNNYwmxe9ZhdzS0XwBiMZv5ET/juy99nnxhLc sKqA==
Date: Wed, 12 Mar 2014 13:50:13 +0100
From: Jara International Ltd <jaraaint@gmail.com>
Subject: =?ISO-8859-1?Q?Benachrichtigung_endg=FCltigen?=
X-Originating-IP: [209.85.217.194]
To: undisclosed-recipients:;
Bcc: <recipient_address_removed>
Message-id: <CALhP3w2Qbn3g-NQOogijwBUGUtgsE5RidG0ca+KQwsU7hex3WA@mail.gmail.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_4CvP4icITrD6aMMEuzsu2g)"
Original-recipient: rfc822;<recipient_address_removed>

2014-03-12 Link of the Day: Anti-Phishing Working Group (APWG)

Since I've been on a roll with phishing and Nigerian 419 scams it seems appropriate I bring one of the Internets premier anti-phishing organizations.

Anti-Phishing Working Group (APWG)

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Security Services Cater To SMBs

From Dark Reading:

Security Services Cater To SMBs

'Bout time!

Experian ID Theft Exposed 200M Consumer Records

From Information Week, Dark Reading and Brian Krebs:

Experian ID Theft Exposed 200M Consumer Records

This data breach is very serious.  Not only have 200 million people, approximately 2/3rd's of the US population, had enough PII stolen to commit bank fraud and/or identity theft but this is one of the three major US credit bureaus.  An incident like this speaks volumes about the companies lack of security controls when it comes to screening customers and monitoring for suspicious activity.

More troubling is why did the public have to learn about this from "information was revealed in a March 3 federal court hearing..."  Why didn't Experian disclose this breach on its own?  Inquiring minds want to know.

Verizon Wireless Phishing Alert

And here I thought I had AT&T.  I just found this in my McAfee spam folder.  It's a few months old but is one of the better ones I've seen.

DO NOT CLICK THE LINK!

===== Begin Header Info =====

X-MSKTag: [SPAM]
X-MSK: HYD=0.999990808
Return-path: <service@earthlink.net>
Received: from server.albany.brtransit.com ([unknown] [50.198.161.9])
 by vms172051.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with ESMTP id <0MWO008MFTX45IN0@vms172051.mailsrvcs.net>; Fri,
 22 Nov 2013 17:15:05 -0600 (CST)
Received: from localhost (localhost [127.0.0.1]) by server.albany.brtransit.com
 (Postfix) with ESMTP id 0756956EE4B; Fri, 22 Nov 2013 15:15:04 -0800 (PST)
Received: from server.albany.brtransit.com ([127.0.0.1])
 by localhost (server.albany.brtransit.com [127.0.0.1])
 (amavisd-new, port 10024) with ESMTP id ABhacXOxOGum; Fri,
 22 Nov 2013 15:15:03 -0800 (PST)
Received: from brtransit.com (unknown [216.145.158.117])
 by server.albany.brtransit.com (Postfix) with ESMTPA id E51EA56EE2D; Fri,
 22 Nov 2013 15:14:46 -0800 (PST)
Date: Fri, 22 Nov 2013 20:15:13 -0300
From: "service@verizonwireless.com"<service@earthlink.net>
Subject: [SPAM]Verizonwireless Notice: Update Your Account
X-Originating-IP: [50.198.161.9]
Message-id: <0MWO008MGTX45IN0@vms172051.mailsrvcs.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/html; charset=Windows-1251
Content-transfer-encoding: 8BIT
X-Priority: 3
X-MSMail-priority: Normal
X-Virus-Scanned: amavisd-new at brtransit.com


===== Begin Phishing Email =====
     

	Security Alert: We're writing to let you know that We're making changes to the Verizon Wireless®billing information so that we can continue to provide a full range of services to our customers We're asking that you update your Verizon billing information within 48 hours so you can keep using it. You won't be able to use your account if you don't update the billing information on your account and your account will be suspended. To start updating, simply follow below instructions . To start updating your account security, please Click Here To Update Thank you for choosing Verizon Wireless. Sincerely, Customer Team

Nigerian 419 Scam Alert

===== Begin Nigerian 419 Email =====

Hello,

I am a, staff of Private Banking Services at the Bank of China (BOC). I am contacting you concerning our customer and, an investment placed under our banks management 8 years ago.

I would respectfully request that you keep the contents of this mail confidential and respect the integrity of the information you come by as a result of this mail. I contacted you independently of our investigation and no one is informed of this communication. I would like to intimate you with certain facts that I believe would be of interest to you.

In 2005, the subject matter; ref: bb/boc/bank/0019   came to our bank to engage in business discussions with our Private Banking Services Department. He informed us that he had a financial portfolio of 8.370 million United States Dollars, which he wished to have us turn over (invest) on his behalf.

I was the officer assigned to his case; I made numerous suggestions in line with my duties as the de-facto chief operations officer of the Private Banking Services Department, especially given the volume of funds he wished to put into our bank. We met on numerous occasions prior to any investments being placed. I encouraged him to consider various growth funds with prime ratings. The favored route in my advice to customers is to start by assessing data on 6000 traditional stocks and bond managers and 2000 managers of alternative investments. Based on my advice, we spun the money around various opportunities and made attractive margins for our first months of operation, the accrued profit and interest stood at this point at over 10 million United States Dollars, this margin was not the full potential of the fund but he desired low risk guaranteed returns on investments.

In mid 2006, he asked that the money be liquidated because he needed to make an urgent investment requiring cash payments in Europe. He directed that I liquidate the funds and had it deposited with a firm. I informed him that the bank would have to make special arrangements to have this done and in order not to circumvent due process, the bank would have to make a 9.5 % deduction from the funds to cater for banking and statutory charges. He complained about the charges but later came around when I explained to him the complexities of the task he was asking of us. Cash movement across borders has become especially strict since the incidents of 9/11. I contacted my affiliate in and had the funds available. I undertook all the processes and made sure I followed his precise instructions to the letter and had the funds deposited in a security consultancy firm, the firm  is a specialist private firm that accepts deposits from high net worth individuals and blue chip corporations that  handle valuable products or un

In January last year, we got a call from the security firm informing us that the inactivity of that particular portfolio. This was an astounding position as far as I was concerned, given the fact that I managed the private banking sector I was the only one who knew about the deposit , and I could not understand why he had not come forward to claim his deposit. I made futile efforts to locate him I immediately passed the task of locating him to the internal investigations department of the bank of china. Four days later, information started to trickle in, apparently he was dead. A person who suited his description was declared dead of a heart attack in Canne, South of France. We were soon enough able to identify the body and cause of death was confirmed. The bank immediately launched an investigation into possible surviving next of kin to alert about the situation and also to come forward to claim his estate. If you are familiar with private banking affairs, those who patronize our  services usually prefer ano

In line with our internal processes for account holders who have passed away, we instituted our own investigations in good faith to determine who should have right to claim the estate. This investigation has for the past months been unfruitful. We have scanned every continent and used our private investigation affiliate companies to get to the root of the problem. The investigation did not ever yield any result My official capacity dictates that I am the only party to supervise the investigation and the only party to receive the results of the investigation.  This leaves me as the only person with the full picture of what the prevailing situation is in relation to the deposit and the late beneficiary of the deposit. According to practice, the firm will by the end of this financial year broadcast a request for statements of claim to BOC, failing to receive viable claims they will most probably revert the deposit back to BOC. This will result in the money entering the BOC accounting  system and the portfolio wi

What I wish to relate to you will smack of unethical practice but I want you to understand something. It is only an outsider to the banking world who finds the internal politics of the banking world aberrational. The world of private banking especially is fraught with huge rewards for those who occupy certain offices and oversee certain portfolios. You should have begun by now to put together the general direction of what I propose. There is US$ 8,370,000.00 deposited , I alone have the deposit details and they will release the deposit to no one unless I instruct them to do so. I alone know of the existence of this deposit for as far as BOC is concerned, the transaction with our deceased customer concluded when I sent the funds to the firm, all outstanding interactions in relation to the file are just customer services and due process.  They are simply awaiting instructions to release the deposit to any party that comes forward. This is the situation. This bank has spent great  amounts of money trying to trac

My proposal;  I am prepared to place you in a position to give instruction for the release of the  deposit to you as the closest surviving relation. Upon receipt of the deposit, I am prepared to share the money with you in half. That is: I will simply nominate you as the next of kin and have them release the deposit to you. We share the proceeds 50/50.

I would have gone ahead to ask the funds be released to me, but that would have drawn a straight line to me and my involvement in claiming the deposit. I assure you that I could have the deposit released to you within a few days. I will simply inform the bank of the final closing of the file relating to the customer  I will then officially communicate with  firm  and instruct them to release the deposit to you. With these two things: all is done. The alternative would be for us to have firm direct the funds to another bank with you as account holder. This way there will be no need for you to think of receiving the money from the firm.  We can fine-tune this based on our interactions.I am aware of the consequences of this proposal. I ask that if you find no interest in this project that you should discard this mail. I ask that you do not be vindictive and destructive. If my offer is of no appeal to you, delete this message and forget I ever contacted you. Do not destroy my career  because you do not approve of

You may not know this but people like myself who have made tidy sums out of comparable situations run the whole private banking sector. I am not a criminal and what I do, I do not find against good conscience, this may be hard for you to understand, but the dynamics of my industry dictates that I make this move. Such opportunities only come ones' way once in a lifetime. I cannot let this chance pass me by, for once I find myself in total control of my destiny. These chances won't pass me by. I ask that you do not destroy my chance, if you will not work with me let me know and let me move on with my life but do not destroy me. I am a family man and this is an opportunity to provide them with new opportunities. There is a reward for this project and it is a task well worth undertaking. I have evaluated the risks and the only risk I have here is from you refusing to work with me and alerting my bank. I am the only one who knows of this situation, good fortune has blessed you with a name  that has planted you int

If you find yourself able to work with me, contact me through this same email account. If you give me positive signals, I will initiate this process towards a conclusion. I wish to inform you that should you contact me via official channels; I will deny knowing you and about this project. I repeat, I do not want you contacting me through my official phone lines nor do I want you contacting me through my official email account. Contact me only through  through this email address. I do not want any direct link between you and me. My official lines are not secure lines as they are periodically monitored to assess our level of customer care in line with our Total Quality Management Policy. Please observe this instruction religiously. Please, again, note I am a family man; I have a wife and children.

I send you this mail not without a measure of fear as to what the consequences, but I know within me that nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. This is the one truth I have learned from my private banking clients. Do not betray my confidence. If we can be of one accord, please reply me immediately to enable us commence this line of discussion.

I await your response.

kim_wie2013@outlook.com

 
Kim Wie

===== Begin Header Info =====

Return-path: <kimwie@yahoo.cn>
Received: from hdexp.co.kr ([unknown] [211.226.10.186])
 by vms172091.mailsrvcs.net
 (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
 with SMTP id <0N1400G5SQBBCL70@vms172091.mailsrvcs.net> for
 <recipient_address_removed>; Mon, 17 Feb 2014 01:33:13 -0600 (CST)
Received: from User (180.215.160.221) by hdexp.co.kr (211.226.10.186)
 with [Nmail V3.8  20071121(ST)] for <recipient_address_removed> from
 <kimwie@yahoo.cn>; Sun, 16 Feb 2014 09:48:16 +0900
Date: Sun, 16 Feb 2014 06:17:59 +0530
Sun-Java-System-SMTP-Warning: Lines longer than SMTP allows found and wrapped.
From: "Mr Kim Wie  ( Bank Of China )"<kimwie@yahoo.cn>
Subject: Urgent Attention Required  ( Bank Of China )  Mr Kim Wie
X-Originating-IP: [211.226.10.186]
Reply-to: <kim_wie2013@outlook.com>
Message-id: <0N1400G60QBCCL70@vms172091.mailsrvcs.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
Original-recipient: rfc822;<recipient_address_removed>