2012 - SARS PAYMENTS
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Wed Sep 5 20:57:45 2012
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 212.82.111.163; Wed, 05 Sep 2012 07:14:17 +0000
X-YahooFilteredBulk: 97.107.141.122
Received-SPF: none (domain of o3.oxygeninternet.com.au does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [97.107.141.122]
Authentication-Results: mta1006.mail.ird.yahoo.com from=133secure-absa.co.za; domainkeys=neutral (no sig);
from=133secure-absa.co.za; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO o3.oxygeninternet.com.au) (97.107.141.122)
by mta1006.mail.ird.yahoo.com with SMTP; Wed, 05 Sep 2012 07:14:17 +0000
To: x
Subject: 2012 - SARS PAYMENTS
From: Absa Internet Banking <34435@133secure-absa.co.za>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <x@o3.oxygeninternet.com.au>
Date: Wed, 05 Sep 2012 16:57:41 +1000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - o3.oxygeninternet.com.au
X-AntiAbuse: Original Domain - yahoo.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [99 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - o3.oxygeninternet.com.au
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL
X-Source-Dir: steelframesandtrusses.com.au:/public_html/tmp
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 212.82.111.163; Wed, 05 Sep 2012 07:14:17 +0000
X-YahooFilteredBulk: 97.107.141.122
Received-SPF: none (domain of o3.oxygeninternet.com.au does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [97.107.141.122]
Authentication-Results: mta1006.mail.ird.yahoo.com from=133secure-absa.co.za; domainkeys=neutral (no sig);
from=133secure-absa.co.za; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO o3.oxygeninternet.com.au) (97.107.141.122)
by mta1006.mail.ird.yahoo.com with SMTP; Wed, 05 Sep 2012 07:14:17 +0000
To: x
Subject: 2012 - SARS PAYMENTS
From: Absa Internet Banking <34435@133secure-absa.co.za>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <x@o3.oxygeninternet.com.au>
Date: Wed, 05 Sep 2012 16:57:41 +1000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - o3.oxygeninternet.com.au
X-AntiAbuse: Original Domain - yahoo.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [99 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - o3.oxygeninternet.com.au
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL
X-Source-Dir: steelframesandtrusses.com.au:/public_html/tmp
Body:
Dear Customer,
It appears that there are some irregularities with your Tax filing.
You have recieved an amount from SARS E-Filing which requires your verification.
Please click Complete Verification to verify this process so this amount can be deposited into your account.
You may be required to enter RVN sent to you to verify this payment.
© Copyright 2012 ABSA Bank.
This email was sent automatically please do not respond.
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Banking Phishing Scam - Your Pending EFT Payment!!!ABSA Excess Charges Refund Banking Phishing Scam
ABSA Bank Phishing Scam - Authorized EFT Payment Received
Banking Phishing Scam - Absa Bank Electronic Statements Fees Deducted
SARS Efiling / ABSA Payment Notification Phishing Scam
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
This e-mail just looks funny to start with. The font seems strange, the logo looks out of place and the HUGE gaps between the paragraphs looks sloppy and unprofessional. So just by looking at this e-mail you can already tell that it did not came from ABSA.
Take a good look at this e-mail address, even though it is spoofed, 133secure-absa.co.za does not belong to ABSA, but even if the from address was an actual absa.co.za e-mail address, it still does not mean that the e-mail really came from ABSA, the From e-mail address can easily be spoofed.
You never receive any amount from SARS E-Filing, it will be from SARS itself. Secondly you never have to verify a tax refund, SARS goes to great lengths to verify the banking details of tax payers, so if you receive a refund, all the necessary verification processes have already been done by SARS. Finally, it makes no sense for the recipient to verify an incoming payment, verification has to be done on the side of the person MAKING the payment.
Never share your RVN with ANYONE! Not by SMS, not by e-mail, not by any means. The RVN should only be used for one purpose, for entering it on the real ABSA Internet Banking site (www.absa.co.za). Never enter this number on a website you visited, after clicking a link in an e-mail.
The same holds true for your tax affairs. Never respond to any e-mail with links regarding verification of your tax refund or personal information or banking details or whatever. All correspondence from SARS in this regard is normally via a text-only e-mail with no links. You have to log onto the actual SARS eFiling website (www.sarsefiling.co.za) to download your assessment, statements of account, review your return, etc.
As a final note, if there is anything wrong with your tax return or the processing of your tax refund, you will receive correspondence directly from SARS and not from ABSA or any other bank for that matter.