SARS Efiling / ABSA Payment Notification Phishing Scam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Tue Sep 18 18:29:26 2012
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 212.82.111.160; Tue, 18 Sep 2012 06:43:39 +0000
X-YahooFilteredBulk: 69.175.67.10
Received-SPF: none (domain of server.lebanonpost.com does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [69.175.67.10]
Authentication-Results: mta1070.mail.ird.yahoo.com from=onlinedata.co.za; domainkeys=neutral (no sig);
from=onlinedata.co.za; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server.lebanonpost.com) (69.175.67.10)
by mta1070.mail.ird.yahoo.com with SMTP; Tue, 18 Sep 2012 06:43:39 +0000
Received: from lebanon by server.lebanonpost.com with local (Exim 4.77)
(envelope-from <lebanon@server.lebanonpost.com>)
id 1TDrX1-0003i5-3t
for x; Tue, 18 Sep 2012 01:43:39 -0500
To: x
Subject: Efiling Payment Notification
From: Absa bank <ibt@onlinedata.co.za>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <x@server.lebanonpost.com>
Date: Tue, 18 Sep 2012 01:43:39 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.lebanonpost.com
X-AntiAbuse: Original Domain - yahoo.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [503 501] / [47 12]
X-AntiAbuse: Sender Address Domain - server.lebanonpost.com
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 212.82.111.160; Tue, 18 Sep 2012 06:43:39 +0000
X-YahooFilteredBulk: 69.175.67.10
Received-SPF: none (domain of server.lebanonpost.com does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [69.175.67.10]
Authentication-Results: mta1070.mail.ird.yahoo.com from=onlinedata.co.za; domainkeys=neutral (no sig);
from=onlinedata.co.za; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server.lebanonpost.com) (69.175.67.10)
by mta1070.mail.ird.yahoo.com with SMTP; Tue, 18 Sep 2012 06:43:39 +0000
Received: from lebanon by server.lebanonpost.com with local (Exim 4.77)
(envelope-from <lebanon@server.lebanonpost.com>)
id 1TDrX1-0003i5-3t
for x; Tue, 18 Sep 2012 01:43:39 -0500
To: x
Subject: Efiling Payment Notification
From: Absa bank <ibt@onlinedata.co.za>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <x@server.lebanonpost.com>
Date: Tue, 18 Sep 2012 01:43:39 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.lebanonpost.com
X-AntiAbuse: Original Domain - yahoo.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [503 501] / [47 12]
X-AntiAbuse: Sender Address Domain - server.lebanonpost.com
Body:
Dear Client,
A payment has been made into your account from SARS- Efiling
In other to process and confirm this payment please do click here to login.
During this process, your RVN will be checked and verified.
Regards,
ABSA Bank Limited 2012
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
ABSA Excess Charges Refund Banking Phishing ScamBanking Phishing Scam - Your Pending EFT Payment!!!
ABSA Bank Phishing Scam - Authorized EFT Payment Received
SARS eFiling Phishing Scam - Support Center
ABSA Banking Phishing Scam - 2012 - SARS PAYMENTS
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
These scammers are really a bunch of idiots. In other to process... whatever that means. Oh yeah and the link reads "login", but if you hover with your mouse over the link, you will see they made the title tag "logon". Just by looking at this e-mail you can already tell that it did not come from ABSA.
This scam is a new variation of the following two scams:
2012 SARS PAYMENTS Phishing Scam
ABSA Excess Charges Refund Banking Phishing Scam
This one places the emphasis on the RVN. ONLY use your RVN on the official ABSA Internet Banking website, by going to www.absa.co.za and logging in from there. NEVER enter it on any other website or send it to someone via SMS, e-mail, telephone, or any other means, like we already said, it should only be used on ABSA's Internet Banking website.