An amateur operating from Austria/Belgium in cahoots with Italy:
Looks genuine enough: https://photos.kolico.ca/tmp/dhl-3.jpg
BUT..
Return-Path: <akalo@dictavoice.at>
Delivered-To: august@ashlies.ca
Envelope-to: books@ashlies.ca
Delivery-date: Wed, 03 Mar 2021 23:02:31 -0500
X-EN-OrigIP: 213.33.87.16
Received: from [192.168.43.137] (19-176-62-37.mobileinternet.proximus.be [37.62.176.19])
From: noreply@dhlverification.com
To: "books" <books@ashlies.ca>
Subject: DHL EXPRESS : Your Package is waiting for delivery
X-Mailer: Microsoft Office Outlook 12.0
This is a multi-part message in MIME format.
------=_NextPart_000_0001_37E711D9.D58E9144
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Dear Client,Your Package is waiting for delivery. Please
confirm the payment (4,99 $) on the link below, the online
verification needs to be done in the next 2 days before it expires
Click here. Thank you for your trust,
DHL EXPRESS
------=_NextPart_000_0001_37E711D9.D58E9144
The "Click here" boils down to:
"h##p://gadfi.andrewbasso.it/fadujk"
Any dibs that this guy's name is Andre Basso?
This is almost enough to make me want to switch entirely to pure
TEXT email.
The "Click here" boils down to:
"h##p://gadfi.andrewbasso.it/fadujk"
Why do you spend time on these obvious scams? I don't even
see most of them, because my spam filter takes care of
them. The few ones that get through I just delete... ;)
Why do you spend time on these obvious scams? I don't even
see most of them, because my spam filter takes care of
them. The few ones that get through I just delete... ;)
Why? Partly because they don't look entirely obvious. I don't
use any special spam filters except for what Outlook (desktop)
might deem suspicious. Gmail seems to do things pretty well
autonomously (I've seen repeated spam/scam there) And my ISP's
web interface using Roundcube has filters that I built to ignore
certain annoying and obvious ones like the .buzz TLD.
The domain/link above looks entirely benign, although it was
hidden with the "graphic" button that the html message produced.
And.. I find it rather interesting how persistent some scammers
are with old techniques.
One of the emails that utilized a header field to trigger the
potential launch of a script - really pissed me off.
Perhaps the best strategy would be not to share and disclose
"discoveries" like these in general, anywhere. That way, the
perpetrator wouldn't understand why their cleverly designed
"DHL" emails for example are never taken as bait.
August Abolins said to All <-
Hello All!
An amateur operating from Austria/Belgium in cahoots with Italy:
Click here. Thank you for your trust,
DHL EXPRESS
------=_NextPart_000_0001_37E711D9.D58E9144
The "Click here" boils down to:
"h##p://gadfi.andrewbasso.it/fadujk"
Any dibs that this guy's name is Andre Basso?
But I don't think those links are revealed in webmail
interfaces. And webmail use is probably becoming more and more
prominent.
| Sysop: | Coz | 
|---|---|
| Location: | Anoka, MN | 
| Users: | 2 | 
| Nodes: | 4 (0 / 4) | 
| Uptime: | 18:45:02 | 
| Calls: | 359 | 
| Files: | 6,302 | 
| Messages: | 235,030 |