Email scams #6

Along the same lines as scam #5 the Permanent TSB are being targeted again.


The image is just a rather poor Permanent TSB logo.

Apart from the rather obvious foreign English and the nature of the request, the header reveals that the email was not sent from Europe and thus is unlikely to be Permanent TSB.

Delivered-To: (email address removed)
Received: (vpopmail 92251 invoked by uid 16); 11 Dec 2012 15:23:51 +0000
Received: (qmail 92248 messnum 6631006 invoked from (mail server address removed); 11 Dec 2012 15:23:51 -0000
Received: from (mail server address removed)
by (mail server address removed) with SMTP; 11 Dec 2012 15:23:51 -0000
Received: from ([])
by (mail server address removed) with Cloudmark Gateway
id aFPl1k00K277WFx01FPpjw; Tue, 11 Dec 2012 15:23:51 +0000
X-Spam-Flag: YES
X-CNFS-Analysis: v=2.0 cv=AZQz7grG c=1 sm=1 p=4qRR1nOuAAAA:8
a=be0sErTATg5kmDfI+FxFnw==:17 a=Nnsh1wtXl2cA:10 a=8EU9Q7FnrCoA:10
a=9DDVmz1ZAAAA:8 a=Y7rGhgCJYpUA:10 a=V7saN0sgUImbZwQThTkA:9 a=Ft8UYL4EG9YA:10
a=B7DzxP5wjkkA:10 a=BBkQYBf8MSkA:10 a=1MeoMdNFr1eSvZnn:21
a=97O2lxbUKmKA6vPh:21 a=uYfKWxhyAAAA:8 a=MZqACNACAAAA:8 a=S7OzpgZLAAAA:8
a=xMUjK7fHAAAA:8 a=uwbQTtqUrpFYiPvHyrQA:9 a=t93A0bSuxp8A:10 a=PwupmhqoJFYA:10
a=rd-uzrdr_P7o9gKA:21 a=54R6ICGb0GvbrS-_:21 a=MQBIDzUUP3JUpVHH:21
Received: from User (unknown [])
(Authenticated sender: test)
by (Postfix) with ESMTPA id 33E13E400D4;
Tue, 11 Dec 2012 23:22:54 +0800 (CST)
From: “Open24 Permanent TSB Internet Banking”
Subject: [might be spam] Security Alert – Suspicious activity on your account please review information
Date: Tue, 11 Dec 2012 17:23:40 +0200
MIME-Version: 1.0
Status: U
X-UIDL: (mail server address removed),S=15197
Content-Type: multipart/mixed;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
To: undisclosed-recipients:;

The time of sending +0800 and the CST tell me that this was sent from China.

You can check the time zone using the Time and Date Time Zone Map

As always:

Never click on a link purporting to be a helpful logon or similar. Always open your browser and type in your internet banking details yourself, or use a password manager.

About PuterMan

A retired programmer.
This entry was posted in Email scams. Bookmark the permalink.

Feel free to leave a reply (ALL comments are moderated)

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.