Received a interesting email yesterday from Mr. Gordon Hills from London who wanted me to be partner and 5 Million dollars will be released to me. Sometimes does feel like someone should give me money 🙂
The email seems to be a template and this could be a broadcast on the internet. Interesting to see that sender email is hidden. The technique is not new but still is being used. There are lot of anonymous email services that cane b used to do the same. Looked through the header and was able to find the originating IP as 184.108.40.206 – mail-ma1ind01hn0221.outbound.protection.outlook.com. The IP is blacklisted on multiple sites.
When we hit reply the email is suppose to go to firstname.lastname@example.org. From the header originating IP for the email is 220.127.116.11 which is again blacklisted in spamhaus.
The email has no attachments or URL. The attempt likely is to collect personal information for further follow-up campaign.
Associated IP :
http://www.ipvoid.com/scan/18.104.22.168/ – This IP address is infected with, or is NATting for a machine infected with the ZeroAccess botnet, also known as Sirefef as per spamhaus cbl.