, you have (4) new notifications

Facebook, hey?

This email was made to look like a Facebook notification, albeit, rather broken HTML if you ask me...

That being said, it's just spam and not really a super bad hacker, even if sending you to a so called Internet Marketer website.

Someone who found a cheap way of advertising their website and instead of being truthful they give you an email that has nothing to do with what the email is for/about. It's just sad to see so many doing such a thing.

Then a little later I received a second email. This time it was from LinkedIn. The mistake from the spammer in this case? He used the exact same format for the email. So it was dead easy to see that something fishy has happened.

I put that second LinkedIn email after the first Facebook email.


Return-Path: 
X-Original-To: alexis@m2osw.com
Delivered-To: alexis@m2osw.com
X-Greylist: delayed 607 seconds by postgrey-1.35 at m2osw.com; Thu, 22 Feb 2018 13:58:02 UTC
DMARC-Filter: OpenDMARC Filter v1.3.1 m2osw.com 7CFCD40537
Authentication-Results: mail.m2osw.com; dmarc=fail header.from=click4calls.com
Authentication-Results: m2osw.com;
	dkim=pass (1024-bit key; unprotected) header.d=click4calls.com
        header.i=acct@click4calls.com header.b=nLd+Aj5R;
	dkim-atps=neutral
Received: from o1.zimbra334.click4calls.com (o1.zimbra334.click4calls.com [91.222.236.147])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by m2osw.com (Postfix) with ESMTPS id 7CFCD40537
	for ; Thu, 22 Feb 2018 13:58:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=click4calls.com;
        h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe
        :Content-Type:Content-Transfer-Encoding; i=acct@click4calls.com;
        bh=8S7xedzs/tBIR7bFA37xlkN4GrM=;
        b=nLd+Aj5RmKtHDCqlu2zurWXbG4C3289/2pJJ0cUYOpvOAyvbE2cYcnzeNTtymxSP3VM37jPKuSGb
        ycy8N5A2Y6igdiRY2rrFlAEt0bagUgn6pjUotg4nkyA7PLxOE7jtiVDirESN0/4aCBe/RKWRfkZs
        Z+7N9XhupXF2ILkvVfc=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=click4calls.com;
 b=fhac/lpR7M7IRrcrUvhHplfzKVIWeMJDok5irOVbVeWvMgZYBF0isZcrtGIfGGSrSGCtMjkl9NB4
   eUDATH2jOLC6vuijGOXF49q5KAMp7kGtsyovSHlVhg5I8q0CqPcX+f1Sg3GQPr4m55umKovWwhwH
   RHFg/tFQDeRTp15S8O4=;
To: alexis@m2osw.com
Subject: , you have (4) new notifications
Message-ID: <7dbeb3ef7ac4ada3be77984fba266cbd@click4calls.com>
Date: Thu, 22 Feb 2018 13:43:01 +0000
From: "Facebook" 
Reply-To: acct@click4calls.com
MIME-Version: 1.0
X-Mailer-LID: 60,69,61,59,68,4,25,36
List-Unsubscribe: 
X-Mailer-RecptId: 1185072
X-Mailer-SID: 64
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_c4e30e8dc166e046aa0a966695db1997"
Content-Transfer-Encoding: 8bit

 

 

Dear ,

You have (4) new notifications. View here

Dear
You have 

4  new notifications
Message(s) from: Jennifer, James

Date: 02/02/2018

View new notifications here
Unsubscribe me from this list

 

 

 


Linked In email:

Return-Path: 
X-Original-To: alexis@m2osw.com
Delivered-To: alexis@m2osw.com
Received: from NAM03-CO1-obe.outbound.protection.outlook.com
        (mail-co1nam03on0044.outbound.protection.outlook.com [104.47.40.44])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by m2osw.com (Postfix) with ESMTPS id 8C132405EA
	for ; Thu, 22 Feb 2018 18:08:18 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.1 m2osw.com 8C132405EA
Authentication-Results: mail.m2osw.com; dmarc=none header.from=onyxxteriors.com
Authentication-Results: m2osw.com;
	dkim=pass (1024-bit key; unprotected) header.d=NETORGFT1184243.onmicrosoft.com
        header.i=@NETORGFT1184243.onmicrosoft.com header.b=kf7On2g5;
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=NETORGFT1184243.onmicrosoft.com; s=selector1-onyxxteriors-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=Nb68qEocq3gzRKk4L+7OOcGycAXXQlMNvnqeU94YN2Q=;
 b=kf7On2g5Ivof8gccxD1uXE1/YA3p7dYRjdskLT6LE5o4eO/G5vhPjpthf+FhlqbnlLZGBrXPM/3ns2wh/f196AClIp+0iygLDjkRJi9
        TXQFL1cdrAFHF6UwUfKkw/zCUpYFg+PQdvFw4qkjculwtGKwzsZ6iPnjhsn+oY7/DZu8=
Received: from DM5PR2001MB1147.namprd20.prod.outlook.com (10.172.90.145) by
 DM5PR2001MB1033.namprd20.prod.outlook.com (10.172.89.147) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
 15.20.527.15; Thu, 22 Feb 2018 18:07:44 +0000
Received: from DM5PR2001MB1147.namprd20.prod.outlook.com
 ([fe80::1827:608c:6ead:204e]) by DM5PR2001MB1147.namprd20.prod.outlook.com
 ([fe80::1827:608c:6ead:204e%14]) with mapi id 15.20.0527.017; Thu, 22 Feb
 2018 18:07:43 +0000
From: =?utf-8?B?TGlua2VkbG4gY2/NmG5uZWN0aW9uc8KgPHN1cHDhu49ydC5tZXNzYWdlc0BJ?=
 =?utf-8?B?4buJbmtlZGluLmNvbT4=?= 
Subject: Your connection sent you a message
Thread-Topic: Your connection sent you a message
Thread-Index: AQHTrAgHy7Dg8g9RQ0CSWm4hp3nK1w==
Date: Thu, 22 Feb 2018 18:07:41 +0000
Message-ID: <68248650-A787-4099-B916-610BA4B6D3B7@onyxxteriors.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=contactus@onyxxteriors.com; 
x-originating-ip: [104.220.28.75]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM5PR2001MB1033;6:vODrafe4CBXElPpIlsBYZtk4QGjtE1ce/whf6Z0KWk8x+Qq5hRC
        BPZ+OrzT4qwGkMn4NIDjtNGhhOjIiUkbryxIuL5bJ6kaxUA/uMShWi/ErFxrWrdhZCGyYUUn42dL9WgS1GH1oRu7IIHwW7DGX
        a/jdaCrIWa3AIEC+aNHnJ73PG/Hx71Pqv0NjmL0+jJmjmVvMlKlVqeNIEY/amIJwuhWlW+xZsko64IQART3QTOoAUT8hBdFR0
        f2X/Hgi2WV2vkVqHMBC9WCf9P7hBUSdr0S26xh21rgenxQYz8SlhXTzxZDzI/+j2JyrvvZ5MljIyTQ8tp9fqpuP7wcbkrQ1xW
        nWfbcTi/270W2xqwim0vrZrah5RkFbRA0VD7gp32Zz;5:dX0tZiuuIYUJwRHK+oIQr/IOxyXBv7eGUKdIAEPyM97Q6+t1ygDo
        OOrRx3W0jQz/LDBWlOsfxE9ey/JRYPF3Gl/qZev/s/asYdBhlEv+0Em+08wKDcZGQhkBzIRUIDTDDb0lN4tJqZPLRqLbvLBQa
        Q3r5p7tTZzbXkO8vJ8BTEY=;24:ziI2/QvR51U4PhEziXrAWZm8RMqIRtaf28eNxkoAvfI+zxJpHffzNdUYAFc7vQ0BHjA6Db
        guRmgyEOgSoJ/ZDOUeppkM0ONRTXdouLv5xCw=;7:pQa2kSrGrZpd3oRD2owULAfodythz1kqysnN47aen3D+x161DBEbUaOA
        70TO8y8ji9+NVu7lsM0g6mRYGZK11THLQ1FYybncX045pGiKJbxITQXgLftzIvkKYCFuyghXec/Pu2ogrv0gYPk4fUENG4Xzq
        Z/A8LF4xIf/o7aA08k6fXf+K58GI7ViLwIdK9A/fzRdhzrkLBirWWz9mD4UoeE+e7ikogt1Qrej66FCfZHHonm/AFyVpgnJEJ
        5uc5zB
x-ms-office365-filtering-correlation-id: 88479f98-42dd-4851-93b2-08d57a1f2bc7
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)
        (7168020)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)
        (3008032)(2017052603307)(7153060)(49563074)(7193020);SRVR:DM5PR2001MB1033;
x-ms-traffictypediagnostic: DM5PR2001MB1033:
x-microsoft-antispam-prvs: 
x-exchange-antispam-report-test: UriScan:(28532068793085)(116415991822766)(157691218806472)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040501)(2401047)(8121501046)(5005006)
        (93006095)(93001095)(3002001)(3231101)(2350122)(2017060903117)(944501161)(10201501046)(6041288)
        (2016111802025)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(6043046)(6072148)
        (201708071742011);SRVR:DM5PR2001MB1033;BCL:0;PCL:0;RULEID:;SRVR:DM5PR2001MB1033;
x-forefront-prvs: 059185FE08
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(376002)(39850400004)(39380400002)(346002)(396003)
        (366004)(199004)(189003)(8676002)(478600001)(15650500001)(2420400007)(881003)(81156014)(25786009)
        (3846002)(8936002)(2906002)(68736007)(109986005)(14454004)(82746002)(97736004)(6512007)(54896002)
        (6306002)(6436002)(53936002)(6116002)(6486002)(81166006)(10710500007)(733005)(39060400002)
        (8666007)(54556002)(236005)(55236004)(3280700002)(86362001)(316002)(7110500001)(7736002)
        (2900100001)(99286004)(52230400001)(106356001)(186003)(1671002)(606006)(861006)(8656006)
        (6506007)(3660700001)(45080400002)(7366002)(7406005)(7336002)(89122003)(7416002)(5250100002)
        (76576003)(26005)(88732003)(105586002)(33656002)(99936001)(83716003)(5660300001)(7276002)
        (66066001)(36756003)(558084003)(102836004)(60550400001)(16866105001);DIR:OUT;SFP:1101;
        SCL:1;SRVR:DM5PR2001MB1033;H:DM5PR2001MB1147.namprd20.prod.outlook.com;FPR:;SPF:None;
        PTR:InfoNoRecords;A:1;MX:1;LANG:en;
received-spf: None (protection.outlook.com: onyxxteriors.com does not
 designate permitted sender hosts)
x-microsoft-antispam-message-info: PdBlQcoiLVZRWnb+HrtV4ayUp4BC7kpue3ycUQZl5OWpSC7nP14f3KqV1s1eze5b6J4idHAUX3
        gFcmf8snFrQm1N3PJ37KWccw63hHQ1sc2wW7y+fSJlGrrpiu7EoWF20ZCcTlW8zcP0MKwcTpzYeUNrZmKrrsQplhblf0phUpPHvk5
        Zg5Uxcq0WKLP/DfJY5ETkKKB+PHUVc81kPk7ZFTbJzr9Kjddws0ZyKojD6cIoYuxoqHw5R/6/rhY5xr7Sl41G4OcUxAvWElLef5sc
        6HZxKWvoWvNKNymmV0k9wMY=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related;
	boundary="_004_68248650A7874099B916610BA4B6D3B7onyxxteriorscom_";
	type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: onyxxteriors.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 88479f98-42dd-4851-93b2-08d57a1f2bc7
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2018 18:07:41.6117
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 25118a56-e9db-4af8-a2c0-9def9eff60f2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2001MB1033

 

(Unforutnately the CSS is not compatible with the other email so I just put a picture for this one.)

 

A user replied to your message. Read Your Message Now.

 

There is the broken HTML:

     

 

A user replied to your message on LinkedIn

https://media.licdn.com/mpr/mpr/shrink_100_100/AAIA_wDGAAAAAQAAAAAAAAy_AAAAJGM1ZDcyNjM5LThiZDgtNGQ3Zi04MzRmLTM0NDk3MjlkNGRhMA.jpg

 

 

 

 

Subject - RE: Follow Up

Login with your LinkedIn Credentials below to read and reply.

 

 

 

 

 

 

 

 

Read Your Message Now

 

 

Unsubscribe  |   Help