Version 1:
Date: Thu, 6 Jun 2013 20:53:08 +0600 [10:53:08 EDT]
From: National Payment Automated Reports System [dunks@services.natpaymail.net]
Subject: Transmission Confirmation ~26306682~N25BHHL1~
Transmission Verification
Contact Us
To:
NPC Account # 26306682
Xavier Reed
Re:
NPC Account # 26306682
D & - D5
Thursday, July 04, 2013, Independence Day is a Federal Banking Holiday. All banks are closed for this holiday, therefore NatPay will not be able to process any files on that date. If you plan on transmitting for a paydate that falls between Thursday, July 04, 2013 and Thursday, July 11, 2013 you will need to the file a day earlier.
Batch Number 408
Batch Description VENDOR PAY
Number of Dollar Entries 2
Number of Prenotes 0
Total Deposit Amount $3,848.19
Total Withdraw Amount $3,848.19
Batch Confirmation Number 50983
Date Transmitted Thursday, June 06, 2013
Date Processed Thursday, June 06, 2013
Call Start Time 4:06 PM
Call End Time 4:07 PM
Funding Method 2 Day Funding
Cycle AM
Effective
Entry Date
Transaction Type
Entry
Identification
Routing/Transit
Bank Account
Entry Amount
06/08/2013 Checking - Deposit XXXXXXXX XXXXXXXXX XXXXXXXXXX $3,848.19
06/06/2013 Checking - Withdraw Offset Entry XXXXXXXXX XXXXXXXXXX -$3,848.19
Totals $0.00
Report reference ID # N25BHHL1 Created on Thursday, June 06, 2013
Have a question about this report? Please click here to send us an email with your question.
Version 2:
Date: Thu, 6 Jun 2013 09:59:06 -0500
From: National Payment Automated Reports System [lemuel@emalsrv.natpaymail.com]
Subject: Transmission Confirmation ~10968697~607MPYRC~
Transmission Verification
Contact Us
To:
NPC Account # 10968697
Benjamin Turner
Re:
NPC Account # 10968697
D & - MN
Thursday, July 04, 2013, Independence Day is a Federal Banking Holiday. All banks are closed for this holiday, therefore NatPay will not be able to process any files on that date. If you plan on transmitting for a paydate that falls between Thursday, July 04, 2013 and Thursday, July 11, 2013 you will need to the file a day earlier.
Batch Number 219
Batch Description VENDOR PAY
Number of Dollar Entries 2
Number of Prenotes 0
Total Deposit Amount $2,549.12
Total Withdraw Amount $2,549.12
Batch Confirmation Number 24035
Date Transmitted Thursday, June 06, 2013
Date Processed Thursday, June 06, 2013
Call Start Time 4:06 PM
Call End Time 4:07 PM
Funding Method 2 Day Funding
Cycle AM
Effective
Entry Date
Transaction Type
Entry
Identification
Routing/Transit
Bank Account
Entry Amount
06/08/2013 Checking - Deposit XXXXXXXX XXXXXXXXX XXXXXXXXXX $2,549.12
06/06/2013 Checking - Withdraw Offset Entry XXXXXXXXX XXXXXXXXXX -$2,549.12
Totals $0.00
Report reference ID # 607MPYRC Created on Thursday, June 06, 2013
Have a question about this report? Please click here to send us an email with your question.
41.89.6.179 (Kenya Education Network, Kenya)
46.18.160.86 (Saudi Electronic Info Exchange Company (Tabadul) JSC, Saudi Arabia)
93.89.235.13 (FBS Bilisim Cozumleri, Cyprus)
112.170.169.56 (Korea Telecom, South Korea)
The cluster of IPs and domains this belongs to identifies it as part of the Amerika spam run.
Blocklist:
41.89.6.179
46.18.160.86
93.89.235.13
112.170.169.56
abacs.pl
biati.net
buyparrots.net
citysubway.net
condalnuashyochetto.ru
cunitarsiksepj.ru
eheranskietpj.ru
ejoingrespubldpl.ru
enway.pl
federal-credit-union.com
gnunirotniviepj.ru
gstoryofmygame.ru
icensol.net
myhispress.com
onlinedatingblueprint.net
oydahrenlitutskazata.ru
ozonatorz.com
smartsecurityapp2013.com
sngroup.pl
twintrade.net
usforclosedhomes.net
6 comments:
This is also coming from other URL's as well. This is similar to the Wall-mart phish that hit a few weeks ago.
http://urlquery.net/report.php?id=2927463
http://urlquery.net/report.php?id=2927476
I just received the exact same message, but with different dollar amounts. Thank you for posting this!
Me, too. Thanks so much for posting!
@silly_rabbit: the first step is always a legitimate hacked site, then the victim gets redirected to a payload site which is easier to block. And yes.. it's the same group who send the Walmart one a few weeks ago!
just received the exact same message, but with different dollar amounts. Thank you for posting this!
THANK YOU SO MUCH FOR POSTING.., I JUST GOT THE SAME EXACT MESSAGE (DOLLAR AMOUNT CHANGED) AND I WAS WORRIED SOMEONE HAD TAKEN MONEY OUT OF MY CHECKING ACCOUNT!
Post a Comment