Santander Identity Theft Scam from blacklisted IP located in Fareham, UK.
email@example.com , a HELO user of hermes.hood.edu sending phishing scam (with ESMTPA id 36711788) supposedly from firstname.lastname@example.org with attached file link.
NB. DO NOT OPEN FILE ATACHMENT!
Originating IP: 184.108.40.206
ISP: Mailbox Networks
Host Name: 88-212-147-234.rdns.as8401.net
Organization: Mailbox Networks
Country: Fareham, Hampshire F2, United Kingdom.
Phish routed via IP 220.127.116.11 (ISP: Hood College; Host Name: hermes.hood.edu ; Organization: Hood College located in Frederick, Maryland, MD21701, United States.)
_ _ _ _ _ _ _ _
Received: from hermes.hood.edu ([18.104.22.168]) by BAY0-MC3-F36.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Sat, 13 Oct 2012 09:46:28 -0700
Received: from [22.214.171.124] (account mailto:email@example.com HELO User)
by hermes.hood.edu (CommuniGate Pro SMTP 5.3.7)
with ESMTPA id 36711788; Sat, 13 Oct 2012 12:45:24 -0400
From: "Santander Online Banking"
Subject: Important Customer Notice
Date: Sat, 13 Oct 2012 17:42:16 +0100
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-OriginalArrivalTime: 13 Oct 2012 16:46:28.0749 (UTC) FILETIME=[4A9FD3D0:01CDA962]
This is a multi-part message in MIME format.
Irregular activities has been detected on your Santander account
your access to your Santander account has been temporarily blocked
complete security verification required to remove all restriction placed on your
Open with Internet Browser and proceed now via attached file to restore access to your account
Customer Service Team