Job posting scam email

Hello all,

Please be aware of the below email that has been going around
offering a data Entry Position


Mail server ip located in : is from China(CN) in region Southern and Eastern Asia
Type of Threat – Phishing
Link leads to a suspicious website offering advertizing

If you see the below email please mark as spam and delete

Beginning of the email

Numerous companies are looking for workers
to submit information into online forms and they
will pay you nicely in return. You can get paid
up to $25 per transaction.

This is not a get-rich-quick scheme but a
legitimate way to earn money from home.

Visit our website:

Beginning of header information

Delivered-To: [email protected]
Received: by with SMTP id pp8csp120037veb;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Received: by with SMTP id m7mr7069752qeh.41.1353120504693;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Received: from ([])
by with SMTP id i8si2437232qec.28.2012.;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Received-SPF: pass ( domain of [email protected] designates as permitted sender) client-ip=;
Authentication-Results:; spf=pass ( domain of [email protected] designates as permitted sender) [email protected]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
Date: Fri, 16 Nov 2012 18:48:24 -0800
From: “Data Entry jobs”
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/20070728 Thunderbird/
X-Accept-Language: en-us
MIME-Version: 1.0
Cc: ,

Subject: Enter Data Online
Content-Type: text/plain;

Phishing Email Received – Scotia Bank

Hello Everyone Please beware of the below email
if you see this email in your inbox please mark as spam and delete

Type of email – Phishing
Email Orgin Ip –
Orgin Country – is from United States(US) in region North America
Link in email actually points to

Beginning of the message

This e-mail has been sent by Scotia Bank to $recipient (October 18th, 2012)

ALERT-ID: 898-yj2

Dear customer ([email protected]),

This e-mail has been sent to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful login attemps on your account.
To prevent this to happen please login securely to our activation link below:

If you have already confirmed your information then please disregard this message.

Scotia bank member services.

Headers of message

Authentication-Results:; sender-id=temperror (sender IP is [email protected]; dkim=none; x-hmca=none
X-SID-PRA: [email protected]
X-DKIM-Result: None
X-SID-Result: TempError
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: aKlYzGSc+LlZYjyuJfh5TbvOiHB7JMONjE7r6u9GmbItAos1aZj28p5J0THbCXoQtsBIr7EjEH3ZrHJ7AslCkeJz+C+DQ6QMGccFWRR2u5GEK56h4BO0Ng4JJ4ZpwhI5DyjhaZCzJuIfcHsuByeAeg==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 18 Oct 2012 09:15:39 -0700
Received: from ([]) by DNS with trend_isnt_name_B; Fri, 19 Oct 2012 00:04:31 +0800
Received: from [] ([])
by (Lotus Domino Release 6.0.2CF1)
with ESMTP id 2012101900042855-15896 ;
Fri, 19 Oct 2012 00:04:28 +0800
Date: Thu, 18 Oct 2012 16:04:25 GMT
X-cid: tsledu.7546.3968
From: [email protected]
X-campaignid: badoo 859.47.1.260411162103
X-Bps1: 8857252606
X-Header-Versions: [email protected]
X-MimeOLE: Produced by
X-Log-Id: 309239
x-im: 38509-f171261bd5
X-LinkedIn-fbl: s-XJmbgVhoYWmQchVIS-IHA669o3zHRUZglPkb9vVXYjz_frhXJLWZAj
X-Ls-Send-Id: b_mrboke6j5h3rbcetrqkb41mrn8======
X-IronPort-AV: E=Sophos;i=”4.68,845,1312153200
X-EMID: 0AA02SK0ICQ03HU050288NJ00L994LE
X-CCEmailDispatchID: 510090
Subject: (ID: seq) Account ALERT! ->
X-CTRc: 210750181
X-EMV-CampagneId: 4251337
X-Campaign-Id: 3903
Mime-Version: 1.0 (iPod Mail 7E18)
X-BigFish: VPS-15(zz1803M542N217bLzz1202hzz8275bhz2dh2a8h668h34h61h)
X-Serial: s56bjeOrIkQ/a1lF1xE7FgZ6LiKkZGZikwZzsP8pZFTXVZ/
X-Ironport-MID: [0029110]
Message-Id: <[email protected]>
Return-Path: [email protected]
X-MIMETrack: Itemize by SMTP Server on ntserver/notes-bensia(Release 6.0.2CF1|June 9, 2003) at
2012/10/19 =?Big5?B?pFekyCAxMjowNDoyOQ==?=,
Serialize by Router on ntserver/notes-bensia(Release 6.0.2CF1|June 9, 2003) at
2012/10/19 =?Big5?B?pFekyCAxMjowNDozMQ==?=,
Serialize complete at 2012/10/19 =?Big5?B?pFekyCAxMjowNDozMQ==?=
Content-transfer-encoding: 7bit
Content-type: text/html
X-OriginalArrivalTime: 18 Oct 2012 16:15:39.0392 (UTC) FILETIME=[D0631800:01CDAD4B]