Job posting scam email

Hello all,

Please be aware of the below email that has been going around
offering a data Entry Position

Analysis

Mail server ip located in :117.41.185.73 is from China(CN) in region Southern and Eastern Asia
Type of Threat – Phishing
Link leads to a suspicious website offering advertizing

If you see the below email please mark as spam and delete

Beginning of the email

Numerous companies are looking for workers
to submit information into online forms and they
will pay you nicely in return. You can get paid
up to $25 per transaction.

This is not a get-rich-quick scheme but a
legitimate way to earn money from home.

Visit our website:
http://www.dataentry-jobs.net/affiliates/dataentry/

Beginning of header information

Delivered-To: [email protected]
Received: by 10.58.135.40 with SMTP id pp8csp120037veb;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Received: by 10.49.29.199 with SMTP id m7mr7069752qeh.41.1353120504693;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Return-Path:
Received: from advertise-bz.cn ([117.41.185.73])
by mx.google.com with SMTP id i8si2437232qec.28.2012.11.16.18.48.19;
Fri, 16 Nov 2012 18:48:24 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 117.41.185.73 as permitted sender) client-ip=117.41.185.73;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 117.41.185.73 as permitted sender) [email protected]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=key; d=advertise-bz.cn;
h=Message-ID:Date:From:User-Agent:X-Accept-Language:MIME-Version:To:Cc:Subject:Content-Type:Content-Transfer-Encoding;
b=fflppRk9QLhukPHlTAMl8sm56nAEMw5Iy2E2l32q6E4vPATMpAmyDrrVxBx0Xc6ONVbh1EJ6JHLG2/ZH7J+HX1YNs+srLNaYmoI26M84zQNzyOVuQU1E8RFYQB3TI5iZNm3KUVbA/lDDvcOSVYixlI0OX49QgdlTPOHf+oDsfYY=;
Message-ID:
Date: Fri, 16 Nov 2012 18:48:24 -0800
From: “Data Entry jobs”
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070728 Thunderbird/2.0.0.6
X-Accept-Language: en-us
MIME-Version: 1.0
To:
Cc: ,
,
,

Subject: Enter Data Online
Content-Type: text/plain;
charset=”iso-8859-1″

Phishing Email Received – Scotia Bank

Hello Everyone Please beware of the below email
if you see this email in your inbox please mark as spam and delete

Type of email – Phishing
Email Orgin Ip – 24.196.97.234
Orgin Country – 24.196.97.234 is from United States(US) in region North America
Link in email actually points to http://jailtimeconsulting.com/kikil/index.php

Beginning of the message

This e-mail has been sent by Scotia Bank to $recipient (October 18th, 2012)

ALERT-ID: 898-yj2

Dear customer ([email protected]),

This e-mail has been sent to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful login attemps on your account.
To prevent this to happen please login securely to our activation link below:

https://www2.scotiaonline.scotiabank.com/online1/authentication/Client1-id.0223=

If you have already confirmed your information then please disregard this message.

Regards,
Scotia bank member services.

Headers of message

x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensydyekesGC2M=
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 61.219.211.222) [email protected]ed2012.vipg.ScotiaBankOnline.com; dkim=none header.d=Scotia-Service.authorized2012.vipg.ScotiaBankOnline.com; x-hmca=none
X-SID-PRA: [email protected]ScotiaBankOnline.com
X-DKIM-Result: None
X-SID-Result: TempError
X-AUTH-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: aKlYzGSc+LlZYjyuJfh5TbvOiHB7JMONjE7r6u9GmbItAos1aZj28p5J0THbCXoQtsBIr7EjEH3ZrHJ7AslCkeJz+C+DQ6QMGccFWRR2u5GEK56h4BO0Ng4JJ4ZpwhI5DyjhaZCzJuIfcHsuByeAeg==
Received: from dns.bensia.com.tw ([61.219.211.222]) by SNT0-MC3-F41.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 18 Oct 2012 09:15:39 -0700
Received: from ntserver.bensia.com.tw ([192.168.2.5]) by DNS with trend_isnt_name_B; Fri, 19 Oct 2012 00:04:31 +0800
Received: from [192.168.16.23] ([24.196.97.234])
by ntserver.bensia.com.tw (Lotus Domino Release 6.0.2CF1)
with ESMTP id 2012101900042855-15896 ;
Fri, 19 Oct 2012 00:04:28 +0800
Date: Thu, 18 Oct 2012 16:04:25 GMT
X-cid: tsledu.7546.3968
From: [email protected]ScotiaBankOnline.com
X-campaignid: badoo 859.47.1.260411162103
X-Bps1: 8857252606
X-Header-Versions: [email protected]
X-MimeOLE: Produced by geraldonline.com
X-Log-Id: 309239
x-im: 38509-f171261bd5
X-LinkedIn-fbl: s-XJmbgVhoYWmQchVIS-IHA669o3zHRUZglPkb9vVXYjz_frhXJLWZAj
X-Ls-Send-Id: b_mrboke6j5h3rbcetrqkb41mrn8======
X-IronPort-AV: E=Sophos;i=”4.68,845,1312153200
To:
X-EMID: 0AA02SK0ICQ03HU050288NJ00L994LE
X-CCEmailDispatchID: 510090
Subject: (ID: seq) Account ALERT! ->
X-CTRc: 210750181
X-WSMTPCK: 77
X-EMV-CampagneId: 4251337
X-Campaign-Id: 3903
Mime-Version: 1.0 (iPod Mail 7E18)
X-BigFish: VPS-15(zz1803M542N217bLzz1202hzz8275bhz2dh2a8h668h34h61h)
X-Serial: s56bjeOrIkQ/a1lF1xE7FgZ6LiKkZGZikwZzsP8pZFTXVZ/
X-Ironport-MID: [0029110]
Message-Id: <[email protected]>
Return-Path: [email protected]ScotiaBankOnline.com
X-MIMETrack: Itemize by SMTP Server on ntserver/notes-bensia(Release 6.0.2CF1|June 9, 2003) at
2012/10/19 =?Big5?B?pFekyCAxMjowNDoyOQ==?=,
Serialize by Router on ntserver/notes-bensia(Release 6.0.2CF1|June 9, 2003) at
2012/10/19 =?Big5?B?pFekyCAxMjowNDozMQ==?=,
Serialize complete at 2012/10/19 =?Big5?B?pFekyCAxMjowNDozMQ==?=
Content-transfer-encoding: 7bit
Content-type: text/html
X-OriginalArrivalTime: 18 Oct 2012 16:15:39.0392 (UTC) FILETIME=[D0631800:01CDAD4B]