-----Original Message-----
From: Chandler Willis <cwillis@westernexp.com>
Sent: Friday, December 6, 2024 10:07 AM
To: irt@westernexp.com
Subject: FW: Phishing:7b1b9b90-e18f-4e22-71fb-08dd160f120b|ronaldhobbs4537@outlook.com|(amazon order) 12/6/2024 4:05:47 PM
Attempted typical payment scam sent to Howard. He knows not to interact with these. I'm blocking the sender, and only URL contained is an unsubscribe link, which is safe. No attachments contained.
-----Original Message-----
From: Kace Security Helpdesk <securityhelpdesk@westernexp.com>
Sent: Friday, December 6, 2024 10:06 AM
To: irt@westernexp.com
Subject: FW: Phishing:7b1b9b90-e18f-4e22-71fb-08dd160f120b|ronaldhobbs4537@outlook.com|(amazon order) 12/6/2024 4:05:47 PM
________________________________________
From: Howard Brown <hbrown@westernexp.com>
Sent: Friday, December 6, 2024 10:05:47 AM (UTC-06:00) Central Time (US & Canada)
To: Kace Security Helpdesk
Subject: Phishing:7b1b9b90-e18f-4e22-71fb-08dd160f120b|ronaldhobbs4537@outlook.com|(amazon order) 12/6/2024 4:05:47 PM
# Questionable URLs detected in message:
None
Received: from SJ2PR12MB8112.namprd12.prod.outlook.com (2603:10b6:a03:4f8::21) by SA3PR12MB8764.namprd12.prod.outlook.com with HTTPS; Fri, 6 Dec 2024 16:01:53 +0000
Received: from DS7PR03CA0146.namprd03.prod.outlook.com (2603:10b6:5:3b4::31) by SJ2PR12MB8112.namprd12.prod.outlook.com (2603:10b6:a03:4f8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.11; Fri, 6 Dec 2024 16:00:14 +0000
Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:3b4:cafe::46) by DS7PR03CA0146.outlook.office365.com (2603:10b6:5:3b4::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8230.11 via Frontend Transport; Fri, 6 Dec 2024 16:00:13 +0000
Received: from us-smtp-inbound-delivery-1.mimecast.com (205.139.110.120) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8230.7 via Frontend Transport; Fri, 6 Dec 2024 16:00:13 +0000
Received: from s.wrqvtvvn.outbound-mail.sendgrid.net (s.wrqvtvvn.outbound-mail.sendgrid.net [149.72.120.130]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-636-5q_kOyz4PFCPaLz5zK_kKw-1; Fri, 06 Dec 2024 11:00:10 -0500
Received: by recvd-6d4df46df7-dvv6b with SMTP id recvd-6d4df46df7-dvv6b-1-67531F83-45 2024-12-06 16:00:03.590629856 +0000 UTC m=+1881463.998647293
Received: from NDg2Mzk3MTA (unknown) by geopod-ismtpd-34 (SG) with HTTP id JhjD5sfmQ8CyWSSTPDmBDA Fri, 06 Dec 2024 16:00:03.534 +0000 (UTC)
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Ronald <ronaldhobbs4537@outlook.com>
To: Howard Brown <hbrown@westernexp.com>
Subject: amazon order
Thread-Topic: amazon order
Thread-Index: AQHbR/grs1ykQsfu5UGQQ32VxXX47Q==
Date: Fri, 6 Dec 2024 16:00:05 +0000
Message-ID: <JhjD5sfmQ8CyWSSTPDmBDA@geopod-ismtpd-34>
List-Unsubscribe: <https://www.amazon.com>
Reply-To: "ronaldhobbs4537@outlook.com" <ronaldhobbs4537@outlook.com>
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id: 7b1b9b90-e18f-4e22-71fb-08dd160f120b
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <JhjD5sfmQ8CyWSSTPDmBDA@geopod-ismtpd-34>
X-MS-Exchange-Organization-RecordReviewCfmType: 0
received-spf: SoftFail (protection.outlook.com: domain of transitioning sendgrid.net discourages use of 205.139.110.120 as permitted sender)
x-ms-publictraffictype: Email
x-forefront-antispam-report: CIP:205.139.110.120;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:us-smtp-inbound-delivery-1.mimecast.com;PTR:us-smtp-inbound-delivery-1.mimecast.com;CAT:NONE;SFS:(13230040)(4022899009)(69100299015)(5073199012)(29132699027)(82310400026)(7093399012)(8096899003)(4076899003);DIR:INB;
authentication-results: spf=softfail (sender IP is 205.139.110.120) smtp.mailfrom=sendgrid.net; dkim=fail (body hash did not verify) header.d=sendgrid.net;dmarc=fail action=none header.from=outlook.com;compauth=none reason=405
x-ms-office365-filtering-correlation-id: 7b1b9b90-e18f-4e22-71fb-08dd160f120b
x-ms-traffictypediagnostic: DS2PEPF0000343F:EE_|SJ2PR12MB8112:EE_|SA3PR12MB8764:EE_
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|69100299015|5073199012|29132699027|82310400026|7093399012|8096899003|4076899003;
x-ms-exchange-crosstenant-originalarrivaltime: 06 Dec 2024 16:00:13.7194 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Internet
x-ms-exchange-crosstenant-id: 7574e840-7b4e-4dde-9344-850222919bd8
x-ms-exchange-crosstenant-network-message-id: 7b1b9b90-e18f-4e22-71fb-08dd160f120b
x-ms-exchange-transport-crosstenantheadersstamped: SJ2PR12MB8112
x-mc-unique: 5q_kOyz4PFCPaLz5zK_kKw-1
x-ms-exchange-transport-endtoendlatency: 00:01:40.1805728
x-ms-exchange-processed-by-bccfoldering: 15.20.8230.010
x-eopattributedmessage: 0
x-eoptenantattributedmessage: 7574e840-7b4e-4dde-9344-850222919bd8:0
x-mimecast-spam-score: 2
arc-seal: i=1; s=201903; d=dkim.mimecast.com; t=1733500813; a=rsa-sha256; cv=none; b=S8IqxplJTIA7g3B4bPQgf4+e75/ObQFqBkcImKkBhj09fmOC7DkQLV5Kjel3reYfyFnj+S ImA5AKPsIf9zieyXuQpDVlHOoJ3fJEfFXvM92mVoFv2pA1zHj/E2UjqWTpSduarfvF1w3s B3EYMXXZudry+2+TDQpPqUZI/1shnY900qUDIh5bP7mfcosfkPpeXSAq/Bl9r62hYXqpJP Xt2GZaJPVOMQtY2J1phymmIGe1vC1Rqex7ROpSsEG7RstleadE1TkaS/CYfs7pjWqmUcd6 VXEwI4BxpV8nsntYxBh/s5ga/sMDeR5MG+O7GHilPos4ongF170eKt/3BRktSw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=dkim.mimecast.com; s=201903; t=1733500813; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-unsubscribe:list-unsubscribe-post: dkim-signature; bh=b3QIaj8ITyeLwO7AxuoncEzS61g1lTan6CG4uOhVc5E=; b=f2vz+puUdIEMaBJP6rG1PBixc1v8iZV39A00a40zOQ9G50fRQvWHg09luwT+/OveyY6zpM Qhk2PCN3wFbcH5pTUkxjvmKpTHYO3Pwa0lP75zeU4X9JOCf20kBzI9lDjwoZp8UdWhrrf/ zkULMWUFIqkXiP6iLKoOsEXJOP/Ng2InI3B62Jf7typ5GhYKRGpeLo8WaOs0sCuBJADBEM dwBMiC4iUZqsKW3qMhUOjzjwZeVEsYNXi6b84Ue/v52/2mfsjPJ6WaP4NA8XG9CfUvb4I2 vF/mVEMj/ttmSWVa1yPSdxBJIoNv04ehRvizFjiA/CX7f6C3kxfbyyaJ3vxzUg==
arc-authentication-results: i=1; relay.mimecast.com; dkim=pass header.d=sendgrid.net header.s=smtpapi header.b=Z0jvm2r1; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=outlook.com (policy=none); spf=pass (relay.mimecast.com: domain of "bounces+48639710-98d8-hbrown=westernexp.com@sendgrid.net" designates 149.72.120.130 as permitted sender) smtp.mailfrom="bounces+48639710-98d8-hbrown=westernexp.com@sendgrid.net"
authentication-results-original: relay.mimecast.com; dkim=pass header.d=sendgrid.net header.s=smtpapi header.b=Z0jvm2r1; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=outlook.com (policy=none); spf=pass (relay.mimecast.com: domain of "bounces+48639710-98d8-hbrown=westernexp.com@sendgrid.net" designates 149.72.120.130 as permitted sender) smtp.mailfrom="bounces+48639710-98d8-hbrown=westernexp.com@sendgrid.net"
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=content-type:from:mime-version:subject:reply-to:list-unsubscribe: list-unsubscribe-post:to:cc:content-type:from:subject:to; s=smtpapi; bh=/HLNPNwxGGiknbGAtX3BsoUghdNYr8sLZgNuTNwm1yM=; b=Z0jvm2r1PEjxgAT4gl6zAxjSVbxlIXMaI7nMxD45IknkGf6Ra/yxH89r+s4TvRfMK02G NHAljreHBxxU9aNaF+G9RX3Kh2HLY/1pfDZnF9ElQaFguLazMO7PseD6HBbnRbb/uWa/4S Eib2XTBUw7kPNR94t7X8HnhH+8TXFG/hM=
x-ms-exchange-crosstenant-authas: Anonymous
x-ms-exchange-crosstenant-authsource: DS2PEPF0000343F.namprd02.prod.outlook.com
x-ms-exchange-atpmessageproperties: SA|SL
MIME-Version: 1.0
If you want such reports to go to Microsoft directly, you can change the reported message destinations from the settings at https://security.microsoft.com/userSubmissionsReportMessage
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com