[GTER] Alerta de novo golpe de boleto - cobranca1.info

Márcio Merlone marcio.merlone at a1.ind.br
Mon Mar 23 14:45:59 -03 2015 

Pessoal,

Apenas para alertar, estamos recebendo novo golpe de boleto por email, 
este bem elaborado. Estão pegando informações de notas fiscais de 
fornecedores emitidas para nossa empresa e se passando por empresa de 
cobrança enviam novos boletos (Santander) cobrando os títulos já pagos. 
Ele convence pois vem com todos os dados corretos e reais, inclusive o 
valor.

Cabeçalhos para referência:

Return-Path:<financeiro at cobranca1.info>
(...)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com [69.93.154.24])
	by mx1.a1.ind.br (Postfix) with ESMTP id 480EC40034
	for<compras at a1.ind.br>; Mon, 23 Mar 2015 12:22:18 -0300 (BRT)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007)
	id 4A88A2CB30517; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
Received: from ham06.websitewelcome.com (unknown [192.185.0.197])
	by gateway16.websitewelcome.com (Postfix) with ESMTP id 308912CB304AB
	for<compras at a1.ind.br>; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
Received: by ham06.websitewelcome.com (Postfix, from userid 500)
	id 0A5784001A; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
X-Spam-Flag2999: NO
X-Spam-Level2999:
X-Spam-Status2999: "No, score=0.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FSL_HELO_BARE_IP_2,HTML_MESSAGE,RCVD_NUMERIC_HELO
	autolearn=no version=3.3.1
Received: from srv132.prodns.com.br (srv132.prodns.com.br [108.167.132.63])
	by ham06.websitewelcome.com (Postfix) with ESMTP id 860C840010
	for<compras at a1.ind.br>; Mon, 23 Mar 2015 10:22:09 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cobranca1.info; s=default;
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Subject:From:To:Date; bh=rU/Ud/HxXRK8qLxsFSMDuR3hm0BIEHVYYByqrs8HV0U=;
	b=oeY/Jim65r4cPsB894h7yHIA6pJ4lYx1tkEHMKTaTk3witT/hqrv4xFH63LjvYKVK8QbacxWwx9afz7jaNW/3B1V7pv85kS93T+rR2ZwGmV08dZCtzp2HSqjCw61mKZrUOJakAaXfKSdkTjwACN2VM+nnq8Efk81ZUYzB0GSgQo=;
Received: from [23.88.104.42] (port=57913 helo=23.88.104.43)
	by srv132.prodns.com.br with esmtpa (Exim 4.84)
	(envelope-from<financeiro at cobranca1.info>)
	id 1Ya4B7-0006qQ-90
	forcompras at a1.ind.br; Mon, 23 Mar 2015 12:22:09 -0300
Date: Mon, 23 Mar 2015 12:22:08 -0300
To: "A1 TECNOLOCIA E IND. MECANICA LTDA COD 11701"<compras at a1.ind.br>
From: RENNER HERRMANN S/A - 803<financeiro at cobranca1.info>
Subject: ##ULTIMO AVISO## Boleto: 0076547/01, Valor: R$ 202,40
Message-ID:<51d04a89cda6bed077c53bcf003113aa at 23.88.104.43>
X-Priority: 3
X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="b1_51d04a89cda6bed077c53bcf003113aa"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv132.prodns.com.br
X-AntiAbuse: Original Domain - a1.ind.br
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cobranca1.info
X-BWhitelist: no
X-Source-IP: 23.88.104.42
X-Exim-ID: 1Ya4B7-0006qQ-90
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (23.88.104.43) [23.88.104.42]:57913
X-Source-Auth:financeiro at cobranca1.info
X-Email-Count: 38
X-Source-Cap: Y29icmE3MDI7Y29icmE3MDI7c3J2MTMyLnByb2Rucy5jb20uYnI=

Além de BO na polícia, contato com os respectivos abuse@'s e ajustes no 
MX, alguma outra recomendação?

Sds.


-- 
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 9689-0036

http://www.a1.ind.br/ <http://www.a1.ind.br>

More information about the gter mailing list