[GTER] Alerta de novo golpe de boleto - cobranca1.info

Rubens Marins Schner rubens at brisanet.com.br
Tue Mar 24 09:02:13 -03 2015


Se você tem certeza que é fraude, pague o valor de R$ 0,01 cada boleto.

Assim você inverte o golpe, e o golpista  não pode lhe acusar de má fé.
On Mar 23, 2015 10:37 PM, "Márcio Merlone" <marcio.merlone at a1.ind.br> wrote:

> Pessoal,
>
> Apenas para alertar, estamos recebendo novo golpe de boleto por email,
> este bem elaborado. Estão pegando informações de notas fiscais de
> fornecedores emitidas para nossa empresa e se passando por empresa de
> cobrança enviam novos boletos (Santander) cobrando os títulos já pagos. Ele
> convence pois vem com todos os dados corretos e reais, inclusive o valor.
>
> Cabeçalhos para referência:
>
> Return-Path:<financeiro at cobranca1.info>
> (...)
> Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com
> [69.93.154.24])
>         by mx1.a1.ind.br (Postfix) with ESMTP id 480EC40034
>         for<compras at a1.ind.br>; Mon, 23 Mar 2015 12:22:18 -0300 (BRT)
> Received: by gateway16.websitewelcome.com (Postfix, from userid 5007)
>         id 4A88A2CB30517; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
> Received: from ham06.websitewelcome.com (unknown [192.185.0.197])
>         by gateway16.websitewelcome.com (Postfix) with ESMTP id
> 308912CB304AB
>         for<compras at a1.ind.br>; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
> Received: by ham06.websitewelcome.com (Postfix, from userid 500)
>         id 0A5784001A; Mon, 23 Mar 2015 10:22:10 -0500 (CDT)
> X-Spam-Flag2999: NO
> X-Spam-Level2999:
> X-Spam-Status2999: "No, score=0.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
>         DKIM_VALID,DKIM_VALID_AU,FSL_HELO_BARE_IP_2,HTML_MESSAGE,
> RCVD_NUMERIC_HELO
>         autolearn=no version=3.3.1
> Received: from srv132.prodns.com.br (srv132.prodns.com.br
> [108.167.132.63])
>         by ham06.websitewelcome.com (Postfix) with ESMTP id 860C840010
>         for<compras at a1.ind.br>; Mon, 23 Mar 2015 10:22:09 -0500 (CDT)
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=
> cobranca1.info; s=default;
>         h=Content-Transfer-Encoding:Content-Type:MIME-Version:
> Message-ID:Subject:From:To:Date; bh=rU/Ud/HxXRK8qLxsFSMDuR3hm0BIEHVYYByq
> rs8HV0U=;
>         b=oeY/Jim65r4cPsB894h7yHIA6pJ4lYx1tkEHMKTaTk3witT/
> hqrv4xFH63LjvYKVK8QbacxWwx9afz7jaNW/3B1V7pv85kS93T+
> rR2ZwGmV08dZCtzp2HSqjCw61mKZrUOJakAaXfKSdkTjwACN2VM+nnq8Efk81ZUYzB0GSgQo=;
> Received: from [23.88.104.42] (port=57913 helo=23.88.104.43)
>         by srv132.prodns.com.br with esmtpa (Exim 4.84)
>         (envelope-from<financeiro at cobranca1.info>)
>         id 1Ya4B7-0006qQ-90
>         forcompras at a1.ind.br; Mon, 23 Mar 2015 12:22:09 -0300
> Date: Mon, 23 Mar 2015 12:22:08 -0300
> To: "A1 TECNOLOCIA E IND. MECANICA LTDA COD 11701"<compras at a1.ind.br>
> From: RENNER HERRMANN S/A - 803<financeiro at cobranca1.info>
> Subject: ##ULTIMO AVISO## Boleto: 0076547/01, Valor: R$ 202,40
> Message-ID:<51d04a89cda6bed077c53bcf003113aa at 23.88.104.43>
> X-Priority: 3
> X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="b1_51d04a89cda6bed077c53bcf003113aa"
> Content-Transfer-Encoding: 8bit
> X-AntiAbuse: This header was added to track abuse, please include it with
> any abuse report
> X-AntiAbuse: Primary Hostname - srv132.prodns.com.br
> X-AntiAbuse: Original Domain - a1.ind.br
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
> X-AntiAbuse: Sender Address Domain - cobranca1.info
> X-BWhitelist: no
> X-Source-IP: 23.88.104.42
> X-Exim-ID: 1Ya4B7-0006qQ-90
> X-Source:
> X-Source-Args:
> X-Source-Dir:
> X-Source-Sender: (23.88.104.43) [23.88.104.42]:57913
> X-Source-Auth:financeiro at cobranca1.info
> X-Email-Count: 38
> X-Source-Cap: Y29icmE3MDI7Y29icmE3MDI7c3J2MTMyLnByb2Rucy5jb20uYnI=
>
> Além de BO na polícia, contato com os respectivos abuse@'s e ajustes no
> MX, alguma outra recomendação?
>
> Sds.
>
>
> --
> *Marcio Merlone*
> TI - Administrador de redes
>
> *A1 Engenharia - Unidade Corporativa*
> Fone:   +55 41 3616-3797
> Cel:    +55 41 9689-0036
>
> http://www.a1.ind.br/ <http://www.a1.ind.br>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>



More information about the gter mailing list