Just received this jewel.

The sender’s name is apparently “Vicky Murray”, yet the email is “dana.barbara@dpmcglobal.net”. dmpcglobal.net is a real entity. Dana Barbera is on the board of that entity. So who’s this Vicky Murray? Can’t find a match with “vicky murray” and “fgproducts”.

The reply to: is tracking@yopmail.com, which is a *throwaway* email site.

The fgproducts.com is a real thing, doing something with trucking.

There’s the observation that this email was apparently sent to “toms@kfive.com”, yet the domain “kfive.com” is parked. In the source, it was sent to one of my oldest email addresses, which is probably all over the interwebs. Also, in the source, there’s fullblownmail.com and 104.223.37.217.static.quadranet.com, maybe those are just innocent bystanders.

The misspells and/or malaprops are funny: “confidentiality” when I suspect they wanted “confidentially”; “appriciate” instead of “appreciate”.

Finally, there’s the .doc attachment, complete with the impressive password “123”. I don’t feel like opening the attachment, I have a sandboxed Linux machine for that, but maybe another time.

Phishing must be so much fun, except for the people who don’t know their names are being used for it.