[some headers clipped]
Received-SPF: softfail (google.com: best guess record for domain of transitioning EmilyVulich@comcast.com does not designate 184.108.40.206 as permitted sender) client-ip=220.127.116.11;
Received: from [18.104.22.168] by mx1.comcast.com; Tue, 10 Jul 2012 09:54:50 -0500
From: Logistics Express <firstname.lastname@example.org>
Subject: You have urgent work
Date: Tue, 10 Jul 2012 09:54:50 -0500
We got today a letter from tax dpeartment they writing that we have not paid all needed taxes. You must urgent clear this shit other way they are freeze our bank accuonts.
I have scanned the letter for you, you will find it in attach. Clear this situtaion and write me back.
Of course, the headers weren't visible...
But seriously, even without the headers, how does this kind of thing ever work?
Even if I ignore the bad grammar & spelling, and expect that most end users wouldn't check the headers & wonder why EmilyVulich@comcast would have sent a message as accountservices@ups through a channel that doesn't conform to the Sender Policy Framework...Okay, I get that there's only a handful of us that even know how to look at things like that...So ignoring all of that...why would I ever believe that an error paying taxes on my part would lead to UPS having their bank accounts frozen?
Good stuff. Thanks, Anonymous Malware Spammer, for the laugh.
this guy seems legit.