Thank goodness Norton Anti-Virus caught this one before I took action. Most trickster are not obvious to unsuspecting computer users. To get to know this phisher, we'll need to look under the covers.
In Outlook, select from the menu, Message Options. It may be fairly well hidden. This will reveal metadata to give us clues to track down where this nasty little message came from.
Below, see the Message Options, for the senders codes. BTW, Message Options is a very oblique use of English language. No wonder it's rarely used.
At first glance it looks gnarly. Notice two areas that are highlighted. That's all the info you will need to follow up to protect your InBox.
Return-path: <6aa2cbbaf@domainsya.com>
Envelope-to: info@XXXX.com
Delivery-date: Tue, 23 Oct 2017 08:00:37 -0400
Received: from impinc02.ourhostgacct.com ([101.1.13.102] helo=impinc02.ourhostgacct.com)
by mailscan15.ourhostgacct.com with esmtp (Exim)
id 1TQd9x-0000gj-CL
for info@XXXX.com; Tue, 23 Oct 2017 08:00:37 -0400
Received: from [194.176.60.209] ([194.176.60.209])
by impinc02.ourhostgacct.com with NO UCE
id Ec0b1k00T4WrvRu02c0cDC; Tue, 23 Oct 2017 08:00:37 -0400
X-EN-OrigIP: 194.176.60.209
X-EN-IMPSID: Ec0b1k00T4WrvRu02c0cDC
From: "Customer Service" <6AA2CBBAF@domainsya.com>
To: <info@XXXX.com>
Date: Tue, 23 Oct 2017 15:00:34 +0300
MIME-Version: 1.0
Reply-To: "Intuit No Reply" <2EF89473@abeystudio.com>
x-job: 77895_6181
Message-ID: <20121023150034.4575483F4581345DD4A4E.CBDC8F@MW7LUTC12PZFJ4>
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Order Confirmation
X-Brightmail-Tracker: AAAABhv0UkcWWC+kHCeIDxwngKUcJ3XiHEUfPg==
X-Brightmail-Tracker: AAAAARxVCNc=
I probably should block future email from two email address:
- 6AA2CBBAF@domainsya.com
- 2EF89473@abeystudio.com.
Better yet, I can block all email from this IP address: 194.176.60.109. I took the time to look the originating IP, internet provider. It was sent from a Lithuania host.
Geez, I guess I won't be hearing from them anytime soon!
