OwlCyberSecurity - MANAGER

Edit File: 1702285331.M318702P2333489.server237.web-hosting.com,S=14335,W=14601

Return-Path: <info@mandatorytraining.co.uk> Delivered-To: dev@ebaarchitects.org Received: from server237.web-hosting.com by server237.web-hosting.com with LMTP id kG3gEhPQdmUxmyMA7Ypugw (envelope-from <info@mandatorytraining.co.uk>) for <dev@ebaarchitects.org>; Mon, 11 Dec 2023 04:02:11 -0500 Return-path: <info@mandatorytraining.co.uk> Envelope-to: dev@ebaarchitects.org Delivery-date: Mon, 11 Dec 2023 04:02:11 -0500 Received: from mail-cwxgbr01on2087.outbound.protection.outlook.com ([40.107.121.87]:41594 helo=GBR01-CWX-obe.outbound.protection.outlook.com) by server237.web-hosting.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.1) (envelope-from <info@mandatorytraining.co.uk>) id 1rCcAv-00A9Rg-2M for dev@ebaarchitects.org; Mon, 11 Dec 2023 04:02:11 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b9GY1SatSH4xECxTrjeXR1GqLf+D7yc/7q8V0KZN6VxzBlmEr1P5TshQ4K7XXMf2rYw1kbgWDTMMjiSS+0/fd50n1qJq0V9E6WLE+JF6kdbNBgoOQdYbqowRQthIzHyOsHv0Gi0s5qoIE/GOuzvR1KJULZDZp3ey+5KSB7eqB7GFAYHKMUUm2j/d8VqQ8e3CGXtQA8TdDZJNPcIsa0Lsb79EvNoraWdJ6wUgZh6otAbWesxg7qQ6xlbqpkDJJzwWv0EbP9lkM1E8tpE2G9wISdzzwP0nAg4DxjdmPwVISurtyU76wYdhX21mxXZ9l/Dk2Am2NqAB1v0y21qV0ndo6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OOjZ64Xo/rQyB5lgmcONBLzSriP1AFL/DToDP/omsDY=; b=QyEcm1PvclLGTckJGweib0Yl3+tpoGcYRwLSUw1lBGYaKheF3HzQXKbMHxP5RL6YNdp/whA0K3zY6/6Ah9V2/iBGd22Aqtoq9ECDTo+Lixydyon5xNypXDfH+tT8H9C2EGLwCuDOvyteZFpZrO46cs5tQosGWlL6gN6JuNxhOkBRRgc9sduegWK9zG3L/00ezIbh97VBIh1tnvZ3IHbYuM0J4BaOTtTFGv8+wsoY86qEKuMnBIOsg74rSXuDWmL8TmKUwZg6OihCOZ35T250QKDzufKnHaWCrBiO12vqbwq8CTnZzcxIyrMhoj+CP2pS5CvSt0y6YQIzq8EGiUKPKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mandatorytraining.co.uk; dmarc=pass action=none header.from=mandatorytraining.co.uk; dkim=pass header.d=mandatorytraining.co.uk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TheMandatoryTrainingGroup.onmicrosoft.com; s=selector2-TheMandatoryTrainingGroup-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OOjZ64Xo/rQyB5lgmcONBLzSriP1AFL/DToDP/omsDY=; b=nyESZYGCxfZv39GwNP49pGkoUNLyA588CpUWEYCDFLSBPxY1kFjltXKHMrsVHGKYDo4EJ50dzeSHphH8wgpp6YDSg20ih9xWTBdagLEYI/q+/joWL/cMSrMBdvR5h91bHKcmJ/kf1fDl958gEAxNd/ND5H4G4LLEMV1WbkWvbpA= Received: from CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:1c6::9) by LO3P123MB3338.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:103::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.32; Mon, 11 Dec 2023 09:01:23 +0000 Received: from CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM ([fe80::c6e7:1712:d84d:c2f]) by CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM ([fe80::c6e7:1712:d84d:c2f%6]) with mapi id 15.20.7068.031; Mon, 11 Dec 2023 09:01:22 +0000 From: Support Team <info@mandatorytraining.co.uk> To: "dev@ebaarchitects.org" <dev@ebaarchitects.org> Subject: Re: Possible suspicious charge on my bank account - urgent attention required Thread-Topic: Possible suspicious charge on my bank account - urgent attention required Thread-Index: AQHaK9p+h1MavhB8M0uQXEm3OAJw2bCjyYTJ Date: Mon, 11 Dec 2023 09:01:22 +0000 Message-ID: <CWLP123MB6034D6927D7EDF347FCD2E8E918FA@CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM> References: <0a531ab15b705a55862c65ce284c6666eeb5ca@ebaarchitects.org> In-Reply-To: <0a531ab15b705a55862c65ce284c6666eeb5ca@ebaarchitects.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-hs-fax-cid: 1cnhhghnv9na70j0gwalqc92l674aq7hjs4qcr7rscp45sb2fkf3pk1r9g6q327qvm9m9ywwjrccnnasipu0mux350hma2tlyma2128lmy33y3eonfyydbtzsyox7kgg5jaadi authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mandatorytraining.co.uk; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CWLP123MB6034:EE_|LO3P123MB3338:EE_ x-ms-office365-filtering-correlation-id: 940bdf92-36d4-4950-68ca-08dbfa27bf99 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jVAWfo3FkZreMG6IpeubsynU6u72CsO/Wl0UsDP9SIm2Co0uK1e49MeO77g2Ff5GBrHNhFZgl0m02X/9W6eWfb9FuVNmzCz/I/d5AEuVNYDTEJI09KbUiVwYiNnX3gQ4ZMJdjbvYiyulSsJCoJX1gbK6T9KDRvzZqhe9VzFra+n4jaucFs8UMfWK9HKv/8V4nBAuHqjHBtHWZJjWLF7PQTKO1Kvu5GSKwz/nL+RuSKKmyu1DPNyXN7kd6qsOw/qzfqkZtA2+PngIqkPfQgKJMNzxpz5rFQwhgdbgPqwfDTalXZLiJelob6kYIJq80G4hU5w7WrnXKtkjrvheQ7j0H22yP0XSmtSXDL/RfwV/aNTLZfX6ZaHN34CWVb6xefhbKKpZCSo7FyKCT5hFLkJ8hfvNTsqYU7daSa0Qfx1tT0Qt/y1+rO1xUSqxhs3rnF1T6mhhim/wDVcy8pNbA+VsyUtGpFArlTU9Rfa7Y5IPSS8/3TCBIoEpDS6IGXqWz+qUB1jcJzWu3yb2V3IqJNaIAHY19HHBN8nbxMvHCjDnlfGnMe8WQQhtg4kRto3Rwj4ZJ2L+tP2/5TqArkpjjyfrfoS+mVGMIFNb2g45ZiXhZy81M91HFLcMRMC9Q7zo+DiqmiOn/5+dNzbLwbFzhYKa4w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(346002)(376002)(366004)(39830400003)(396003)(136003)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(26005)(6506007)(7696005)(9686003)(71200400001)(55236004)(83380400001)(5660300002)(15650500001)(52536014)(64756008)(4744005)(41300700001)(2906002)(478600001)(6916009)(76236004)(8676002)(8936002)(66946007)(76116006)(66556008)(66446008)(316002)(66476007)(122000001)(33656002)(86362001)(38100700002)(38070700009)(55016003)(19627405001)(66899024)(340984004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?oxFsqs6JB/mzC0CaKqMn/Furcjn1J+nAkElpc0pMmBgjmRvDfenY/sPPd4nJ?= =?us-ascii?Q?toumRctYXdhaxMrrnG1OATklOVMkZzM8RUq/kJVSC7bmMnIIuEy7e9x4H1hC?= =?us-ascii?Q?P/H+bK7eyTJu0mNuV2WtMHWbXrkkSqlEDYb9Yjg+nIsVoCFlfU+QxHwHXRpZ?= =?us-ascii?Q?xeqv3ciNYm/+JG9vzpbtwNuJzWIBjbYATBcTgg9r/T1ApSg6D+9zSVSBFdmf?= =?us-ascii?Q?+4erxKht1ZM90f42CvQI5Xh5Bp5VNA2egRyX9W0PG9udtQq36KQE/b7RsU6w?= =?us-ascii?Q?SwZzuk1gsY0wIQMpifBUkADQ9Dpw/hbOqPjog5v7voBF+KaGAJ+8U0mlrTqZ?= =?us-ascii?Q?R6IAcC2Xuj7SGC2J3COVHrAqgDm2G2G+mdzd/hYurQeJyK2OL+Mar62+2IHN?= =?us-ascii?Q?7fLhp63dBrnn2oQljARU+4NYUyFu8dZbNcD8qaZtZFGL8GSJRCupe2Ejt+V+?= =?us-ascii?Q?dEvLDyb6GF4rgz5Iitic4wkL/Nrz1P9GHw/3/FDUyBvuBQeEpMgBpFSJ0NCF?= =?us-ascii?Q?CKvLPXGe9eabmBMMlxC+uauJ1pISjhc5G02bokvk/BMXfMPH1boM+I45XKYR?= =?us-ascii?Q?OX+VGlKQ75n340sXZahVIaZCj5WSrlsWGBVcRGJ9pZe6Ls+egZkaKa9dGY1l?= =?us-ascii?Q?sWSPVDFiX63Q0ko1R60qk/JYPo2QLJ6GketWhVJ8b/sxx+mEwrDGKUhnrJHY?= =?us-ascii?Q?amW0t4Ik6iWDi93ny6JvDYmcGNadHs1FxV1SsNnoYgmwFFexe0ILmPpt3FwM?= =?us-ascii?Q?iKCc1HYh+ifgJpwj13GAtghUx9ZJFwdiH2alMVpwxsUOXk5g0DaGfK8dN/Yg?= =?us-ascii?Q?EzuehI815QXo0iDfYwXgROYY1NxePjFVV5YDKgAxpnSoYDw7MS/j5OuE33Px?= =?us-ascii?Q?zB8fxRH1vjBBHFr6STVNr4gCV+EoWZLrdvaVu6enautAKLIIpKyofAeauPF/?= =?us-ascii?Q?qVxcjXoNJasIQWFL7fLGExhOAGSJe7+lZhdyzZnRalHFFXDWfBZJYTJzyjuf?= =?us-ascii?Q?8MzOQvcBLnZOQvlw2sQvTlnfW196+hUHchBfVTFEKsL76SKL9NfF62Dr+CzQ?= =?us-ascii?Q?+cdkIJR1dtj+2k7I1LQyZAGr4bxQWedP8aWNsxYMboAnM3LRk36EmWwKzOwK?= =?us-ascii?Q?q7uaaPzhPmmoVZ8vJdtX7A+sejPRGMYUEE4akfZLMiS3IqJlTcHUjA5oneLv?= =?us-ascii?Q?/9Og6eZWzXBBvK2+3/RugqMfVLfB4qwkRi8POd+JWHH7T7NU4PCAmHZk+q0r?= =?us-ascii?Q?sIR4HYNsGnaTaAhV9/2DCb6gJzbLPbkmpHKIzHuxtChT3kQ6fdLI0/i6MK0f?= =?us-ascii?Q?bdMBucukT1ItFiFYy8fkTLF/v125i5itUWtLOIaxk2OXdZyBb1VfUk48C/+b?= =?us-ascii?Q?EajQV1Fq0Igi7VSZkpNYyXvZ5wZaS4MrbyEe2Y+re0RY6qVBvZOoCTtQD9Ff?= =?us-ascii?Q?XCIp7XkGDaacGiwr0Y64S/CYyqOKN8+lvgFt2TjfLekQjh8UvUcI5EOp0Nh6?= =?us-ascii?Q?QbGoatvFMoMIXlGQyyRnQrEniLUABV0VrljPTzWiGeIZootk9zkNzBtjYp2u?= =?us-ascii?Q?mzs3siDbJ+uoMIHxDEbzHNawbshoVmDEvCuu38X0BWXXlxuJSIeWs4eysbf/?= =?us-ascii?Q?qw=3D=3D?= Content-Type: multipart/alternative; boundary="_000_CWLP123MB6034D6927D7EDF347FCD2E8E918FACWLP123MB6034GBRP_" MIME-Version: 1.0 X-OriginatorOrg: mandatorytraining.co.uk X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CWLP123MB6034.GBRP123.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 940bdf92-36d4-4950-68ca-08dbfa27bf99 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2023 09:01:22.7906 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: fed28fed-0aaa-491b-a7d0-9b492075eb4c X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: KGZpWV5NaLaIJy9aSLCdtoxLePls3TMMfcG1+4/FPzaGQNYlboj5VJR4MQafTIkdDrRfKjcQxSBoLjvaJk14ltsXwCX6S2kqg4h4ugiPB2M= X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO3P123MB3338 X-Spam-Status: No, score=2.1 X-Spam-Score: 21 X-Spam-Bar: ++ X-Ham-Report: Spam detection software, running on the system "server237.web-hosting.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Good day, Bern I hope you are well. Please provide us with the order number or order transaction so we can investigate this on our end. Content analysis details: (2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: hs-service-engage.com] 0.8 KAM_COUK Scoring .co.uk emails higher due to poor registry security. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_REMOTE_IMAGE Message contains an external image X-Spam-Flag: NO --_000_CWLP123MB6034D6927D7EDF347FCD2E8E918FACWLP123MB6034GBRP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Good day, Bern I hope you are well. Please provide us with the order number or order transaction so we can inve= stigate this on our end. Looking forward to hearing from you at your earliest. Many thanks, Jesh On Monday, 11 December 2023, 02:33:59 GMT, Bern S <dev@ebaarchitects.org<ma= ilto:dev@ebaarchitects.org>> wrote: Hello Customer Support Team, I am extremely disappointed to have discovered an unauthorized payment made= on my credit card for a purchase made on your website. I have never made a= ny purchase on your site before, and I am deeply concerned about how my per= sonal information may have been compromised. I have already reported this matter to my bank and have provided them with = all the necessary documentation to prove that I did not make this payment. Please assist me in this matter by providing me with any relevant informati= on, such as the transaction ID, that could help me identify the source of t= his issue. Your prompt action on this matter would be greatly appreciated. Sincerely, --_000_CWLP123MB6034D6927D7EDF347FCD2E8E918FACWLP123MB6034GBRP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!doctype html> <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= > </head> <body> <div class=3D"hs_reply_wrap"> <div style=3D"font-family: sans-serif;" dir=3D"auto" data-top-level=3D"true= "> <p style=3D"margin:0;">Good day, Bern</p> <br> <p style=3D"margin:0;">I hope you are well.</p> <br> <p style=3D"margin:0;">Please provide us with the order number or order tra= nsaction so we can investigate this on our end.</p> <br> <p style=3D"margin:0;">Looking forward to hearing from you at your earliest= .</p> <br> <p style=3D"margin:0;">Many thanks,</p> <br> <p style=3D"margin:0;">Jesh</p> </div> <div class=3D"hs_reply"><br> <div>On Monday, 11 December 2023, 02:33:59 GMT, Bern S <span dir=3D"ltr">&l= t;<a href=3D"mailto:dev@ebaarchitects.org" target=3D"_blank">dev@ebaarchite= cts.org</a>&gt;</span> wrote: <br> <blockquote class=3D"hs_reply_quote" style=3D"margin:0 0 0 .8ex;border-left= :1px #ccc solid;padding-left:1ex"> <div align=3D"left"><font size=3D"2" face=3D"Arial">Hello Customer Support = Team,</font> </div> <div>&nbsp; </div> <div align=3D"left"><font size=3D"2" face=3D"Arial">I am extremely disappoi= nted to have discovered an unauthorized payment made on my credit card for = a purchase made on your website. I have never made any purchase on your sit= e before, and I am deeply concerned about how my personal information may have been compromised.</font> </div> <div>&nbsp; </div> <div align=3D"left"><font size=3D"2" face=3D"Arial">I have already reported= this matter to my bank and have provided them with all the necessary docum= entation to prove that I did not make this payment.</font> </div> <div>&nbsp; </div> <div align=3D"left"><font size=3D"2" face=3D"Arial">Please assist me in thi= s matter by providing me with any relevant information, such as the transac= tion ID, that could help me identify the source of this issue.</font> </div> <div>&nbsp; </div> <div align=3D"left"><font size=3D"2" face=3D"Arial">Your prompt action on t= his matter would be greatly appreciated.</font> </div> <div>&nbsp; </div> <div align=3D"left"><font size=3D"2" face=3D"Arial">Sincerely,</font> </div= > </blockquote> </div> </div> </div> <img width=3D"1" height=3D"1" style=3D"display:none" alt=3D"" src=3D"https:= //cpHfy04.na1.hs-service-engage.com/Cto/ON+23284/cpHfy04/R5R8b48XSN7CqsHf2f= J7zW1Q3fqG25cBJTW3DLtY51X1nJfW1Gytc31YXNgHW23gPY421gBKGW3GJsPS1Q5kxHn1-_jsv= 4W1"> </body> </html> --_000_CWLP123MB6034D6927D7EDF347FCD2E8E918FACWLP123MB6034GBRP_--