I received two emails this morning which I am pretty sure are scams. However they are genuine enough looking to make me think.
One is from Shared-Documents via SharePoint | My domain name <sharepointmyname@edocs.com>
The other is the same content but from DocuSign-Account | My domain name<sharefile-myname@edocs.com>
I have no financial or legal transactions pending, though have had some from my bank a few weeks ago that used similar system.
Hovering over Review document shows https: *//t.co/and a string of letters and numbers (My asterisk)
Header is
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=********; s=default;
t=1729740559;
b=fWk9VuhJTBrHbS6PAsxbS456OPAx2Q2fNc0uYtO2P9pL2TO6mBCjUzatS2SKRyKA8iyie
xgHibU/K11YPEX3xLDIZg/c23UyQQSSj20T7K7U57jKHXfxcyItf39X/xrpH2OFkn46bmNM
NZJbXKr0vDgp6IJnHPzlXRiPoq+ZZB8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=*******; s=default; t=1729740559; h=from : to : subject : date
: message-id : mime-version : content-type : content-transfer-encoding
: from; bh=Dl91aeOZr6BuSx0ujOOLEolWacFnm/EL0b4W8XMVtyw=;
b=qKenenM8kHrNlaL0iGLBEGAb5EvmdSlzXy/rE6MKIZcJhWIWWB4yXEPimgmgjiFYPRpK/
QpVC1fP+M+t3XJmLkm3g4+OK9ix4N4p6Hb14HFv0+hE/wSH7fDwX9AcmHHkHEwZya+1nEEh
wlP/fQCmRpieChH62E+zc0+l+N23RQM=
ARC-Authentication-Results: i=1; ynh4.uk.easy-server.com;
dmarc=none smtp.from=edocs.com header.from=edocs.com;
spf=none smtp.mailfrom=sharepoint********@edocs.com smtp.helo=edocs.com
Return-Path: <sharepointi********@edocs.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
ynh4.uk.easy-server.com
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=4.0 tests=HTML_FONT_SIZE_LARGE,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,RDNS_NONE,
SPF_HELO_NONE,SPF_NONE,TO_NO_BRKTS_NORDNS_HTML,URIBL_BLOCKED autolearn=no
autolearn_force=no version=3.4.0
X-Original-To: *****************
Delivered-To: *****************
Received: from edocs.com (unknown [201.218.200.106])
by ynh4.uk.easy-server.com (Postfix) with ESMTP id 8EBDFA0FA0
for <*****************>; Thu, 24 Oct 2024 04:29:17 +0100 (BST)
Authentication-Results: ynh4.uk.easy-server.com;
dmarc=none (p=NONE sp=NONE) smtp.from=edocs.com header.from=edocs.com;
spf=none (sender IP is 201.218.200.106) smtp.mailfrom=sharepointimcandrew@edocs.com smtp.helo=edocs.com
Received-SPF: none (ynh4.uk.easy-server.com: no valid SPF record)
From: "Shared-Documents via SharePoint | stbees.org.uk" <sharepointimcandrew@edocs.com>
To: **************
Subject: DocuSign Important received a New Secured Document ************** 10/23/2024
Date: 23 Oct 2024 22:29:16 -0500
Message-ID: <20241023222915.7EC4B503766BA989@edocs.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The screen grab is attached.
One is from Shared-Documents via SharePoint | My domain name <sharepointmyname@edocs.com>
The other is the same content but from DocuSign-Account | My domain name<sharefile-myname@edocs.com>
I have no financial or legal transactions pending, though have had some from my bank a few weeks ago that used similar system.
Hovering over Review document shows https: *//t.co/and a string of letters and numbers (My asterisk)
Header is
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=********; s=default;
t=1729740559;
b=fWk9VuhJTBrHbS6PAsxbS456OPAx2Q2fNc0uYtO2P9pL2TO6mBCjUzatS2SKRyKA8iyie
xgHibU/K11YPEX3xLDIZg/c23UyQQSSj20T7K7U57jKHXfxcyItf39X/xrpH2OFkn46bmNM
NZJbXKr0vDgp6IJnHPzlXRiPoq+ZZB8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=*******; s=default; t=1729740559; h=from : to : subject : date
: message-id : mime-version : content-type : content-transfer-encoding
: from; bh=Dl91aeOZr6BuSx0ujOOLEolWacFnm/EL0b4W8XMVtyw=;
b=qKenenM8kHrNlaL0iGLBEGAb5EvmdSlzXy/rE6MKIZcJhWIWWB4yXEPimgmgjiFYPRpK/
QpVC1fP+M+t3XJmLkm3g4+OK9ix4N4p6Hb14HFv0+hE/wSH7fDwX9AcmHHkHEwZya+1nEEh
wlP/fQCmRpieChH62E+zc0+l+N23RQM=
ARC-Authentication-Results: i=1; ynh4.uk.easy-server.com;
dmarc=none smtp.from=edocs.com header.from=edocs.com;
spf=none smtp.mailfrom=sharepoint********@edocs.com smtp.helo=edocs.com
Return-Path: <sharepointi********@edocs.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
ynh4.uk.easy-server.com
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=4.0 tests=HTML_FONT_SIZE_LARGE,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,RDNS_NONE,
SPF_HELO_NONE,SPF_NONE,TO_NO_BRKTS_NORDNS_HTML,URIBL_BLOCKED autolearn=no
autolearn_force=no version=3.4.0
X-Original-To: *****************
Delivered-To: *****************
Received: from edocs.com (unknown [201.218.200.106])
by ynh4.uk.easy-server.com (Postfix) with ESMTP id 8EBDFA0FA0
for <*****************>; Thu, 24 Oct 2024 04:29:17 +0100 (BST)
Authentication-Results: ynh4.uk.easy-server.com;
dmarc=none (p=NONE sp=NONE) smtp.from=edocs.com header.from=edocs.com;
spf=none (sender IP is 201.218.200.106) smtp.mailfrom=sharepointimcandrew@edocs.com smtp.helo=edocs.com
Received-SPF: none (ynh4.uk.easy-server.com: no valid SPF record)
From: "Shared-Documents via SharePoint | stbees.org.uk" <sharepointimcandrew@edocs.com>
To: **************
Subject: DocuSign Important received a New Secured Document ************** 10/23/2024
Date: 23 Oct 2024 22:29:16 -0500
Message-ID: <20241023222915.7EC4B503766BA989@edocs.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The screen grab is attached.
My Computer
System One
-
- OS
- Windows 11 - Updated automatically
- Computer type
- PC/Desktop
- Manufacturer/Model
- Updated Chillblast
- CPU
- Intel i7 12700K Twelve Core 3.6Ghz
- Motherboard
- MSI PRO Z690-A DDR4 Motherboard
- Memory
- Corsair 32Gb Vengeance RAM
- Cooling
- Air cooled
- Internet Speed
- 72Mb down, 18Mb up
- Browser
- Chrome
- Antivirus
- Avast