WARNING - Super realistic WHC scam email (2.Viewing)

MapleDotsMapleDots is verified member.

MapleDots.ca
Domain Business
Community Guide
Joined
Nov 4, 2020
Topics
1,685
Posts
7,045
Likes
6,453
From
Waterloo, ON
Country flag
Screenshot - 2024-02-02T075902.863.png




Screenshot (100).png



Screenshot - 2024-02-02T080114.253.png




Email Source Code​


Text Box:
Delivered-To: sales@mapledots.ca
Received: by 2002:ac8:73c7:0:b0:42b:eae5:2453 with SMTP id v7csp859334qtp;
        Thu, 1 Feb 2024 15:11:34 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFNVYga9yvu8f6WIiYwW63NcscWBeokFPiIMUg5Ra7h1l35Wfnf47ae8BvAC4I2NqcDQsnQ
X-Received: by 2002:a17:906:fcb6:b0:a28:f8d2:7897 with SMTP id qw22-20020a170906fcb600b00a28f8d27897mr4999493ejb.20.1706829094108;
        Thu, 01 Feb 2024 15:11:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1706829094; cv=none;
        d=google.com; s=arc-20160816;
        b=HbLDI6aquK+bPHX7qq8FSju/8w6XqNy6b3/H8OZuwDOkLaXBu04W9D+UgXJ7A5vpDY
         Y9NFxdBiwSdk2yxDUCf5dmFKdQo7jfG/78dDMPYhOIoFGPaIPBUxJYq9o9WOuZfoCmK5
         OJ/am6dlDnPKQOVmpIyrDzRY8MOmBVN6hYCb6dDJ0+dFGQ6MhU57533l5nJNYlUlIpaM
         4FcVVdmZ0zwWQwlswGYBZ5d0ekRzUgdJHAGVyObZvjAvOBKSNwbrr00XmbglKt6gfd9H
         6z7881AqKy9AjX+iNKFH8KTAnN+soa4aTyRhz7G3xLErsBjQyNhtwBz3B3KFgUuOa6wG
         O3CA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:subject:reply-to
         :from:to:date:dkim-signature;
        bh=VPvZABq9THPX2L288KEb9fghtjriPqR5+O6wE4bHk1U=;
        fh=uMehnzSYuRrrUeN5/bg1xrAx20lIXug+c3dFZlBh6BU=;
        b=WqAaL5Iu9Z/79cmWlqNfozQM/pxN3CJIkRzaLAIJgDhg9pjRYsOQIUYs3ZWnpPrJYI
         Syp6ioiwaup7vkvoyli425EEuzLWypzlHrT7ScIle5HMcu4n/YG1VYwaAsGcO3SEYXFk
         iTA/yUfJ/K9a4yreayqLU/ruGza11GnlG+f4NqRH4cXRqvQNFj1JNcIWKkljGuxKQClh
         yUN/02SfSJadnrIOli4U5Hzs5s9DGlf/uKxobLAHlW6j5Z6tD14DWPlGyYQxOKfBoA8f
         M0wsd9FTakJBSBuxC6zTY5/FQ7Sq5hSMCleEWKxieqtmkl+scyljT9d/uC8f2kl0SYNn
         zC0g==;
        darn=mapledots.ca
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@decrypte.co header.s=default header.b=N5eFM7w3;
       spf=pass (google.com: domain of billing-whc-ca@decrypte.co designates 31.28.171.130 as permitted sender) smtp.mailfrom=billing-whc-ca@decrypte.co;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=decrypte.co
Return-Path: <billing-whc-ca@decrypte.co>
Received: from host11.goodhoster.net (host11.goodhoster.net. [31.28.171.130])
        by mx.google.com with ESMTPS id m5-20020a170906720500b00a30fc521223si246947ejk.76.2024.02.01.15.11.33
        for <sales@mapledots.ca>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 01 Feb 2024 15:11:34 -0800 (PST)
Received-SPF: pass (google.com: domain of billing-whc-ca@decrypte.co designates 31.28.171.130 as permitted sender) client-ip=31.28.171.130;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@decrypte.co header.s=default header.b=N5eFM7w3;
       spf=pass (google.com: domain of billing-whc-ca@decrypte.co designates 31.28.171.130 as permitted sender) smtp.mailfrom=billing-whc-ca@decrypte.co;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=decrypte.co
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=decrypte.co ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Subject:Reply-To:From:To:Date:Sender:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=VPvZABq9THPX2L288KEb9fghtjriPqR5+O6wE4bHk1U=; b=N5eFM7w3MJ2+7bI6XsGXhWy6Fo DJBDLLkTcx1fLDT7HRLPPfII6eU8R+Sso45jmRbqzoXt6Yci6YqcKE3TZWOl9e5uVS5UQBuLCC20w dRs9I+hzxh93dNzgRzhy8yhub6h7C9IINQ3i1K1fBz8d3g5PMWQCcod50vuylYJN6b2gkuuGi9nVU TaAKjhxAqrt9eCJu710g1OXe2lzIEqF1jOkaTF6UgJS0UPnQrpEujA5aiVfgiJrZKHeIYFhXdEQ0n N1wHlvnjRh4DkLmkhKaBo65+oBreg3uQy0e90jUcx6KPwdK4BEvaKa49CGiaAEIV6rznbUBqIITxs SdJFQQtg==;
Received: from [185.213.80.26] (port=63006 helo=localhost) by host11.goodhoster.net with esmtpsa
  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96.2) (envelope-from <billing-whc-ca@decrypte.co>) id 1rVgDU-0040Qa-2T for sales@mapledots.ca; Thu, 01 Feb 2024 23:11:33 +0000
Date: Thu, 1 Feb 2024 23:11:28 +0000
To: sales@mapledots.ca
From: "Noreply | WHC.CA" <billing-whc-ca@decrypte.co>
Reply-To: billing-whc-ca@tld.ylh.mybluehost.me
Subject: Domain privacy: Auto-renewal failed. - 2024-02-01 23:11:28
Message-ID: <CGLFiGNY9c5r9pt02e5bHi3kjZgPhFYDh9VPgnkZ4k@localhost>
X-Mailer: PHPMailer 6.9.1 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1=_CGLFiGNY9c5r9pt02e5bHi3kjZgPhFYDh9VPgnkZ4k"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host11.goodhoster.net
X-AntiAbuse: Original Domain - mapledots.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 8] / [47 8]
X-AntiAbuse: Sender Address Domain - decrypte.co
X-Get-Message-Sender-Via: host11.goodhoster.net: authenticated_id: billing-whc-ca@decrypte.co
X-Authenticated-Sender: host11.goodhoster.net: billing-whc-ca@decrypte.co
X-Source:
X-Source-Args:
X-Source-Dir:

--b1=_CGLFiGNY9c5r9pt02e5bHi3kjZgPhFYDh9VPgnkZ4k
Content-Type: text/plain; charset=us-ascii

This is the body in plain text for non-HTML mail clients

--b1=_CGLFiGNY9c5r9pt02e5bHi3kjZgPhFYDh9VPgnkZ4k
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable


<p>&nbsp;</p>
<center>
<table style=3D"text-size-adjust: 100%; border-collapse: collapse; max-widt=
h: 600px; width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
<tbody>
<tr style=3D"height: 49px;">
<td style=3D"text-size-adjust: 100%; height: 49px;"><img style=3D"width: 10=
0%;" src=3D"https://s.whc.ca/emailing/rainbow.png" alt=3D"" /></td>
</tr>
<tr style=3D"height: 123px;">
<td style=3D"text-size-adjust: 100%; background: #ffffff; text-align: cente=
r; padding: 30px 38px; height: 123px;"><a href=3D"https://whc.ca/en" target=
=3D"_blank" rel=3D"noopener"><img class=3D"mcnImage" style=3D"max-width: 10=
0%; padding-bottom: 0; display: inline !important; vertical-align: bottom; =
border: 0; height: auto; outline: none; text-decoration: none;" src=3D"http=
s://s.whc.ca/emailing/logo-whc-en.png?v2" alt=3D"Web Hosting Canada" width=
=3D"190" align=3D"middle" /></a></td>
</tr>
<tr style=3D"height: 573px;">
<td style=3D"text-size-adjust: 100%; padding: 0px 38px 38px; background: #f=
fffff; height: 573px;">
<h1 style=3D"text-align: center; font-size: x-large;">Invoice 1431030</h1>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;"><s=
pan style=3D"color: #212121; font-family: helvetica, arial; font-size: 24px=
; font-style: normal; font-variant-ligatures: normal; font-variant-caps: no=
rmal; font-weight: bold; letter-spacing: normal; orphans: 2; text-align: st=
art; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; white-space: normal; background-color: #fff=
fff; text-decoration-thickness: initial; text-decoration-style: initial; te=
xt-decoration-color: initial; display: inline !important; float: none;">Las=
t chance!&nbsp;</span><span style=3D"font-family: helvetica, arial; font-si=
ze: 24px; font-style: normal; font-variant-ligatures: normal; font-variant-=
caps: normal; font-weight: bold; letter-spacing: normal; orphans: 2; text-a=
lign: start; text-indent: 0px; text-transform: none; widows: 2; word-spacin=
g: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-col=
or: #ffffff; text-decoration-thickness: initial; text-decoration-style: ini=
tial; text-decoration-color: initial; margin: 0px; padding: 0px; color: #e8=
322e; -webkit-tap-highlight-color: transparent;">Save your domain!</span><b=
r /><br /></p>
<table id=3D"%id%" style=3D"font-family: Arial, Helvetica, sans-serif; lett=
er-spacing: normal; orphans: 2; text-transform: none; widows: 2; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; background-color: transparent; tex=
t-decoration-thickness: initial; text-decoration-style: initial; text-decor=
ation-color: initial; margin: 0px; padding: 0px; border-collapse: collapse;=
 max-width: 100%; border-spacing: 0px; -webkit-tap-highlight-color: transpa=
rent;" width=3D"100%">
<tbody style=3D"margin: 0px; padding: 0px; -webkit-tap-highlight-color: tra=
nsparent;">
<tr style=3D"margin: 0px; padding: 0px; vertical-align: top; -webkit-tap-hi=
ghlight-color: transparent; height: 42px;">
<td style=3D"margin: 0px; padding: 0px; line-height: 16px; font-size: 14px;=
 vertical-align: middle; -webkit-font-smoothing: subpixel-antialiased; -web=
kit-tap-highlight-color: transparent; height: 42px;">
<div style=3D"margin: 0px; padding: 0px; text-align: left; color: #212121; =
line-height: 21px; font-family: helvetica, arial; font-size: 14px; -webkit-=
font-smoothing: subpixel-antialiased; -webkit-tap-highlight-color: transpar=
ent;" align=3D"left">Your domain name has, regrettably, expired. In accorda=
nce with registry policies, your domain will be DELETED and open for regist=
ration to everyone.</div>
</td>
</tr>
<tr style=3D"margin: 0px; padding: 0px; vertical-align: top; -webkit-tap-hi=
ghlight-color: transparent; height: 10.3854px;">
<td style=3D"margin: 0px; padding: 0px; line-height: 16px; font-size: 14px;=
 vertical-align: middle; -webkit-font-smoothing: subpixel-antialiased; -web=
kit-tap-highlight-color: transparent; height: 10.3854px;">&nbsp;</td>
</tr>
<tr style=3D"margin: 0px; padding: 0px; vertical-align: top; -webkit-tap-hi=
ghlight-color: transparent; height: 21px;">
<td style=3D"margin: 0px; padding: 0px; line-height: 16px; font-size: 14px;=
 vertical-align: middle; -webkit-font-smoothing: subpixel-antialiased; -web=
kit-tap-highlight-color: transparent; height: 21px;">
<div style=3D"margin: 0px; padding: 0px; text-align: left; color: #212121; =
line-height: 21px; font-family: helvetica, arial; font-size: 14px; -webkit-=
font-smoothing: subpixel-antialiased; -webkit-tap-highlight-color: transpar=
ent;" align=3D"left">Please renew this domain name ASAP before someone else=
 registers it.</div>
</td>
</tr>
</tbody>
</table>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;">&n=
bsp;</p>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; col=
or: #0c5460; background-color: #d1ecf1; padding: 10px 20px; border-radius: =
3px; line-height: 1.8em;"><strong>Payment method:</strong> Visa / Mastercar=
d / AMEX</p>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; col=
or: #0c5460; background-color: #d1ecf1; padding: 10px 20px; border-radius: =
3px; line-height: 1.8em;"><strong>Connected to: </strong>freewifi.ca<br /><=
strong>Domain:</strong>&nbsp; sales@mapledots.ca<br /><strong>Status:</stro=
ng> Expired</p>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;">An=
 invoice has been generated on 2024-02-02 in your account.</p>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; tex=
t-align: center; margin: 30px 0;"><a class=3D"btn" style=3D"-ms-text-size-a=
djust: 100%; -webkit-text-size-adjust: 100%; border: 1px solid dodgerblue; =
background: dodgerblue; color: #ffffff; text-decoration: none; padding: 10p=
x 20px; border-radius: 3px;" href=3D"https://redirect.viglink.com/?u=3Dbill=
ing-whc.ca
&amp;key=3D912c7d186f7614c22e9b994eb37ee0f1&amp;prodOvrd=3DRAL&amp;cuid=3DP=
F1_fr-fr">View and pay your invoice</a></p>
<p style=3D"-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;">If=
 you have a valid credit card on file, we will automatically attempt to cha=
rge it 5 days prior to the due date.<br /><br />Questions or concerns? Cont=
act our friendly billing team at 1-514-504-2113 or via live chat on <a styl=
e=3D"color: dodgerblue;" href=3D"https://whc.ca/en" target=3D"_blank" rel=
=3D"noopener">whc.ca</a>. We re available 24/7!<br /><br />Regards,<br /><b=
r /><img class=3D"mcnImage" style=3D"max-width: 100%; padding-bottom: 0; di=
splay: inline !important; vertical-align: bottom; border: 0; height: auto; =
outline: none; text-decoration: none;" src=3D"https://s.whc.ca/emailing/whc=
-team.png" alt=3D"WHC team" width=3D"150" align=3D"middle" /></p>
</td>
</tr>
<tr style=3D"height: 40px;">
<td class=3D"padded" style=3D"text-align: center; padding: 0px; vertical-al=
ign: top; word-break: break-word; overflow-wrap: break-word; height: 40px;"=
><br />
<div class=3D"social-container" style=3D"height: 42px; padding-top: 20px; p=
adding-bottom: 20px;"><a href=3D"https://www.facebook.com/WHC.CA" target=3D=
"_blank" rel=3D"noopener"><img class=3D"social-media-icon facebook" src=3D"=
https://s.whc.ca/facebook.png" alt=3D"Facebook" height=3D"42" /></a><span s=
tyle=3D"color: #626262;">&nbsp;</span><a target=3D"_blank" rel=3D"noopener"=
><img class=3D"social-media-icon twitter" src=3D"https://s.whc.ca/twitter.p=
ng" alt=3D"Twitter" height=3D"42" /></a><span style=3D"color: #626262;">&nb=
sp;</span><a target=3D"_blank" rel=3D"noopener"><img class=3D"social-media-=
icon linkedin" src=3D"https://s.whc.ca/linkedin.png" alt=3D"LinkedIn" heigh=
t=3D"42" /></a><span style=3D"color: #626262;">&nbsp;</span><a target=3D"_b=
lank" rel=3D"noopener"><img class=3D"social-media-icon youtube" src=3D"http=
s://s.whc.ca/youtube.png" alt=3D"YouTube" height=3D"42" /></a></div>
</td>
</tr>
<tr style=3D"height: 85px;">
<td class=3D"mcnTextContent" style=3D"text-size-adjust: 100%; word-break: b=
reak-word; color: #999999; font-family: Helvetica; font-size: 12px; line-he=
ight: 150%; text-align: center; height: 85px;" valign=3D"top">
<p style=3D"text-align: center;">&nbsp;</p>
<p style=3D"text-align: center;">7250 Clark Street #301, Montreal, QC<br />=
H2R 2Y3 Canada | 1.514.504.2113<br /><a style=3D"-ms-text-size-adjust: 100%=
; -webkit-text-size-adjust: 100%; color: #999; mso-line-height-rule: exactl=
y; font-weight: bold; text-decoration: underline;">https://whc.ca</a></p>
</td>
</tr>
</tbody>
</table>
</center>


--b1=_CGLFiGNY9c5r9pt02e5bHi3kjZgPhFYDh9VPgnkZ4k--
 
Last edited:
They got my email, my domain, it looks like whc, it has everything to look like a legitimate WHC notice.

Unbelievable how sohisticated these scams are becoming.

WHC-FM @FM - I thought I would bring this to everyones attention.

The email address is a dead giveaway
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Back
Top Bottom