I've received an email to my gmail account from FCMB, a bank in Nigeria (flashing warning lights already). It's not addressed to me (i.e., the email starts off "Dear Daniel," [not my name]). But the email address is mine.
When I look at the headers in Google, it really does look to me like Google received it directly from FCMB.com. Here's the relevant bit (I think):
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of ebusiness@fcmb.com designates 41.223.147.112 as permitted sender) smtp.mailfrom=ebusiness@fcmb.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fcmb.com
Return-Path: <ebusiness@fcmb.com>
Received: from lin-smtp.fcmb.com (lin-smtp.fcmb.com. [41.223.147.112])
by mx.google.com with SMTP id n5si1099097wmi.93.2019.09.04.11.31.49
for <XXX@gmail.com>;
Wed, 04 Sep 2019 11:31:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of ebusiness@fcmb.com designates 41.223.147.112 as permitted sender) client-ip=41.223.147.112;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of ebusiness@fcmb.com designates 41.223.147.112 as permitted sender) smtp.mailfrom=ebusiness@fcmb.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fcmb.com
Message-ID: <5d700316.1c69fb81.8dceb.fbc9SMTPIN_ADDED_MISSING@mx.google.com>
Received: from INTRANET (unknown [172.27.15.3])
by lin-smtp.fcmb.com (Postfix)
with ESMTP id 69410875FC
for <XXX@GMAIL.COM>;
Wed, 4 Sep 2019 19:43:36 +0100 (WAT)
MIME-Version: 1.0
From: FCMB <ebusiness@fcmb.com>
How can I tell if this really being sent to me legitimately? Is this being faked in a way that I am missing things? In which case I want to better understand it since if not for all the red flags, I would have concluded that this email is legitimate.
P.S. This is the third email I've received in the last 2 months from FMCB that is addressed to "Daniel".