This comes out of Australia and I didn't even engage him, so he hasn't gotten to the "meat" of his scam yet. But it has enough the tell-tale signs. I'm posting the full headers so you can see the difference between his "From" and "Reply-to" email address and the actual "Return-path" (shown when you view full headers).
I think they are getting hip to us asking them to come up with specifics and now they are asking what our website is when replying, to make sure they are contacting the right *victim*... I mean store... Very funny of them to do this.
Return-path: [crothing@ju001lcs00.syd.the-server.com.au]
Received: from ju001lcs00.syd.hosting-server.com.au (HELO ju001lcs00.syd.the-server.com.au) ([113.20.10.185])
by ironport1-mta.cbr1.mail-filtering.com.au with ESMTP;
Received: from crothing by ju001lcs00.syd.the-server.com.au with local (Exim 4.69) (envelope-from [crothing@ju001lcs00.syd.the-server.com.au])
id 1PLiZh-0008Tw-E1
Subject: ORDER ENQUIRY
From: Jason Max [jasonmax147@gmail.com]
Reply-To: jasonmax147@gmail.com
Message-Id: [E1PLiZh-0008Tw-E1@ju001lcs00.syd.the-server.com.au]
Hello,
How are you doing, i will like to order some of your products, i will be making payment via my credit card,i will have a shipping agency pick up my order from you as soon as payment is cleared, i will like you to include your web page while replying back to confirm i contacted the right store,i will like you to treat this mail with good concern and reply earnestly so we may proceed,
Thank you
Jason
No comments:
Post a Comment