Search This Blog

Saturday, August 6, 2011

Scam Email: James

We've reported on this one before but it's been awhile so here is another one received this morning from the fake name of just "James". Notice on the full headers how the return address is different than the reply to address where they are receiving replies and communicating with their intended victims via a disposable gmail account.


Return-path: [w16149@managed18.lsrv.de]
Received: from managed18.lsrv.de (unknown [86.110.75.161]) Germany
From: james [makjames101@gmail.com]
Reply-To: makjames101@gmail.com
Subject: Order Inquiry

Good day Sales,

     I browse through your contact and I find some items which we have interest in purchasing to our store in Albania for urgent supply, I will like to know the prices per each items plus the shipping cost,i also want to know the kind of credit card you accept for payment e.g master card or visa card. I await your swift response so I can proceed with the needed items and
quantity

Thank you

3 comments:

  1. It would appear this scammer has just sent out a fresh mass mailing, I'm seeing a bunch of reports on him this morning.

    ReplyDelete
  2. We have received a similar email. We are wondering where the scam is if they are paying by credit card? Is there usually a problem with the credit card (ie; over limit)that results in them then saying we'll send a cheque? Also, why did they want our website address?

    ReplyDelete
  3. Good questions!

    1. The scammers have pretty much switched to offer to pay by credit card now. That way, they aren't spending any of their money to mail the check overnight, which is how they used to do it.

    With credit cards, they use numbers that have been stolen but not yet reported, so it will clear but eventually result in a chargeback when the credit card company or the card owner figures it out. We have seen that sometimes the first number they offer up does NOT clear and so they just offer another one. But they are all stolen. I'd recommend reporting any card numbers given to you to the credit card company to at least shut that particular card down.

    2. They want your website so they can actually personalize their emails to you in subsequent communications with you, so that you will be convinced they are for real, when they are not. They send out hundreds of thousands of these emails at a time and there would be no efficient way to personalize the emails and make them sound real. So they often keep the first one general and vague and ask for the website url so if a potential victim actually replies to their first email, they can set up a good fake story about pretending to buy your things and referencing actual names from your website.

    Make sense?

    Glad you didn't fall for it!

    ReplyDelete