Monday, September 26, 2011

Scam Email: Thomas Morris

This interesting thing to note about the scam below that was forwarded to me is that the scammer got really confused about his faked name. Is he Thomas Morris like in his From field, or Abbot Morris like in his email address, or just "Morris" like how he signed off on his email (who in their right mind would sign their email by just their last name... this scammer is making it easy to spot this as fake).

Here is the email I received this morning:

kathleen-- I and another artist friend received the following email this morning. The only difference was the subject line--each was the  name of a piece we had made...gotten off of our website.

I was suspicious and googled the name and came upon your blog. Thank you for what you are doing to help us all!

Rory

Begin forwarded message:

> From: Thomas Morris [abbotmorris1@gmail.com]
> Date: September 26, 2011 5:21:01 AM CDT
> To: Rory
> Subject: Legacy II
>
> Hello,
>
> Happy new day, I have interest in this your piece of work i came
> across through my searching and i really
> want to make a request if you still have it available for purchase,
> meanwhile email the price you are willing to sale it.
>
> I hope to read more about the piece from you,
>
> Your's Morris.

Monday, September 12, 2011

Scam Email: Bill Richard

Notice the ugly altered "Return-path" on this scammer's email. They were somehow able to route their scam via AOL servers while altering all the headers to reveal any legitimate source of the email.

They've taken to always lately asking the person for their website address in initial emails like this. That way they can send out hundreds of thousands of these and not break a sweat trying to personalize anything. If someone does reply and actually does provide their website address, then the scammer can customize and personalize all other emails from the content they find on the website, making it seem like a legitimate purchase. But who would be purchasing from your "store" without first going to it on the internet. Doesn't make sense. But still people fall for it. Don't you.

I've also noticed lately a trend towards scammers just putting a first name only. Weird. Though in this particular scam email, I can tell their faked last name as well within their email address - which is disposable. The rest of the content of this scam email is the same ole same ole crap.

Return-path: (bjlhjkhjkjkhjhjk@fgfgfgdgdfdfg.com)
 by chakra.lunarbreeze.com with smtp (Exim 4.69)
 (envelope-from )
X-Originating-IP: 172.191.3.109 (AOL-172BLK)
X-Sender: bjlhjkhjkjkhjhjk@fgfgfgdgdfdfg.com
From: Bill (billrichard2010@ymail.com)
Subject: Order Inquiry

Hello Sales Dept,

I want to place an order in your store,and I will like to know if you ship to Portugal and my payment will be remitted via Visa/Master Card issued in US bank. So please let me know if you can assist me with the order,and please do not forget to include your website in your reply.Your quick response will be highly appreciated,I will be very glad if you treat this email with good concern.

Regards,
Bill Richard

Wednesday, September 7, 2011

Scam Email: John Cool

I got two of these, the second one coming only 9 minutes after getting the first one, both identical. This scammer decided not to even bother with a fake name.


Return-path: [geaveens@charon.e-dentify.nl]
Delivery-date: Wed, 07 Sep 2011 09:43:16 -0500
Received: from [94.100.20.18] (port=55062 helo=charon.e-dentify.nl)   
    (envelope-from )
    id 1R1JLQ-0004W7-AV
Received: from geaveens by charon.e-dentify.nl with local (Exim 4.69)
    (envelope-from )
    id 1R1JL8-0001lD-8q
Subject: Order Inquiry
From: john [johncool461@gmail.com]
Reply-To:
 johncool461@gmail.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id: [E1R1JL8-0001lD-8q@charon.e-dentify.nl]
Date: Wed, 07 Sep 2011 16:42:58 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Originator/Caller UID/GID - [700 696] / [47 12]
X-AntiAbuse: Sender Address Domain - charon.e-dentify.nl

Good day,

We browsed through your web page and we are interested in ordering some of your products,we are located in Finland,we will like to know if you have the items in stocks,so kindly get back to me with the right contact person email,phone # and confirmation of website so that we can place my order quickly, and i want to know if you have your own personal shipper or can the order be picked up at your store,please advise so that we can proceed by going ahead to place the order.

Regards
Purchasing Manager