Scam Email: Ballet Ryan

Here is a note I received from another artist:

Friday, I had an email that I was suspect of the content. Today I am sure! Someone is trying to scam me. This is my second scammer email in the past year and a half that I have had. Luckily, I have been on my toes.

First Email:

From: ballet ryan (balleyryan@gmail.com)
Subject: Enquiry

Hello [my name],

My name is Ballet Ryan and am from South Carolina and Was going through your works and love this piece.
What's your final price for it and am really interested in purchasing the piece.

Thanks and i await your response.

Ryan.

Second Email:

From: ballet ryan (balleyryan@gmail.com)
Subject: Re: Enquiry

Hello [my name],
Thanks for your prompt reply.I really appreciate your detailed breakdown and frankness on this.
Unfortunately, Im on my way to Mexico on an official trip(I'm a marketing Executive) and wont be back for another two weeks, I
would have come to inspect the piece personally. Im taking your word for true on It though .
Im okay with the price, I think it worth it anyway. If you'd like to know, Im relocating to the UK soon and I'm trying to gather some
good stuff for my new abode. Im buying yours amongst others,quickly! before someone else grabs it.So, I'll arrange to send you payment ASAP as i will be responsible for the shipping (payment) of the piece to my new abode in UK.
However, I'll have to notify my shipper who's helping me move my stuff from the US,to get set for the pickup of the piece from your
place as I MIGHT be delayed in Mexico depending on how things goes.
Thanks,
PS: In the mean time, kindly get back to me with your contact address and also your phone# so I can get certified check prepared
and have it sent out to you ASAP.

Scam Email: Jasmine Anthony

The thing I found odd about this scam email is how the scammer seems to have used a "reply" to paste in to their main email (notice all the carets at the beginning of the lines). They also put their intended victim's email in the BCC field (I saw this when I looked at the full headers). I guess they were trying to cut some corners but it seems odd. The content is all the usual stuff we see over and over again.

From: Jasmine Anthony (jasminefashionboutique@googlemail.com)
To: jasminefashionboutique@googlemail.com
Subject: Enquiry

>
> Dear Sales,
>
> I got your contact through an international fashion network.
>
> My name is Mrs Jasmine Anthony, a store owner in Ivory Coast, Africa.
> I'm really interested in your product and would like to be one of your
> international customers.
> My business is five years old and steadily growing. We purchase all
> kind of women clothing,jeans, t-shirts , jewelries & accessories etc
> and resell them to our local customers and it has been very profitable
> for me.
>
> If you are considering selling to me, then send me some of your scan
> collections with the wholesale prices.
>
> Ordering should be easy as I could just note down the style
> numbers and e-mail you my order list. I do hope you'll accept my Visa
> or Master credit cards  as my only payment option and also hope you can
> ship Internationally
> to Ivory Coast.
>
> I look forward to hearing from you soon.
>
> Thank you,
>
> Mrs Jasmine Anthony - Owner
> Jasmine Fshion Boutique
> Rue 47 Immeuble Diallo-Avenue Houdaille
> Abidjan-Ivory Coast.
> My Company Reg N°: R.C N° 2856516-CC.N°020567896

Scam Email: Fanbox.com

Fanbox.com, formerly known as sms.ac, is one of the most annoying and sleaziest spams and misrepresentations going right now.

When you sign up for FanBox, it asks for your permission to email everyone in your address book. After you give them your password (DON'T do it!) it will start spamming everyone in your contact list / address book.  It will send them these stupid ":____ asked you a question" spams.

We've received them here; and verified that the senders had no intention of sending them to us, or "asking" a question. They felt victimized.

Here is the one I received this morning, obviously from someone I know - who likely fell victim to it.

P.S. DON'T CLICK ON ANY LINKS BELOW, they are there just to show you what they look like and I don't want you falling victim to this scam!

From: {name of my friend} [fbNOREPLY@yourfanbox.com]
Received: from [208.69.101.171 helo=smtp171.sms.ac]
To:   {me}
Subject: {name of my friend} shared some photos with you

{name of my friend} shared a new photo slideshow with you View now
http://profile.fanbox.com/DeveloperOptin/BlogROME.aspx?vet=146&mlid=91144420&vlsid=31700&dt=081311&cid=31700&evt=708316703&src=BLOGROMESOCUSTOMTEXT&encemail=Iqknz%2f0G3SFW2CwCgByrpc5jPun6o6yFrpZestLSRCLT1ExbYh%2bq%2fQ%3d%3d&ptid=1584{name of my friend}'s time spent in this site helps fight Children Blood Disorders.To reduce unwanted emails: if you don't respond to (click) emails from any person, all further emails to you from that person are automatically blocked for 24 hours.

To ensure you don't miss anything from {name of my friend} please check your feed
 or inbox
 regularly.This message was intended for {my email address} and was sent as a notification, invitation or reminder (digital goods subject to change in reminders) of an event initiated by {my friend's name} using a third-party or platform application and may contain promotional materials and/or services for sale including digital goods received.To control messages sent to or from you, your contacts and/or FanBox, click here
http://profile.fanbox.com/ApplicationManager/ROMEBlogSettings.aspx?cid=31700&em=Iqknz%2f0G3SFW2CwCgByrpc5jPun6o6yFrpZestLSRCLT1ExbYh%2bq%2fQ%3d%3d&vet=146&mlid=91144420&dt=081311&ptid=1584&aec=-1&tec=-1&pid=31700&sendid=221470708.Our offices are located at: FanBox - 113 West G Street, STE 510, San Diego, CA 92101, USA

Scam Email: James

We've reported on this one before but it's been awhile so here is another one received this morning from the fake name of just "James". Notice on the full headers how the return address is different than the reply to address where they are receiving replies and communicating with their intended victims via a disposable gmail account.

Return-path: [w16149@managed18.lsrv.de]
Received: from managed18.lsrv.de (unknown [86.110.75.161]) Germany
From: james [makjames101@gmail.com]
Reply-To: makjames101@gmail.com
Subject: Order Inquiry

Good day Sales,

     I browse through your contact and I find some items which we have interest in purchasing to our store in Albania for urgent supply, I will like to know the prices per each items plus the shipping cost,i also want to know the kind of credit card you accept for payment e.g master card or visa card. I await your swift response so I can proceed with the needed items and
quantity

Thank you

Spam King could get 40 years for 27 million Facebook messages

Sanford Wallace has been around for a long time. Ever since I can remember anyone talking about spam. And I've been involved in the internet since the days of Usenet (curses, that'll date me somewhat). He seems to keep at it, no matter what is thrown at him.

There are really so few cases where the authorities actually pursue spammers, so I thought I'd post this. But I wonder if it's more about that Sanford seems to continue to insist on living in the United States. He'd probably be pretty untouchable if he chose a more remote location. And also the authorities maybe wanting us to believe they are actually trying to pursue the massive problem of spamming. Ole' Sanford will be back.

A Las Vegas man accused of sending more than 27 million spam messages to Facebook users faces federal fraud and computer tampering charges that could send him to prison for more than 40 years, according to a grand jury indictment.

Sanford Wallace, the self-proclaimed "Spam King," pleaded not guilty during an initial court appearance Thursday after being indicted July 6 on six counts of electronic mail fraud, three counts of intentional damage to a protected computer and two counts of criminal contempt.

The indictment filed in San Jose federal court said Wallace compromised about 500,000 Facebook accounts between November 2008 and March 2009 by sending massive amounts of spam through the company's servers on three separate occasions.

Wallace would collect Facebook user account information by sending "phishing" messages that tricked users of the social networking site into providing their passwords, the indictment said.

He would then use that information to log into their accounts and post spam messages on their friends' Facebook walls, the indictment said. Those who clicked on the link, thinking it came from their friend, were redirected to websites that paid Wallace for the Internet traffic.

Scam Email: Jerry Watts

[This was forwarded by another person, it seems the scammer found him through his ad on Craigslist (notice how the first email is just so they can get a real email and begin writing directly to their potential victim)]

seen your site and wanted to help out, below is two messages i receved from one of the scammers. top one was the last i got, second just under is the original. and below that is the full message details.   hope this helps.   good job

i am also going to keep on with this scamer so he will send the payment, i found out last time this came up that the checks are fake with stolen info from real companys, and the senders are sending the checks with stolen shiping info so some other companys are having a really hard time with the checks and the shipping costs they are fighting off.

last time john deer paid the shipping lol. anyway yea if i can save the companys a lil hassle by giving them a heads up the ill try to help if i can

----- Forwarded Message -----

From: Jerry Watts [dexme004@gmail.com]
Subject: The towing and repo high speed dollies - $800

Thanks for the prompt response,i will like to proceed with the
transaction asap and my mode of payment will be via Bank certified
check. However, to ease the pick up the item will be picked-up from
you by my shipper once you receive and cash the check,i am willing to
wait for your bank to verify and clear the check before the shipper
pickup the item therefore I'll need this detail below to mail out the
check.

* The Full name on check
* Mailing address (Deliverable Address)
* Phone Number

Proceed to delete the advert of this item if my mode of payment is
accepted and get back to me asap with your details to mail out the
certified check to you.

Thanks

First Email:

Message body

** CRAIGSLIST ADVISORY --- AVOID SCAMS BY DEALING LOCALLY
** Avoid: wiring money, cross-border deals, work-at-home
** Beware: cashier checks, money orders, escrow, shipping
** More Info: http://www.craigslist.org/about/scams.html

--
Do you still have these item for sale?
Get back to me asap.

Scam Email: Abdul-Quahaal

This scammer went right for the fake name that doesn't even sound english, perhaps hoping that might explain the bad grammar and formatting. This scammer also wasted no time in going right for the meat of the scam, that they will use their third party shipper (which really doesn't exist). That way, they can then in a later email explain why they are sending payment for MORE than the amount and ask you to send the difference on to the shipper via Western Union. Again - no shipper. Fake payment (whether by check or credit card). Only them at the other end of Western Union, collecting up your good money in a very untraceable way.

Don't fall for it.

Return-path: [phantomp@impala.ip-sg.net] (124.217.238.101) Malaysia
From: Abdul-Quahaal [abdulquahaal@yahoo.com]
Subject: Order Enquiry

Hi Sales, Am Mr Abdul-Quahaal currently based Dubai . I will like to place an order from you. I know there a lot of difficulties encountered when shipping internationally, But that will not be a problem because i am registered with a shipping company whom i have used severally without any delay nor problems with my goods. Before i place these order, i want you to notify me if i am able to place the order and most importantly: If i can make payment with my credit cards Visa/Mc because that is the only way we are set for payment now without no delay. I don't place online orders can i e-mail my ORDER needed then you can give me a quote here and make charges to my cards manually on your end ? Pls Clarify. Looking forward to your swift response then we can proceed further as soon as possible. Warmest Regards. Mr Abdul Quahaal Shipping Address: 215, III Floor, Matar Al Tayer Bldg Karama Dubai 115334. UAE. Registered in UAE, Reg. No. 1450827

Scam Email: David Williams

There are lots of things you can learn by glancing at the full headers. Of course, I immediately knew this was a scam because I am an artist and don't sell the items listed below. They are playing a numbers game and hardly care about anyone who doesn't actually match their email. They only care about those - in the hundreds of thousands of emails they send out at any given time, that SOME will be people who sell those items and think they have a real buyer.

But let's get back to the headers. So I view the full headers and I immediately see the email came from an IP owned by celtusdigital.com. I google it. I *don't* go to it. I just google it. It's not in english and its a joomla site (like wordpress) so now I'm guessing the owner doesn't even know the scammer hacked into their site and is using it to send out massive amounts of spams.

Interestingly, the line with X-PHP is more revealing. It is the scammer software script this cockroach used to send out the massive amounts of spams and the IP number for that sourced to Gambia, Africa. That is probably where the scammer is sitting.

David Williams (or Lin Williams or Rose Williams or Terry Williams - you get the picture) is a common fake name lots of scammers use, and the gmail account to correspond with their potential victims who do reply is a disposable gmail account.

By the time I look at the actual content of the email and where they pretend they are from, it's all already so obvious that it's all made up.

Return-path: [revistap@celt.celtusdigital.com]
Received: from 184.172.246.156-static.reverse.softlayer.com ([184.172.246.156]:38106 helo=celt.celtusdigital.com)
X-PHP-Script: www.revistapikabu.com.mx/mail.php for 41.76.9.170, 41.76.8.4 (The Gambia, Africa)
Subject: Order Quote
From: David Williams [bquality.venture@gmail.com]

Hi Sir/Madam,

      We are requesting pricing for the items mentioned below through  your store, kindly get back to us if any of this items can be supply as soon as possible  also advice on your payment methods.

Item:

1) USB Flash Drives 2 / 4 GB
2) Mirco SD CARDS 1 GB
3) HEW C9730A HP OEM Black Laser Toner Cartridge

We look forward to read from you soon.

Best Regards

David Williams
234n Palm Ave,
Hemet,CA 92543
818 358-0535

Scam Email: Etherington Parton

This scam has the typical content of the "template". Looking at the headers and glancing at the RETURN-PATH field rather than the FROM field revealed the shady shady source of this email. Also, pretty bizarre fake name for this scammer to have chosen. I really think they must have software that just randomly chooses and throws names together. And this scammer was hedging their bets by referring to me as a "gallery/store".

Return-path: [nobody@zero8.webzero.kr]
Received: from [110.45.139.18] (port=53783 helo=zero8.webzero.kr) (Seoul, Korea)
From: Etherington Parton [e.partonsupplies0@gmail.com]
Subject: Inquiry...

Hello,

I am Etherington Parton and I'll like to order some items from your gallery/store but before we proceed I'll like to ask the following questions.

Do you ship to Australia?
Do you do Mail Order?
Do you accept credit card as for Payment (My US Master and Visa card to be precise)?

I await your urgent response so we can proceed.

Etherington

Scam Email: Dakar Arts Festival

So this scam is a little different than the ones we typically deal with on this blog. But a scam is a scam and I intend to post all of them that I receive which target artists. I did review the lovely flowchart this artist provided of how the scam operates and what IS the same is that the "organizers" are after direct cash from the artist - requiring a booking fee (one level of collecting money) and THEN upon the artist shipping the artwork requiring some time of service fee (level 2 of collecting money). If they've gotten their victim through two levels of payment, they will attempt to make up other stories of why they need more money in fees or in assisting some type of sale (obviously fake) of the artwork.

I want to say 'shame on you, scammers', but then I have to remember they are sociopaths and are incapable of feeling or recognizing shame or guilt or any moral behavior. So let's move on.

An artist sent me this information and I am posting it as it was sent to me. I thank this artist for continuing to spread the word so artists do not fall victim to this stuff.

Dear Kathleen,

I am a interested reader of your "Stop Art Scams" Blog!

I am also following the nasty "DAKAR ART FESTIVAL" scam, where the scammers try to get money from artists by organizing a fake art festival.

I hope you can post it on your site to warn other artists as well!!

Attached I also put a diagram showing the "anatomy of the scam".

A fellow french artist also translated parts of the page into french.

Here the "open call" they use, they also write the same text as emails directly to victims:

FESTIVAL ARTS SENEGAL 2011

DAKAR INTERNATIONAL ARTS FESTIVAL 2011
Dakar. July, 01-2011 TO August,01-2 011

Under the patronage of the Ministry of Culture in association with the art galleries of Africa and especially West Africa (ECOWAS). Senegal ( Dakar ) will host for the first time an International contemporary Arts Festival From July,01-2011 to August,01-2011 All arts galleries, Artists from all over the world are cordially invited. ARE INVITED: Arts lover, Art Galleries: Artists, Drawings: Painters, Photographers, Sculptors, Graphic Designers, Digital, pastels, watercolors, Potteries .

PROGRAMS: -Exposure -Speech) -Carnival) for more information for your  participation

CONTACT US AT: BP: 2240 Dakar Arts Festival Dakar – Senegal Mr. Sow 
TELEPHONE + 221- 77-743-63-51 + 221- 76-743-63-51 Write us at dakar.arts@yahoo.fr
  Contact Mr Sow

http://www.senegal-annonces.com/DetailsAnnonceAutres.asp?cod_ann=12741 www.sunumail.sn

 ——————————————————————————————

FESTIVAL ARTS SENEGAL 2011

Festival International Arts du Sénégal
Dakar 01 Juillet Au 01 Aout 2011

Sous le haut patronage du ministère de la culture en association avec les galeries d’arts de l’Afrique et plus particulièrement de l’Afrique de l’ouest (CEDEAO). Le Sénégal (Dakar) abritera du “01 Jullet 2011 Au 01 Aout 2011 “pour la première fois le Festival international d’arts contemporain du Sénégal regroupant des artistes de toutes les horizons et tout les continents SONT INVITE: Amateurs d’arts, Galeries d’arts: artistes, Dessins: peintres, Photographes, Sculpteurs, Graphistes, Designers, Digitales, Pastellistes, Aquarellistes, Céramistes. 

PROGRAMME: Exposition Et vernissage) -manège) -discours) -carnaval) 
Pour plus des renseignements pour votre participation. CONTACTACTEZ 
NOUS : BP: 2240 Dakar Arts Festival Dakar – Senegal Mr. Sow TELEPHONE 
+ 221- 77-743-63-51 + 221- 76-743-63-51

http://www.senegal-annonces.com/DetailsAnnonceAutres.asp?cod_ann=12741 www.sunumail.sn

Scam Email: Janet Richardson

Well, "Janet", that was an odd way to end your email. Did your scammer email template confuse you?

From: Janet Richardson [amriamis194@hotmail.co.uk]
SUBJECT: Mail Order

Hello there,
   My name is Janet Richardson and i live in the United Kingdom, I am writing to inquire about some of your products which i am highly interested in buying. I would like to know if you can sell to me and i shall be paying with my credit card, In your response kindly include your website address so that i may look further to see if i can get more interesting things that i can buy.
Richardson
Thanks

Scam Email: Susan Rogers

We've reported previously on Janet Rogers [edwedg12@gmail.com] so this scammer hasn't changed it up much at all. And they made no effort to match the fake name to the disposable email address. The rest of it is pretty straight-forward, and the format we've seen thousands of times before.

From: Susan Rogers [edwedg13@gmail.com]
Subject: Artworks Inquiry...

Hi,

Hope this message finds you well. I saw these creatives works on your web site and i will like you to get back with more details if they are still available for purchase.

[name of painting here] 

I will appreciate an urgent reply.

Best Regards,
Susan Rogers.

Scam Email: Ramon Molina

Okay, the topic here is not art-related but an artist forwarded me this scam email they got, so I'm posting it anyway.

What I'm not posting is the scammer grabbed the IRS.gov logo off the website and pasted it into their scam email, clearly they faked the From email address and the link in the email is a self-extracting PDF file (looks like a PDF file but actually ends in .exe which means any unsuspecting person clicking on this will immediately be downloading a self-executing virus).

Just another thing to be on the lookout for.

From: [Ramon_Molina@irs.gov]
Date: June 22, 2011 3:21:06 AM PDT
Subject: Rejected Federal Tax transaction

[IRS logo image was inserted here]

Your federal Tax payment (ID: 828568582766), recently sent from your checking account was canceled by the your Bank.

Canceled Tax transaction

Tax Transaction ID: 828568582766
Return Reason: See details in the report below
Tax Transaction Report: tax_report_828568582766.pdf.exe (self-extracting archive, Adobe PDF)

Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD  20785

Scam Email: Denzel Mathew

Here is a great example scam email to demonstrate that scammers not only target pretending to buy artworks but also classes. They'll go after anything they can to trick people into depositing fake checks (or accepting stolen credit card numbers which will not show up yet as stolen because they are not yet reported - try matching the billing address to their shipping address and you will see none of it matches even close) and then forwarding their own good money to some non-existent shipper via Western Union (which is then just the scammer at the other end, ready to pick up the cash). The formatting and grammar is of the usual atrocious nature.

From: DENZEL MATHEW [blulilydes@blumail.org]
Subject: Art & Craft Class:::::::::::::::::::::::
Hello,
How are you doing today ?  My name is Mr.DENZEL MATHEW I want to book for Art & Craft Workshops Classes with you while on a 2weeks holidays in your country.We are a group of 10 people seeking for Art & Craft Workshops training while on holidays and as part of our plans we need Art & Craft Workshops classes/private lessons.

We shall be needing a Art & Craft Workshops classes for the whole 2weeks in your area.
I would like to book for 2weeks classes for 3 hours each day Monday to Saturday (morning hours) for a group of 10. We are asking for 3 hours per day for 2weeks - Monday - Saturday. A total of 36 hrs
Do you have a training facility where you conduct classes? We can arrange for this,if not available.  Do you have rooms or is there any hotel close to your facility?
DATE: 7TH JULY 2011 TO 21 JULY 2011
I would love to know the possibility of working with you during this period.Kindly get back to me with your proposals so that we can make booking asap.
The group would be performing for a group of family members over there. I would love to get the total cost or a quote/estimate. What are your payment options?  Do you accept credit cards? I would be grateful if you will be willing to do the work to teach quality classes and make us happy
Regards
Mr.DENZEL MATHEW

Scam Email: Lin Williams

Another stupid oversight on a scammer's poor ability to understand language. No real person would sign their email with just their last name. The rest of their email is just the same old line so many of the scammers use. This scammer get pretty darn quickly right to the core of the scam - that they need to use a third party shipper of their choice (who doesn't exist, by the way) and they don't place orders online so they can use a stolen credit card number and process the real target of their scam - the amount will include the shipper's fee and they will ask you to forward that amount (often thousands of dollars) to the shipper who for some silly reason can only accept Western Union (which is untraceable).

Who is at the other end of Western Union to receive your good money? The scammer. They are careful to use credit card numbers that are stolen online but not yet reported as such - but you will end up with a chargeback. They don't care about the product - the shipping address is never real either. They only care about you taking your good money and forwarding it to a Western Union account and then they pick up their "profit". And they didn't spend any real money to get that money. That's why there are so many scammers out there trying to trick people out of their good money.

This email source traced back to Iran with the IP number of 85.198.1.90.

Return-path: [rojit@live.com]
From: LIN WILLIAMS [lin.williams40@gmail.com]
Subject: ORDER NEEDED

Hi Sales,
Am ordering from Dubai.I want to place an order from you. I know the difficulties encountered when shipping internationally, But that will not be a problem because i am registered with a shipping company whom i have used severally without any delay nor problems with my goods.Before i place this order, i want you to notify me if i am able to place the order and most important If i can make payment with my credit cards Visa/Mc (Issued in the United States) because that is the only way we are set for payment now without no delay. I don't place online orders ,can i e-mail my ORDER needed then you can give me a quote here and make charges to my cards manually on your end ? Pls Clarify. Looking forward to your swift response then we can proceed further as soon as possible.
Regards.
Williams.