I do love some of the spam messages I receive. Especially when the spammers try to pretend they’re the FBI or other important organisation and they want to pay me a few millions. And I can’t really imagine that some people are stupid enough to fall for this. Then again, if they send 5 billion of these messages, the chance is quite big for them to find an idiot or two willing to fall for this.
Those people must be even more brain-dead than the spammers…This is not a very expensive scam. They just ask for 420 USD instead of thousands of dollars. A payment for the ownership papers or whatever. And they tell me to stop being in contact with the other scammers, which is very good advise.
So? Well, it starts with Mrs. Maria Barnett from Canada. The address seems real, although it has been misused by plenty of other spammers. The address is actually used by an organisation with domain name standardchart.org and is registered by Joseph Sanusi. Too bad that name sounds a bit suspicious since there’s someone in Nigeria with the same name. (The governor of the Central Bank of Nigeria.) He is 75 and I don’t think he’s the spammer, so someone else either has the same name or they’re faking things even more. The domain name is registered but doesn’t seem to be linked to any site or server, because it’s pending a deletion.
Then they refer to Mr. Fred Walters of the FBI. Fred helped Maria to get their money from some Nigerian bank, and they got even a lot more. He even showed her a list of other beneficiaries and my name was on the list and I am eligible to get lots of money too. All I have to do is contact Fred on the email address of Steve Reed in Lithuania, who seems to work at super.lt, which is a Lithuanian website. I don’t really understand the language but Google Translate does. It seems to be an online book store. A strange place for the FBI. I would expect the CIA in that place instead.
Maria herself seems to work for Shaw, a Canadian internet shop. They sell televisions, phones and other stuff. So we have two shops in two different countries that are somehow related by some victim of a Nigerian 419 scam and a FBI agent.
Now, the email headers, visible at the bottom, show some more interesting connections. For example, I notice the name ‘Dealer.achyundai.com’, another chain in the spiderweb of the scammers. That domain is also pending deletion too. The IP address 220.127.116.11 seems to be down too, so it’s likely the scammers have already been taken down.
But this spam message just shows how dumb the spammers make their requests and yet people keep falling for it. If the story was more logical and the email addresses and domain names had actually been more real then I could understand why people fall for this. But this?
Delivered-To: ********@********.*** Received: by 10.50.87.105 with SMTP id w9csp17960igz; Sat, 1 Feb 2014 05:42:38 -0800 (PST) X-Received: by 10.50.80.75 with SMTP id p11mr1777051igx.19.1391262158192; Sat, 01 Feb 2014 05:42:38 -0800 (PST) Return-Path: <firstname.lastname@example.org> Received: from Dealer.achyundai.com ([18.104.22.168]) by mx.google.com with ESMTPS id x1si3519252igl.27.2014.02.01.05.42.07 for <********@********.***> (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 01 Feb 2014 05:42:38 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning email@example.com does not designate 22.214.171.124 as permitted sender) client-ip=126.96.36.199; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning firstname.lastname@example.org does not designate 188.8.131.52 as permitted sender) email@example.com Received: from User (unknown [184.108.40.206]) by Dealer.achyundai.com (Postfix) with ESMTP id 02525A7FA30B; Sat, 1 Feb 2014 06:57:03 -0500 (EST) Reply-To: <firstname.lastname@example.org> From: "Mrs. Maria Barnett"<email@example.com> Subject: Make Sure You Read Now. Date: Sat, 1 Feb 2014 06:57:10 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20140201115704.02525A7FA30B@Dealer.achyundai.com> To: undisclosed-recipients:;