Explanation needed for scam email source

Post scam emails to warn other rental owners, or if you are not sure if an enquiry is genuine, put it up here and see what others think.
User avatar
Nemo
Posts: 7062
Joined: Thu Aug 14, 2008 10:15 am
Location: Norfolk

Explanation needed for scam email source

Post by Nemo »

Following on from the lively discussion about scam emails, I need an explanation please! I've just received two emails purporting to be from someone who has previously emailed me (a shop in fact).

It starts
I am afraid I have a problem. **** and I made a trip to Odessa, Ukraine, unfortunately we were mugged at the park of the hotel we are staying, all cash, bank card and mobile phone stolen off us but luckily we still have our passports with us, **** was traumatized at this incident and she was rushed to the hospital.

etc etc and eventually goes on to ask for money.

I've managed to find out how to view the source using Outlook 2010 and I believe track the IP address to Amsterdam, which is clearly not the Ukraine, but I assume that doesn't tell me much?

So what now? If I replied (which clearly I'm not going to) would the email go back to the person who emailed me, and not the actual email address it came from? Has the real email been hacked or not? Like many who post here I don't understand what happens in the back room of these scams!
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

By the sound of it, the person with whom you've had previous contact, has a virus on their PC which is now able to access their address book. Just a wild guess but it does happen a lot.

Where should the shop be located? Do you have any old emails from that source to compare?

What I normally do in this case, is send an email directly (not with reply) to the person who appears to be the victim/source of malicious email and inform them of what you've received. I'd advise them to run a virus check. Occasionally I've been thanked but normally they probably just don't believe you and think you are the threat, so will ignore you. If you're not happy using your own email address for this, make a disposable one.

I'm happy to look at the header too, if you like. I've been testing some online tools which would help make it easier to analyse such emails. There is a sticky, which is very detailed and good but it's a heavy read.
User avatar
Nemo
Posts: 7062
Joined: Thu Aug 14, 2008 10:15 am
Location: Norfolk

Post by Nemo »

It's a local shop to me. It gives me an excuse to ring them actually, so I'll kill two birds with one stone.

I googled how to find the source within Outlook and then used the sticky to find the tools etc. It does have some broken links and isn't completely up to date. Updating the links and information would be very useful in that sticky.
User avatar
Nemo
Posts: 7062
Joined: Thu Aug 14, 2008 10:15 am
Location: Norfolk

Post by Nemo »

They'd had a lot of calls actually from worried customers. I suspect many thought it was genuine. They're getting help on the IT front now I think!
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Nemo wrote:They'd had a lot of calls actually from worried customers. I suspect many thought it was genuine. They're getting help on the IT front now I think!
Brilliant result.

Just curious but would a tool like like this have made it easier? I'm trying to find some online tools which avoid all the cut/paste and lookups.

http://www.iptrackeronline.com/email-he ... alysis.php
Paul Carmel
Posts: 3836
Joined: Tue Dec 07, 2004 12:25 pm
Location: Palma Mallorca & Greece
Contact:

Post by Paul Carmel »

kevsboredagain wrote:
Nemo wrote:They'd had a lot of calls actually from worried customers. I suspect many thought it was genuine. They're getting help on the IT front now I think!
Brilliant result.

Just curious but would a tool like like this have made it easier? I'm trying to find some online tools which avoid all the cut/paste and lookups.

http://www.iptrackeronline.com/email-header-
analysis.php
Have you found any that can get round people masking their IP?

The above tool say's I am in London, when in fact I am in Sicily

Image

I hasten to add, I only use one to watch TV.
Cheers
PC
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Paul Carmel wrote:
Have you found any that can get round people masking their IP?

The above tool say's I am in London, when in fact I am in Sicily
I doubt it's possible. Are you using an email service based in London? For example, if I use gmail and check the header, it will show my IP as the USA. That's simply because it's an online service with the servers in the USA.

That's why online email services are the top choice of scammers these days.
Paul Carmel
Posts: 3836
Joined: Tue Dec 07, 2004 12:25 pm
Location: Palma Mallorca & Greece
Contact:

Post by Paul Carmel »

I use https : //hola. Org/ It seems to get round most things.
Cheers
PC
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Paul Carmel wrote:I use https : //hola. Org/ It seems to get round most things.
If it was easy to detect, there would be little point in using it. Some sites will blacklist VPNs but it's generally going to work very well in hiding your true location.

I can't send emails while connected to my VPN which is a little frustrating, so I only connect when needed.

I'm not sure if scammers employ them or not. Not heard of it.
Paul Carmel
Posts: 3836
Joined: Tue Dec 07, 2004 12:25 pm
Location: Palma Mallorca & Greece
Contact:

Post by Paul Carmel »

Interesting stuff, thanks! It's been a long time since I have done any baiting.
Cheers
PC
Post Reply