Lay My Hat home page Lay My Hat Forum
The forum for holiday rental owners


 
  FAQFAQ    SearchSearch    MemberlistMemberlist   UsergroupsUsergroups    RegisterRegister  
  ProfileProfile    Log in to check your private messagesLog in to check your private messages    Log inLog in 

Signs of a scam email enquiry, and tracking IP addresses.

 
Post new topic   Reply to topic    Lay My Hat Forum Index ->
Scam email enquiries
View previous topic :: View next topic  
Author Message
Paul Carmel



Joined: 07 Dec 2004
Posts: 3850
Location: Palma Mallorca & Greece

PostPosted: Sat Sep 30, 2006 8:55 am    Post subject: Signs of a scam email enquiry, and tracking IP addresses. Reply with quote

Hi,

Here is a list of a few things that should start your bells ringing as to whether you are about to be scammed. It is by no means definitive, and I would ask any other members to contribute any other telltail signs. Some of the points have been covered but I just thought it might be useful to have it all in one place.

Bad spelling and grammar

The email all in caps

Vague emails ie I want to rent your house/appartment/hotel/ villa in your area

Anything that is too good to be true ie a 2 month booking out of season

Payment by a sponsor, Or a someone else paying for a honeymoon.

Nigerian Clergy or Dr's from any African state.

Payment, after all this is all they are interested in. No Western Union payments, no overpayments

They will try to cut to the chase when it comes to money, with little regard for anthing else.

Don't get involved with any requests for mobile phones or computers to be bought and placed at the property for their arrival. They will give you a stolen credit card number and you will get nicked, or if it's not reported they will change their mind and ask for it to be posted onto them

Anything that feel out of the ordinary, trust your own feelings

Tel numbers - you can get a legit UK phone number over the net and have it diverted to a mobile, so just because they look real you could be talking to someone on a pay-as-you-go in Lagos.

IP locator:

http://www.ip-to-location.com/free.asp - try to get to grips with this, it will tell you where the email really came from. If you don't like this one there are plenty of other free ones on the web, follow the instuctions below:-

I have nicked this from www.419eater.com


Reading Email Headers
(a public service announcment from 419weasel, who would like to remind you to "bait safe")

Here is the answer to what is probably THE most asked question when it comes to baiting, "How can I find thier IP address?".

The answer is very simple. Since most scammers use Yahoo!, finding their IP address is fairly simple. First, we will look at a typical header from an email sent to my gmail account from a scammer using Yahoo!. (email addresses have been replaced with "xxxscammer@yahoo.com or xxxbaiter@gmail.com" to prevent box killing)

X-Gmail-Received: 3aea05e30c6ec9798d6c51537eaebadfa6d600fd
Delivered-To: xxxbaiter@gmail.com
Received: by 10.64.27.17 with SMTP id a17cs505121qba;
Fri, 8 Sep 2006 12:02:49 -0700 (PDT)
Received: by 10.70.29.7 with SMTP id c7mr737346wxc;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Return-Path: <xxxscammer@yahoo.com>
Received: from web57215.mail.re3.yahoo.com (web57215.mail.re3.yahoo.com [216.252.111.231])
by mx.gmail.com with SMTP id h40si3005666wxd.2006.09.08.12.02.47;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of xxxscammer@yahoo.com designates 216.252.111.231 as permitted sender)
DomainKey-Status: good (test mode)
Received: (qmail 92842 invoked by uid 60001); 8 Sep 2006 19:02:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-
Version:Content-Type:Content-Transfer-Encoding;
b=FW475h+KQ0l5uOS0HzHoOAYdM5Z3
+htGaFFzrlKhR6BI0ezNCSaB/JfK8fGO
jlwwXSu5gm/kH4R3IpBPImhJLFUqoIfQeA
UdAIQq7nDjsipcFcdw/PdSocGWbe2
DLeSDLiva0hm+KVakxSeSITHHENjF06k4IsndnXsrsqICyXg= ;
Message-ID: <20060908190247.92840.qmail@web57215.mail.re3.yahoo.com>
Received: from [209.159.166.122] by web57215.mail.re3.yahoo.com via HTTP; Fri, 08 Sep 2006 12:02:47 PDT
Date: Fri, 8 Sep 2006 12:02:47 -0700 (PDT)
From: XXX Scammer <xxxscammer@yahoo.com>
Subject: MY IP ADDRESS IS NAKED AS A NEWBORN BABY!
To: XXX Baiter <xxxbaiter@gmail.com>
In-Reply-To: <1a7adfd70609070650y227ac44al796b19033acbcc30@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1932846235-1157742167=:91815"
Content-Transfer-Encoding: 8bit

--0-1932846235-1157742167=:91815
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


When reading a header to find the IP address, start from the bottom and work your way up. The sender's IP address is usually the first one from the bottom, sometimes the second. In the case of this header, the sender's IP address is 209.159.166.122.

Now that we have the scammer's IP address, let's see where he is. Copy that IP address and go to http://www.dnsstuff.com . Choose an option that fits your IP (or domain name) tracing needs, paste it in the field and click the button. This will usually show you who OWNS the IP address block. If you are looking for a geographic location, try http://www.ip2location.com/free.asp ...

No IP address lookup is 100% accurate. In the case of this particular scammer, the IP address is located in Nigeria and his ISP is "Direct On PC". However, sometimes this can be deceiving. Alot of scammers use satellite internet providers, which will make them appear to be in Australia, Isreal, Utah and several other locations. Please remember, scammers can come from any country or any walk of life and are just as able to trace IP addresses, which is why it is VERY important to BAIT SAFE!
_________________



If you are on Gmail (and maybe other email services work the same way), be aware that if you reply to a scammer his or her email address will automatically be added to your address book. So if you do a mailout they will receive it aswell and are more likely to come back to you sounding even more convincing.

As I said this list is not definitive, and it's too early in the morning for me! Feel free to chip in with any other advice, but could we please keep it on topic!

That's it for me, I am off to my local WU office.
_________________
Cheers
PC


Last edited by Paul Carmel on Mon Nov 16, 2009 11:24 am; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
Normandy Cow



Joined: 28 Nov 2004
Posts: 2692
Location: Normandy

PostPosted: Sat Sep 30, 2006 10:09 am    Post subject: Reply with quote

I'm always suspicious when they try to explain what they do for a living (e.g. "I am doctor XXX") or why they are coming over (e.g. "attending a christian seminar").

And it's always something "worthy". Why do they never say "I am a brothel keeper" or "I am attending a poker competition"? (Not that I have anything against brothel keepers or poker players!!! Laughing )

When I book a holiday, why would I tell people what I do for living or why I am coming?
_________________
http://www.facebook.com/normandygite
Self catering gite (Holiday Cottage) in Normandy
Normandygite Tweet
Back to top
View user's profile Send private message Visit poster's website
paolo



Joined: 17 Jun 2004
Posts: 3930
Location: Provence, France

PostPosted: Sat Sep 30, 2006 10:47 am    Post subject: Reply with quote

Any email that begins "My name is..." or "I am [name]..." is a scam in my experience.
_________________
Paolo
Lay My Hat
http://www.laymyhat.com
Back to top
View user's profile Send private message Visit poster's website
Paul Carmel



Joined: 07 Dec 2004
Posts: 3850
Location: Palma Mallorca & Greece

PostPosted: Wed Apr 14, 2010 7:48 am    Post subject: Reply with quote

Very useful ip lookup info.


How to open, view, read, check or get email headers.

How to lookup origin of email message.

The following guide provides instructions on how to open or view email headers in various email services, clients and programs including web based emails.

Instructions to open headers for various email clients and services like Outlook, Hotmail, Yahoo, Gmail, Googlemail, AOL, AIM, Thunderbird Firefox, Eudora, Lotus and many more..

How to view email headers in Hotmail Classic?
(If you login to your email using Windows Live then follow the instructions outlined in the next paragraph.)

• Log into Hotmail.
• Click on "Options" tab on the top navigation bar.
• Under Options you will see the following message, "You are using the classic version of Windows Live Hotmail. Have a fast connection and want more features? Try the full version to see message previews in your inbox. (It's free, too.)"
• Click on the "Try the full version" link.
• Click on "I want the Free Upgrade..", button
• To view the full email message header, right click the email message displayed in your list of messages. A menu will pop-up. Click on the View source option in this menu, and a new window will open. This window will display the full email headers.

How to view email headers in Windows Live Hotmail ?

When you log into your email account please check to make sure that you are not using the Classic version of Windows Live Hotmail. If you are using the classic version then you need to choose the full version to view headers. To choose the full version follow the steps below.
• Click on "Options" tab on the top navigation bar.
• Under Options you will see the following message, "You are using the classic version of Windows Live Hotmail. Have a fast connection and want more features? Try the full version to see message previews in your inbox. (It's free, too.)"
• Click on the "Try the full version" link.
• Click on "I want the Free Upgrade..", button
• The new Windows Live Hotmail looks and functions very much like Microsoft Outlook. To view the full email message header, right click the email message displayed in your list of messages. A menu will pop-up. Click on the View source option in this menu, and a new window will open. This window will display the full email headers.

How to check email headers in Yahoo Mail Classic ?
(If you are using the New version of Yahoo Mail then please follow the instructions outlined in the next paragraph)

• Log into your Yahoo! Mail account.
• Click on the email and open it
• On the bottom right corner is a link called "Full Header"
• Once you click on "Full Header" the header will show up at the top of the email message.

How to check email header in the New Yahoo Mail ?

When you log into your email account please check to make sure that you are not using Yahoo Mail Classic. If you are using Yahoo Mail Classic then click on the link, "All New Mail" on the top right corner just before the link for Help.
• Click on the Inbox to see the list of your messages.
• Click on the message and open the email.
• On the top right corner of the email message you will see "Standard Header" and an arrow next to it. Click on this arrow and then click on "Full Headers"
• A new window will open with the header information.

How to get email headers in AOL or AIM ?

If the email is sent from anywhere OTHER then AOL, and you are receiving it in AOL, then open the email you want to trace, or have your client open the email, and look for the link Details. This link is usually just below the To:email in the email message. If the email is sent from an AOL user to another AOL user then the Reverse AOL Screenname search can help deduce the source location.

How to view email headers in Gmail or Googlemail ?

1. Log into your Gmail or Googlemail Account
2. Open the Email whose headers you want to view
3. You will see Reply at the top right of the message pane.
3. You will see a little arrow pointing down next to Reply. Click on this down arrow next to Reply.
4. A drop down menu will open up. Select Show original in this menu
5. The full headers will now appear in a new window.

How to see email headers in Thunderbird ( Firefox - Mozilla ) ?

To view email headers,
Go to "View"
Then go to Headers
and select "All" to view email headers.

How to obtain email headers in XtraMail ?

• Log into XtraMail
• Click on "Options" in the Left-hand navigation bar.
• Click the "Display" button.
• Change the "Message Headers" option to "Full".
• Click the "OK" button.



How to view email headers in Outlook Express 4, 5 and 6

Start by opening the message in its own window (or when viewing the message in the preview pane). Then:

With the keyboard:

1. CTRL-F3 (Message Source Window)
2. CTRL-A (select all)
3. CTRL-C (copy)
4. ALT-F4 (close)

With the mouse:

1. Click the "File" menu
2. Click "Properties"
3. Click the "Details" tab
4. Click "Message Source"
5. Highlight, copy and paste everything from this window (Ctrl-A, Ctrl-C)

With viruses, worms and trojans being spread via email, many users now work with the preview screen in Outlook Express turned off. Viewing the contents of email in the preview screen is no different than opening the message. If the email has malicious content, it may execute in the preview screen.

The following is instructions to obtain the full message source if you have the preview panel turned off:

Using the keyboard:

1. Highlight the message in the folder
2. Press alt & enter - this will open a message information window
3. Press Ctrl & Tab - this changes to the "Details" tab
4. Press Alt & m - the opens the message source
5. Press Ctrl & a - to select all the text
6. Press Ctrl & c - to copy the selected text to the clipboard
7. Press Alt & F4 - to close the message source window
8. Press the Esc key - to close the information window




Outlook 97

Microsoft Outlook 97 may require an update called the Internet Mail Enhancement Patch in order to display the email headers AT ALL.

Outlook 98, Outlook 2000, Outlook 2003

1. Open the message in a separate window (double click)
2. Under the View menu select Options
3. Copy the text in the Internet Headers window (unfortunately it doesn't include the message itself).
4. Paste
5. Close the options window

How to View headers in Outlook 2007 ?

In Outlook 2007 you can view the headers without opening the message. Just right click on the email message in your Inbox and choose Message Options. This will show you the headers.

Or you can open the email message. You can open the email message by double clicking on it. Outlook 2007 has a new ribbon user interface. Look at the right of Options and you will see an arrow. Click on the arrow and in the bottom section there is the message options menu with internet headers. This will show you the email headers.

Outlook Express for Macintosh

Select the email. From the View menu, choose Source. A new window will appear containing the email with full headers. Press command + a, to select all, then command + c to copy.

Microsoft Exchange

1. To get the complete headers and message source using Microsoft Exchange Click the "File" menu
2. Click "Properties"
3. Click the "Details" tab
4. Click "Message Source"
5. Highlight, copy and paste everything from the "Message Source" window (Ctrl-A, Ctrl-C)



Microsoft Entourage (Office X for Mac)

To access the full message source with Microsoft Entourage:

* After clicking on the message, select "Source" from the View menu
* A new window will open showing the full message source with complete headers.
* Copy and paste



Mac OS X

To get the full message source:

1. Select a message
2. Select menu item Message, Show, Raw Source.
3. Click on the resulting text
4. Click Edit, Select All, then Edit, Copy
5. Paste

Netscape

Preferred method: Click on the "View" menu, then "Page Source," (ctrl-U in windows, meta-U in UNIX,?-U on the Mac) then copy the contents of the window (Ctrl-A, Ctrl-C windows).

Old versions: Click on the "View" menu, then "Headers," then "All." Note: This method will not work correctly with HTML.



Eudora

Note: Using the cut and paste to the web form method is the only option available to Eudora users. To display the full message source for cut and paste:

Eudora for the Mac:

1. Open the email and click the button on the upper left hand corner of the message. This shows the extended headers.
2. Select the whole message including headers and paste.

Eudora for the PC - there are 2 slightly different methods depending on whether the mail contains HTML or not.

In any case, to prepare for HTML email, you should turn off the use of Microsoft's HTML viewer. To do so, click Tools, then Options, then Viewing Mail. Uncheck the box labeled "Use Microsoft's viewer."

How to know if it's HTML mail: once you have opened the email, look near the bottom of the headers (see below for revealing headers) for a line like the following: Content-Type: text/html ... you can frequently spot HTML email because it has font effects, pictures, etc but this is not always true so you have to take a quick look at the headers.



Eudora for the PC - non-HTML mail:

1. Open the email by double clicking on the subject line. Click the button to reveal the headers.
2. Place your cursor anywhere in the body of the email and select the entire message (Edit/Select All or Ctrl-A)
3. Copy the entire email (right click and click copy OR Ctrl/C OR Edit/Copy)
4. Paste (right click/paste or Ctrl/V).

Eudora for the PC - HTML mail:

1. Open the email and click the button to reveal the headers.
2. Highlight the headers only. Copy and paste the headers.
3. Hit enter twice after the pasted headers to force a blank line after the headers.
4. Back in Eudora window, place your cursor anywhere in the body of the message and right click and click "view source". A new window will open.
5. In the new window, select all (as above) and copy the contents of the new window.
6. Paste




Pine

If the feature is enabled, you simply press "H" to toggle full headers. If the feature is not enabled, you must enable it first: From the main menu, press (S)etup, (C)onfig. Scroll down about 40 lines to the option labeled "enable-full-header-cmd." Press [ENTER]. Press (E)xit, (Y)es - to save. Then you can return to the message window and use "H" to display the headers.

Lotus Notes (v.4.x and v.5.x)

Open the email, click on "Actions" then on "Delivery Information."

Next, you have to pick out the internet-style mail header information from the window that appears when you select Delivery Information.

Lotus Notes v.4.x
Look for the first line that begins with "Received". There should be a blank line just above it. Then, scroll down to the next blank line. The stuff in-between the two blank lines are the headers you need.

Lotus Notes v.5.x
Look for the separator line that reads
-------- Additional Header ------.
Select everything from there down to the next separator line, usually
-------- Routing Information ------.
The stuff in between the two separator lines are the headers you need.

Lotus Notes v.5.x (easier method)

1. Open your inbox
2. Highlight the message that you wish to get header information for.
3. Choose File -> Export...
4. Type in a filename, leave the type as "Structured Text" and click Export
5. From the Dialog Box that comes up, choose "Selected Documents" and click OK
6. Now you can open that message you saved in WordPad and Cut and Paste it.

Pegasus Mail

In the New Mail or other folder window:

1. Right click the message, and select Message Properties.
2. In the right hand column uncheck the box beside Contains HTML data.
3. Click OK. That should allow you to see the message as a text message only.
4. Click Ctrl-H to bring up the full headers.

Another way:

1. Highlight the HTML in the new mail folder
2. Open a new email message
3. Drag the HTML onto the new message
4. In the dialog that appears select "Show All Headers"
5. Highlight the entire message, then copy to clipboard
6. Paste

Claris Emailer

Version 2.0 and higher:

Use the "Show Long Headers" option in the "Mail" menu while you have the message open.

Versions earlier than 2.0:

Click the blue triangle near the "from" information to show additional message information, then click the "Show Original Headers..." button to bring up the full header info.



kmail (KDE Desktop)

In the KDE Mail Client that comes with the KDE desktop for Linux, select Message, View Source. Copy and paste the text from the "Message as Plain Text" window.

GNU/Emacs integrated email

Press the keys 'W', then 'v' in the summary or mail buffer.

Another method of temporarily switching to ALL headers is by pressing "Ctrl-u g" on the article in the summary buffer.

Mail Warrior

To get full "message source"

1. When viewing the message, click File, then Save Message As.
2. A standard save window will appear.
3. Save the message as a .txt file (document.txt).
4. Open the file you created, select all (ctrl-A) and copy (ctrl-c).
5. And paste (ctrl-v).

These instructions written for v.3.56.

Juno Version 4+

On the drop down menu "Options", choose "Email Options...” (press ctrl-E) Under "Show Message Headers", select the "full" option. Click the OK button to save the setting.

Juno version 4+ can display MIME and HTML email, but does not provide a way of Viewing the HTML Source for the message within Juno.

To get the full source, including HTML codes:

1. In the Juno mail client, click "file" and then "Save Message as Text File...” (ctrl-T).
2. Give the file a name which you will remember (many people save temporary files to the desktop).
3. Double-click on the resulting file and then cut-and-paste the contents.

Mutt

To get mutt (the mail user agent) to forward the full headers (not display them for viewing), use the command "unset forward decode" in your rc file or directly in the command interface.

The Bat!

To get the full text of an HTML message from TheBat email software in preparation for pasting it:

- Message -> Save As -> Save as Type - I
- Select Unix Mailboxes[*.mbx]
- Open the file in your preferred editor, then simply cut and paste.

For The Bat! v1.53bis:

- Select the message in question
- Click on the "Messages" menu
- Select "View Source"
- Alternatively, you may push F9 instead of the last two steps.

Pronto mail (GTK/UNIX)

1. Click "Message", then "View Source"
2. Highlight the message source as normal with the mouse
3. Copy using Control + C
4. Paste

StarOffice

1. Right click on the container name in the explorer panel (either a top-level mail box or a specific mail folder).
2. Select the Properties item from the pop-up menu.
3. In the properties notebook, select the Headers tab.
4. Click the "All" button on the right.
5. Press "OK" and you're done, the complete header is available in the header panel and can be selected/pasted.

Novell GroupWise

1. Open the message
2. In the message window select: File > Attachments > View
3. Select the Mime.822 attachment

Blitzmail

With the message open, go to the Options menu and choose Verbose Header. This will put the full header inside the upper pane of the message's window.



Fortι Agent

Fortι Agent versions 1.5 to 1.8:

Press CTRL-R to display in RAW mode, then CTRL-A and CTRL-C

Don't forget to press CTRL-R again to display in normal mode after you do this

Ximian Evolution

http://www.Ximian.com/products/ximian_evolution/

Go to the "View" menu, select "Message Display" and click on "Show Full Headers".

Sylpheed

Sylpheed is an email client for Linux, BSD and Unix systems. Sylpheed offers three ways to view the full source code of messages:

* Select the email
* Right click and mouse-over "View"
* Select "Source" from the popup menu

or....

* Select the email
* Left click on the "View" menu
* Select "View Source"

or....

* Select the email
* Press Ctrl-U (default keymap setting


Web-Based Email Software

Hotmail

To see the full, untangled headers in Hotmail:

1. First, configure your options:
Click on "Options." In the "Additional Options" column, click on "Mail Display Options" and find the item "Message Headers." Choose "Advanced" and click the "OK" button.
2. Then, to report spam:
When viewing a message, use the "View E-mail Message Source" to display the message in raw mode before copying.

Yahoo Mail

Follow these steps:

First you must turn on "Full Headers". From your Yahoo! mail account, click on "Mail Preference". Scroll down the page to "Message Headers" and click on the "all" radio button. Save your preferences at the bottom of the page.

Next, view the message you want to report. If the message is in plain text, copying from this page and pasting it will work.

If the message to be reported is HTML, a two stepped process must be used:

1. View the message and copy the complete headers. Paste these then add a blank line.
2. Go back to the Yahoo! window and select to "Forward" the message as "inline text" (drop down menu). Scroll down the message to the start of the message body. (The first line of the HTML body will usually begin <HTML). Copy the body of the message and paste. Make sure a blank line remains between the header and body.

Excite web-mail

To view the full header information with Excite Webmail:

* Sign in to your email account.
* Click on Preferences on the Email home page
* Click on Email Preferences
* Check the box to display headers
* Click on Save

You can then see the headers in all messages in your folders.

Netscape Webmail

While viewing the message, click on the yellow triangle to the right of the brief message headers. This will display the full headers along with the message body, which can be cut and pasted

To close the full headers and return to brief headers, click the yellow triangle again.

Blitzmail

After opening the message, click on the Verbose Header link at the top of the window.

Operamail

Choose Options and enable [x] Show Message Headers in Body of Message

Lycos Mail (mailcity.com)

When viewing an individual message, click on the tool bar menu item above the message "All Headers". Highlight and copy the complete message from the viewing window and paste it.

Onebox.com

Click on the subject of the email in your inbox or other folder. This displays the message.

At the top of the message you will see the following links in the message frame right above the "reply" buttons:
[folder name]: Prev | Next: Download
Select "Download" from the above.

A new browser window will spawn with both the headers and the message text. At this point, simply copy all the text and paste it.

Outlook Web Access

(as accessed through http://mymail.outlookmail.com/exchange/logon.asp)

Left click on the letter you want to open and click on properties

When that opens click on the details tab

Then on message source

This will open the email so the full headers will be available for viewing

Select and copy the text then paste it.
_________________
Cheers
PC
Back to top
View user's profile Send private message Visit poster's website
casasantoestevo



Joined: 06 Nov 2006
Posts: 3815
Location: O Saviρao, Galicia

PostPosted: Wed Apr 14, 2010 11:28 am    Post subject: Reply with quote

We sometimes report them to http://www.spamcop.net/
I suppose if the ISP receives enough complaints it will act.
_________________
Ian and Irene

Never try to out-stubborn your guests.
Back to top
View user's profile Send private message Visit poster's website
Mountain Goat



Joined: 19 Apr 2006
Posts: 6095
Location: Leysin, Alpes Vaudoises, Switzerland

PostPosted: Wed Apr 14, 2010 3:09 pm    Post subject: Reply with quote

I & I, thanks for that, but I don't understand why not go to their email providers? I haven't come across a spammer not using Yahoo or Hotmail or whatever, and in my experience, they act quickly to stamp them out.

MG
_________________
HolidayPad - Site of the Year / Leysin Chalet Rental
Back to top
View user's profile Send private message Visit poster's website
casasantoestevo



Joined: 06 Nov 2006
Posts: 3815
Location: O Saviρao, Galicia

PostPosted: Thu Apr 15, 2010 11:31 am    Post subject: Reply with quote

Agree that a request for a booking type of Spam is usually from Hotooo,com mail servers. But if they want to sell you viagra (etc) too, then they can come from any address.
_________________
Ian and Irene

Never try to out-stubborn your guests.
Back to top
View user's profile Send private message Visit poster's website
Medoc Bob



Joined: 14 Oct 2010
Posts: 170
Location: Hourtin

PostPosted: Sat Apr 07, 2012 12:22 am    Post subject: Re: Signs of a scam email enquiry, and tracking IP addresses Reply with quote

Paul Carmel wrote:
Hi,

Here is a list of a few things that should start your bells ringing as to whether you are about to be scammed. It is by no means definitive, and I would ask any other members to contribute any other telltail signs. Some of the points have been covered but I just thought it might be useful to have it all in one place.

Bad spelling and grammar

The email all in caps

Vague emails ie I want to rent your house/appartment/hotel/ villa in your area

Anything that is too good to be true ie a 2 month booking out of season

Payment by a sponsor, Or a someone else paying for a honeymoon.

Nigerian Clergy or Dr's from any African state.

Payment, after all this is all they are interested in. No Western Union payments, no overpayments

They will try to cut to the chase when it comes to money, with little regard for anthing else.

Don't get involved with any requests for mobile phones or computers to be bought and placed at the property for their arrival. They will give you a stolen credit card number and you will get nicked, or if it's not reported they will change their mind and ask for it to be posted onto them

Anything that feel out of the ordinary, trust your own feelings

Tel numbers - you can get a legit UK phone number over the net and have it diverted to a mobile, so just because they look real you could be talking to someone on a pay-as-you-go in Lagos.

IP locator:

http://www.ip-to-location.com/free.asp - try to get to grips with this, it will tell you where the email really came from. If you don't like this one there are plenty of other free ones on the web, follow the instuctions below:-

I have nicked this from www.419eater.com


Reading Email Headers
(a public service announcment from 419weasel, who would like to remind you to "bait safe")

Here is the answer to what is probably THE most asked question when it comes to baiting, "How can I find thier IP address?".

The answer is very simple. Since most scammers use Yahoo!, finding their IP address is fairly simple. First, we will look at a typical header from an email sent to my gmail account from a scammer using Yahoo!. (email addresses have been replaced with "xxxscammer@yahoo.com or xxxbaiter@gmail.com" to prevent box killing)

X-Gmail-Received: 3aea05e30c6ec9798d6c51537eaebadfa6d600fd
Delivered-To: xxxbaiter@gmail.com
Received: by 10.64.27.17 with SMTP id a17cs505121qba;
Fri, 8 Sep 2006 12:02:49 -0700 (PDT)
Received: by 10.70.29.7 with SMTP id c7mr737346wxc;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Return-Path: <xxxscammer@yahoo.com>
Received: from web57215.mail.re3.yahoo.com (web57215.mail.re3.yahoo.com [216.252.111.231])
by mx.gmail.com with SMTP id h40si3005666wxd.2006.09.08.12.02.47;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of xxxscammer@yahoo.com designates 216.252.111.231 as permitted sender)
DomainKey-Status: good (test mode)
Received: (qmail 92842 invoked by uid 60001); 8 Sep 2006 19:02:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-
Version:Content-Type:Content-Transfer-Encoding;
b=FW475h+KQ0l5uOS0HzHoOAYdM5Z3
+htGaFFzrlKhR6BI0ezNCSaB/JfK8fGO
jlwwXSu5gm/kH4R3IpBPImhJLFUqoIfQeA
UdAIQq7nDjsipcFcdw/PdSocGWbe2
DLeSDLiva0hm+KVakxSeSITHHENjF06k4IsndnXsrsqICyXg= ;
Message-ID: <20060908190247.92840.qmail@web57215.mail.re3.yahoo.com>
Received: from [209.159.166.122] by web57215.mail.re3.yahoo.com via HTTP; Fri, 08 Sep 2006 12:02:47 PDT
Date: Fri, 8 Sep 2006 12:02:47 -0700 (PDT)
From: XXX Scammer <xxxscammer@yahoo.com>
Subject: MY IP ADDRESS IS NAKED AS A NEWBORN BABY!
To: XXX Baiter <xxxbaiter@gmail.com>
In-Reply-To: <1a7adfd70609070650y227ac44al796b19033acbcc30@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1932846235-1157742167=:91815"
Content-Transfer-Encoding: 8bit

--0-1932846235-1157742167=:91815
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


When reading a header to find the IP address, start from the bottom and work your way up. The sender's IP address is usually the first one from the bottom, sometimes the second. In the case of this header, the sender's IP address is 209.159.166.122.

Now that we have the scammer's IP address, let's see where he is. Copy that IP address and go to http://www.dnsstuff.com . Choose an option that fits your IP (or domain name) tracing needs, paste it in the field and click the button. This will usually show you who OWNS the IP address block. If you are looking for a geographic location, try http://www.ip2location.com/free.asp ...

No IP address lookup is 100% accurate. In the case of this particular scammer, the IP address is located in Nigeria and his ISP is "Direct On PC". However, sometimes this can be deceiving. Alot of scammers use satellite internet providers, which will make them appear to be in Australia, Isreal, Utah and several other locations. Please remember, scammers can come from any country or any walk of life and are just as able to trace IP addresses, which is why it is VERY important to BAIT SAFE!
_________________



If you are on Gmail (and maybe other email services work the same way), be aware that if you reply to a scammer his or her email address will automatically be added to your address book. So if you do a mailout they will receive it aswell and are more likely to come back to you sounding even more convincing.

As I said this list is not definitive, and it's too early in the morning for me! Feel free to chip in with any other advice, but could we please keep it on topic!

That's it for me, I am off to my local WU office.


I run an Internet security Company, we provide VPN's so if all above sounds a bit complicated.

You could always try a human bluff and ask then to confirm their IP address to see if it matches their email IP.

I would imagine most genuine customers would say "what" and a scammer would ask "why"
_________________
Back in UK, our house in France is now back as a Holiday Home
Back to top
View user's profile Send private message Visit poster's website
HeatherM



Joined: 17 Oct 2012
Posts: 34
Location: Madeira, Portugal

PostPosted: Tue Mar 26, 2013 9:18 pm    Post subject: Reply with quote

Brilliant advice...I've just followed the trail from a mail I received today from a BRIAN SMITH of HolidayRentalPlanners.Com

Seems his IP address is based in Mumbai...not Longcroft House, 2-8 Victoria Avenue, London, UK EC2M 4NS!!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Lay My Hat Forum Index ->
Scam email enquiries
All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group