Shipping Scam

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Hello I'm New here! Joined: 02 Jun 2008 Posts: 3

A friend has just posted the following on a board I am a member on:

Quote:

Can anyone tell me how/help me to trace the IP address and location etc of someone who has emailed me?

Long story short, selling my m/bike on bike trader and some chap in canada (!) wants to buy it.

Apparently he's going to send a "genuine banking draft" for the purchase price plus £1375 for shipping, and wants me to pay £1375 to the shipping company in turkey.

Obviously I'll tell him to sod off, but wanted to locate him and help the authorities first.

Alternatively, I know some people have scammed scammers. Anyone have any tricks? I want to try and get this guy good, but need to do it within the confines of the law, obviously, otherwise I say bye bye to my job! LoL!

I am not sure of the IP thing, but has anybody heard of this scam, or has any advice on how to get them back?

Posted: Mon Jun 02, 2008 4:20 pm

Hi and welcome Very Happy

This is a very typical overpayment scam. The scammer has no interest in the actual item sold.
The scammer sends a fake check for more than the value asked. The victim cashes the check, sends the money on to the scammer's shipper (usually via Western Union) and once the bank discovers the fraud, the victim is responsible for paying back the money.

As for ip's:
if your friend is using yahoo, tell him to open the email then at the bottom right hand corner of the emai, there's a button that says "show full headers", click on this then copy and paste the full headers here and we'll be happy to help further. My guess is that the scammer is actually located in Canada as there are many fake checks scammers operating out of there.

Hello I'm New here! Joined: 02 Jun 2008 Posts: 3

Thanks for this reply, I thought this was the case, but I thought it best to ask the experts.

I will go back to Si and get an IP address and see where we go for from there Twisted Evil

Hello I'm New here! Joined: 02 Jun 2008 Posts: 3

From Jeff Morrison Fri May 30 16:55:48 2008
Return-Path: <[email protected]>
Authentication-Results: mta158.mail.ukl.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 98.136.44.37 (HELO n61.bullet.mail.sp1.yahoo.com) (98.136.44.37)
by mta158.mail.ukl.yahoo.com with SMTP; Fri, 30 May 2008 16:55:50 +0000
Received: from [216.252.122.216] by n61.bullet.mail.sp1.yahoo.com with NNFMP; 30 May 2008 16:55:48 -0000
Received: from [69.147.65.158] by t1.bullet.sp1.yahoo.com with NNFMP; 30 May 2008 16:55:48 -0000
Received: from [127.0.0.1] by omp406.mail.sp1.yahoo.com with NNFMP; 30 May 2008 16:55:48 -0000
Received: (qmail 87669 invoked by uid 60001); 30 May 2008 16:55:48 -0000

DomainKey-Signature: Deleted - Blowout

Received: from [77.103.150.27] by web45615.mail.sp1.yahoo.com via HTTP; Fri, 30 May 2008 09:55:48 PDT
Date: Fri, 30 May 2008 09:55:48 -0700 (PDT)
From: Jeff Morrison <[email protected]>
Subject: Payment details needed.
To: "[email protected]" <[email protected]>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1589834048-1212166548=:87662"
Content-Transfer-Encoding: 8bit
Message-ID: <[email protected]>
Content-Length: 9780

Here is the full header

Elite Baiter Joined: 19 Jan 2008 Posts: 1043

Apelord gives it as 77.103.150.27 - United Kingdom.

Will try a few others.

Edit: they all agree with london. Geobites says it isn't a proxy. Google has no hits.

Edit 2: neither email address gives any hits either. You may want to delete your friends email from the header.