Author |
Message |
MidlandBlue2010
Not quite a Newb
Joined: 03 Sep 2010
Posts: 31
|
Posted:
Fri Sep 03, 2010 9:44 am |
|
Hi,
I received what appears to be a scam email this morning.
On the face of it, it seems that it has been sent from a university account in the UK. The return path is a mailbox at that university but also the route in the email header seems to suggest that it did come from that university.
The only attempt to spoof a return address, seems to be the fact that the author of the email requests that responses are sent to a different webmail account.
Now, I have a little technical understanding, but not much, so it may well be that I have misunderstood the header information.
I have no idea whether this is actually an attempt to start a scam, or whether it is just a student messing about. My first instinct was to send the email header to the admins at the university, but I am struggling to find their contact details.
Just wondered if anybody here had any thoughts on what I should do, if anything.
I am happy to post the header here, but I am not sure if I am allowed to under the forum rules.
Any thoughts would be appreciated. |
|
|
|
|
conga22
Baiting Guru
Joined: 08 Jul 2009
Posts: 2097
Location: Look Behind You
|
Posted:
Fri Sep 03, 2010 9:49 am |
|
Hello Midlandblue2010 and welcome to eater You can go ahead and post the headers here. Remember to take out YOUR personal info first. BTW I hope you are baiting Safely. Read the stickies, read eater uni and if you want apply for a mentor, kiss your free time goodbye but most of all have fun. |
_________________ PLEASE,WE DO NOT WANT ANY URGLY SITUATION IN THIS TRANSACTION
There is a lot of spaces in the receipt for them to put their stamp, so why do they put the stamp on the 10 digital codes, and you know that without the correct number ,western union here cannot issue out the payment. (I know )
When i tell you how to do things well you will do the opposite Why?-Joseph D1ar4
X60 X3
watch video here Lagos to Cotonou - thanks Mr. Grant
x4 |
|
|
|
MidlandBlue2010
Not quite a Newb
Joined: 03 Sep 2010
Posts: 31
|
Posted:
Fri Sep 03, 2010 10:07 am |
|
Thanks conga22.
Here is the header, I have removed a few IDs that I thought might possibly be traceable back to me (I replaced them with ***DELETED****), but other than that, this is the complete header and body.
---------------------------
X-Message-Delivery: ******DELETED*********
X-Message-Status: n:0
X-SID-PRA: Evans N. <[email protected]>
X-AUTH-Result: NONE
X-Message-Info: ******DELETED*********
Received: from laurel.swan.ac.uk ([137.44.1.237]) by
BAY0-MC4-F34.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 2
Sep 2010 21:33:36 -0700
Received: from [137.44.42.25] (helo=ccs-owa1.brynmill.swan.ac.uk) by
laurel.swan.ac.uk with esmtp (Exim 4.70) (envelope-from
<[email protected]>) id 1OrNy1-0000DC-L0; Fri, 03 Sep 2010 05:33:33 +0100
Received: from CCS-EXCHANGE1.brynmill.swan.ac.uk ([137.44.48.24]) by
ccs-owa1.brynmill.swan.ac.uk with Microsoft SMTPSVC(6.0.3790.4675); Fri, 3 Sep
2010 05:32:37 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CB4B21.08BC26BA"
Subject: read and respond
Date: Fri, 03 Sep 2010 05:32:36 +0100
Message-ID: <******DELETED*********@CCS-EXCHANGE1.brynmill.swan.ac.uk>
Thread-Topic: read and respond
Thread-Index: ******DELETED*********
From: "Evans N." <[email protected]>
X-OriginalArrivalTime: 03 Sep 2010 04:32:37.0532 (UTC) FILETIME=[097C0DC0:01CB4B21]
Return-path: [email protected]
This is a multi-part message in MIME format.
------_=_NextPart_001_01CB4B21.08BC26BA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I am Captain Bruce F Nickerson of the US Marine here in Iraq, I need =
your help in moving a huge amount of money out of Iraq.Please do contact =
via me on [email protected] only.
------_=_NextPart_001_01CB4B21.08BC26BA
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML dir=3Dltr><HEAD>=0A=
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dunicode">=0A=
<META content=3D"MSHTML 6.00.5730.13" name=3DGENERATOR></HEAD>=0A=
<BODY>=0A=
<DIV><FONT face=3DArial color=3D#000000 size=3D2>=0A=
<DIV><FONT face=3DArial color=3D#000000 size=3D2>I am Captain Bruce F =
Nickerson of the US Marine here in Iraq, I need </FONT><FONT =
face=3DArial color=3D#000000 size=3D2>your help in moving a huge amount =
of money out of Iraq.Please do </FONT><FONT face=3DArial color=3D#000000 =
size=3D2>contact via me on <A =
href=3D"mailto:[email protected]">[email protected]</A> =
only.</FONT></DIV></FONT></DIV></BODY></HTML>
------_=_NextPart_001_01CB4B21.08BC26BA-- |
|
|
|
|
Roycropper
Baiting Guru
Joined: 14 Nov 2005
Posts: 7992
Location: Luxury Coffin
|
Posted:
Fri Sep 03, 2010 10:14 am |
|
Quote: |
IP address [?]: 137.44.48.24 [Whois] [Reverse IP]
IP country code: GB
IP address country: United Kingdom
IP address state: Swansea
IP address city: Swansea
IP address latitude: 51.6333
IP address longitude: -3.9667
ISP of this IP [?]: Swansea University
Organization: Swansea University
Host of this IP: [?]: ccs-msclnode3.brynmill.swan.ac.uk [Whois] [Trace] |
However, there are probably a lot of common use PCs at Swansea University. Looks like they have a resident lad though. |
_________________ the European Union has bounced on our freckles
COULD YOU IMAGINE WHAT HAPPENED WHEN I WENT TO THE BANK
our Agent is Completely broke, pocketless and stranded
I WLL SEND AN AFRICA WITCH TO ATTACH YOU BASTARD
You go die like bird
i started shouting HALLELUJAGOBBLE but none of them notice me immediately police arrested me due to the shouting
f*ck u asshole ur damn mother will loose ur fcuking skull brain ur brain is nothing to compare with rat f*ck ur u
MY FRIEND ALEX WAS DETAINED IN POLICE STATION
I am not happy due to the question i answered at money office. Let me tell you do not play with me ok.
x4 6Yrs x6 |
|
|
|
TheDane
Baiting Guru
Joined: 13 Aug 2010
Posts: 5194
Location: Meanwhile, somewhere else...
|
Posted:
Fri Sep 03, 2010 11:49 am |
|
Someone sent me the same script, but my lad is in Nigeria:
Quote: |
Delivered-To: rev********@gmail.com
Received: by 10.227.136.141 with SMTP id r13cs10784wbt;
Wed, 1 Sep 2010 01:04:17 -0700 (PDT)
Received: by 10.213.56.17 with SMTP id w17mr11258461ebg.76.1283328256589;
Wed, 01 Sep 2010 01:04:16 -0700 (PDT)
Return-Path: <[email protected]>
Received: from blu0-omc1-s38.blu0.hotmail.com (blu0-omc1-s38.blu0.hotmail.com [65.55.116.49])
by mx.google.com with ESMTP id w46si24019157eeh.87.2010.09.01.01.04.15;
Wed, 01 Sep 2010 01:04:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.116.49 as permitted sender) client-ip=65.55.116.49;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.116.49 as permitted sender) [email protected]
Received: from BLU148-W18 ([65.55.116.7]) by blu0-omc1-s38.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 1 Sep 2010 01:03:24 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_8060b119-dcd6-4ce7-99bd-e8575c87d0e9_"
X-Originating-IP: [41.219.254.5]From: Capt Bruce F Nickerson <[email protected]>
To: <[email protected]>
Subject: =?windows-1256?Q?Proceeding?= =?windows-1256?Q?_Email._Pr?=
=?windows-1256?Q?ovide_Requ?= =?windows-1256?Q?ested_Info?=
=?windows-1256?Q?rmation=FE=FE=FE?= =?windows-1256?Q?=FE=FE?=
Date: Wed, 1 Sep 2010 09:03:24 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Sep 2010 08:03:24.0557 (UTC) FILETIME=[26DF6BD0:01CB49AC]
--_8060b119-dcd6-4ce7-99bd-e8575c87d0e9_
Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: 8bit |
A little IP search reveals the location: http://www.ip-adress.com/ip_tracer/41.219.254.5
But it's probably just two lads using the same scripts. |
_________________ x122 x3 x2 x2 x13
Trafalgar Square 2013
Goat Milk Lad 2012-13:
Lagos-Ouagadougou-Arbinda Warri-Yaoundé
I AM A FOOL AND I AM SO DISAPPOINTED - Brother Okei AKA Goat Milk Lad
I do not wish my enemy what I have experienced and this humiliation you are putting me through - Rushforth (on behalf of Dharma & Dr Mike)
Last edited by TheDane on Mon Jun 18, 2012 2:15 pm; edited 1 time in total |
|
|
|
Cougar
Elite Baiter
Joined: 16 Apr 2009
Posts: 1293
Location: Curled up on the doctor's chair.
|
Posted:
Fri Sep 03, 2010 12:08 pm |
|
This really annoys me. I'm an administrator at an English university (not Swansea unfortunately) and if any of our students are found to be misusing their internet/email accounts they are disciplined. Actual consequences vary between universities but at ours they would be given a formal warning, then if they continued they would be expelled. If they're here on a student visa this would no longer be valid and they would have to return home/be deported.
@OP - 2 ways to go with this. Bait and have fun, or contact the Uni system admins. Check the website, a quick phone call to the switchboard should give you a contact. Maybe check out what action would be taken before deciding how to act.
Positive - lad gets a nasty shock/kicked off the course/kicked out the country. Negative - we lose contact with lad, lad continues scamming elsewhere. |
_________________ |
|
|
|
evil_sheep
Compulsive Self Abuser
Joined: 15 Jul 2010
Posts: 1100
Location: 419eater Passport office.
|
Posted:
Fri Sep 03, 2010 12:17 pm |
|
Quote: |
Received: from [137.44.42.25] (helo=ccs-owa1.brynmill.swan.ac.uk) by
laurel.swan.ac.uk with esmtp (Exim 4.70) (envelope-from
<[email protected]>) |
There's the clue - the "OWA" - Outlook Web Access.
Neil Evans has had his Unversity email account compromsed and the scammer is sending out 419's through the web based email system, that lets the Uni students log in from anywhere in the world.
It's not likely to be a student at Swansea who is actually sending this stuff out - if they had the money to come to Wales to study, then they wouldn't need to try to scam people. |
_________________ x11 x3
"I thank you for your quick massage this morning. " - Prince Abdul Hakeem
"u lied. i know u as black man" - Timothy Fred
"Get out. If you mail me again, i will destroy your mailbox." - Clydesdale Bank PLC.
"picece of shit gett off here junkie" "arse hole like u" "u r a bullshit around the corner" "fuck off and die" "is that how you write ur father?" "do u need some crack from Brazil?" "please leave me alone" - Dr. Mohamed Gaza
FREE BEER!
"Baiting is like sex. If it does go pear-shaped, pull out, get a new email address and try again from a different angle." - Me |
|
|
|
TheDane
Baiting Guru
Joined: 13 Aug 2010
Posts: 5194
Location: Meanwhile, somewhere else...
|
Posted:
Fri Sep 03, 2010 12:47 pm |
|
I'd alert the owner of the comprimised mail addy right away. |
_________________ x122 x3 x2 x2 x13
Trafalgar Square 2013
Goat Milk Lad 2012-13:
Lagos-Ouagadougou-Arbinda Warri-Yaoundé
I AM A FOOL AND I AM SO DISAPPOINTED - Brother Okei AKA Goat Milk Lad
I do not wish my enemy what I have experienced and this humiliation you are putting me through - Rushforth (on behalf of Dharma & Dr Mike) |
|
|
|
evil_sheep
Compulsive Self Abuser
Joined: 15 Jul 2010
Posts: 1100
Location: 419eater Passport office.
|
Posted:
Fri Sep 03, 2010 12:51 pm |
|
And let it get deleted by the scammer?
I'll give the Uni a ring - they are only down the road anyway
Edit - I let the IT department know, who say they will look into it. |
_________________ x11 x3
"I thank you for your quick massage this morning. " - Prince Abdul Hakeem
"u lied. i know u as black man" - Timothy Fred
"Get out. If you mail me again, i will destroy your mailbox." - Clydesdale Bank PLC.
"picece of shit gett off here junkie" "arse hole like u" "u r a bullshit around the corner" "fuck off and die" "is that how you write ur father?" "do u need some crack from Brazil?" "please leave me alone" - Dr. Mohamed Gaza
FREE BEER!
"Baiting is like sex. If it does go pear-shaped, pull out, get a new email address and try again from a different angle." - Me
Last edited by evil_sheep on Fri Sep 03, 2010 12:53 pm; edited 1 time in total |
|
|
|
Slightlyoutofit
Baiting Guru
Joined: 13 Feb 2007
Posts: 14310
Location: Foraging for Nuts.
|
Posted:
Fri Sep 03, 2010 12:51 pm |
|
evil_sheep wrote: |
It's not likely to be a student at Swansea who is actually sending this stuff out - if they had the money to come to Wales to study, then they wouldn't need to try to scam people. |
Wanna bet?
I've run into literally dozens of lads who have moved over here on student visas and scam in between lectures.
Having the money to move to the West means nothing - if a lad sees an easy buck, believe me, he'll take it.
@TheDane. Going through the uni admin is still the best bet. |
_________________
God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole |
|
|
|
evil_sheep
Compulsive Self Abuser
Joined: 15 Jul 2010
Posts: 1100
Location: 419eater Passport office.
|
Posted:
Fri Sep 03, 2010 12:57 pm |
|
The name "N Evans" isn't particularly Nigerian, but I agree, he could have left himself logged in "stupidly" in the library
It is more likely to be a keylogged installed on a PC on which Mr Evans has logged in on, however. |
_________________ x11 x3
"I thank you for your quick massage this morning. " - Prince Abdul Hakeem
"u lied. i know u as black man" - Timothy Fred
"Get out. If you mail me again, i will destroy your mailbox." - Clydesdale Bank PLC.
"picece of shit gett off here junkie" "arse hole like u" "u r a bullshit around the corner" "fuck off and die" "is that how you write ur father?" "do u need some crack from Brazil?" "please leave me alone" - Dr. Mohamed Gaza
FREE BEER!
"Baiting is like sex. If it does go pear-shaped, pull out, get a new email address and try again from a different angle." - Me |
|
|
|
wowwow
Elite Baiter
Joined: 14 Apr 2009
Posts: 1795
Location: Here is the picture of the cash in the boxes before we send it down to the company to deposited it
|
Posted:
Fri Sep 03, 2010 1:04 pm |
|
As a sys admin I would agree with evil sheep. Contact the I.T department and alert them to this and they can take the appropriate action. They can at least suspend the account until they can investigate. I know it's not policy to close scammer e-mail accounts but in this case it's more than likely a users account is being exploited. |
_________________ Please do not contact anybody again expect me on here because they are many hijackers on internet SGT Tony Benson
OK IF THERE IS A BULLET IN YOUR HEAD IS THAT ENOUGH PROOF Devil Killer Squad
YOU CALL THE F B I BASTARDS. YOU WILL SUFFER FOR THIS. WE HAVE TRACED YOU WITH ALL YOUR DETAILS FBI WARNS
I am the person who owns the safe firm in UK but right now on sick bed for my heart surgery due to my heart failure M Efosa
Tell them to go to hell and burn to arches Prince Jerry Zulusofola
I don’t have job, I am a hacker, hacking jawing stick and Sachet water Udeh Ebuka
http://forum.419eater.com/forum/viewtopic.php?t=162469
x5 |
|
|
|
TheDane
Baiting Guru
Joined: 13 Aug 2010
Posts: 5194
Location: Meanwhile, somewhere else...
|
Posted:
Fri Sep 03, 2010 1:12 pm |
|
wowwow wrote: |
I know it's not policy to close scammer e-mail accounts but in this case it's more than likely a users account is being exploited. |
My point exactly. It's not a scam-addy, but an ITP who's gotten his compromised. And going through the Uni Admin is of course every bit as good, if not better than notifying the guy himself (and risk alerting the scammer as well). |
_________________ x122 x3 x2 x2 x13
Trafalgar Square 2013
Goat Milk Lad 2012-13:
Lagos-Ouagadougou-Arbinda Warri-Yaoundé
I AM A FOOL AND I AM SO DISAPPOINTED - Brother Okei AKA Goat Milk Lad
I do not wish my enemy what I have experienced and this humiliation you are putting me through - Rushforth (on behalf of Dharma & Dr Mike) |
|
|
|
theblob
419Eater is my life
Joined: 31 May 2010
Posts: 255
|
Posted:
Fri Sep 03, 2010 3:10 pm |
|
Doesn't anybody else find it strange he doesn't make use of his legit looking address in his script?
What I mean is, why doesn't he use it to pretend he's a student instead of an US Marine? |
_________________ OINK OINK ! > x16 |
|
|
|
Mr Tambourine Man
Baiting Guru
Joined: 06 Jun 2008
Posts: 3398
Location: Magic swirlin' ship
|
Posted:
Fri Sep 03, 2010 4:04 pm |
|
It makes no sense to me either. |
_________________ is always Good when you have the zeal to be a hitwoman when you out of school,it makes you bold and reall and it makes you more high than any other of your friend.
NOW AMBACK FOR YOU AGAIN STURBORN SHIT
you dont have a phone.that makes makes you joe butt
Fuck you and go find something to do man. Stop disturbing me please.
This is definitely why you will remain and die in poverty, ignorant of good things and easy acknowledgment of bad things and words. Shame on you, you wicked generation children.
i went you to no that this is not a cheld pray. i went you to get back to me
we are not scammer,we hate scammer as you do.scammer make out life harder and harder,a lot of people think we are scammer,in fact,we are not!! please trustt us |
|
|
|
grimbleton
Not quite a Newb
Joined: 24 Aug 2010
Posts: 53
Location: dodging gridbugs
|
Posted:
Fri Sep 03, 2010 6:03 pm |
|
Slightlyoutofit wrote: |
I've run into literally dozens of lads who have moved over here on student visas and scam in between lectures. |
i live in a "university town" in the US. and i concur with SOOI's summation. some of the most money-grubbing people i've ever had the misfortune to meet have been the ones that did it "just because".
the student could very well have been hacked and may very well be an innocent victim. but let's not rule out the possibility that he just might be an asshole.
cheers
grimbleton |
_________________ "if i'm going to "go to hell" it might as well be for something that's fun or funny." -- grimbleton |
|
|
|
Rick Shaw
Master of Master Baiters
Joined: 10 Jan 2010
Posts: 503
|
Posted:
Tue Sep 07, 2010 4:43 am |
|
This is not the first time this has happened and there other posts on here about similar situations. |
_________________ X176
IyaNA UR MAMA BE THIS OH.... La ya e.e.....Mad man.. Dr Usman Ahmed
YOUR MOTHER TOTO DID YOU UNDERSTAND.OTU NNE GI UNDERSTAND.
YOUR MOTHER TOTO DID YOU UNDERSTAND.BYE FOR NOW.GUY. Victor Owusu.
Take care little odd friend - D@ve L3wis
FOLL PUT THIS TO YOU FUCKING BIG HEAD. V1ctor OwusV
I never knew that a man who claim to have reputation could be so rude ,nasty and very barbaric like you did. (death cert faked) Dav1d Caruso
YOU ARE A BASTARD AND THE WORST AND WORST POOREST BASTARD ON THIS EARTH PLANET. GO TO HELL AND PUBLISH THE FUCKING PUSSY OF YOUR MOTHER AND YOUR FEMALE DAUGHTERS AND YOUR OCTOPUS LONG DICK. YOU SEE WEALTH COMING ON YOUR WAY ON A PLATTER OF GOLD AND YOUR REFUSE TO GRAB IT. M1chael Pyl3
Neither am i a nadger hunter Joe OmQ |
|
|
|
|