Author |
Message |
redux13
Hello I'm New here!
Joined: 30 Nov 2012
Posts: 6
|
Posted:
Fri Nov 30, 2012 9:51 pm |
|
Hi folks
As the title states; I am indeed a lurker having enjoyed many a time reading the exploits of 419 scambaiters.
Recently, I have started to receive weird spam, not the usual rubbish I get but of the sort that are from nigerian women needing doctors etc etc. I had deleted them instantly but another came through just recently and I thought this might interest someone looking for a good scambait.
I am not sure if allowed to post the message, it is pretty succint, nothing vulgar or offensive unless you count the fact this guy wants a trusted person to invest $43 million for him. The fact he's never met me makes him an excellent candidate.
I am not interested in the actual scambaiting, not for me I'm afraid - plus given my work - which involves detecting phishing etc (I've entered their sites in the past just to type a very sharp no thanks you filthy scammer into the passwords section - but not in those words, far less politely )
I have the email and sender's address if anyone wants it.
Cheers |
|
|
|
|
Joker
*** BANNED ***
Joined: 26 Jul 2012
Posts: 1123
|
Posted:
Fri Nov 30, 2012 10:08 pm |
|
Post away on the email address and format before curiosity kills the cat in a violent wok related yet surprisingly delicious accident.
You can also post it here in the surplus section:
http://forum.419eater.com/forum/viewforum.php?f=18 |
_________________ All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر |
|
|
|
redux13
Hello I'm New here!
Joined: 30 Nov 2012
Posts: 6
|
Posted:
Fri Nov 30, 2012 10:14 pm |
|
Here it is in all it's glory:
From: CAPT. WAYNE GIBBS. <[email protected]>
To:
Sent: Monday, 26 November 2012, 17:40
Subject: Dear Friend
Dear Friend
I hope my e-mail meets you well. I am in need of your assistance. My
name is CAPT. WAYNE GIBBS,of the Engineering Unit of US Military here in
Baghdad Iraq; we have about $45 Million US dollars that we want to move
out of the country in three digital boxes.
My partners and I need a Trustworthy person, whom we can rely on.
someone we can trust to receive the funds on our behalf.For investment.
REGARDS,
CAPT. WAYNE GIBBS.
Email:[email protected]
A true Belter indeedy. |
|
|
|
|
Nailgunner
Baiting Guru
Joined: 01 May 2008
Posts: 8727
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ
|
Posted:
Fri Nov 30, 2012 10:28 pm |
|
Digital boxes, how nice, the old analogue boxes were getting a bit long in the tooth.
Do you have the email headers? sometimes helps to know where it came from.Plus this is a compromised .edu address so it needs reporting and flattening.
Thanks for sharing |
_________________
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least" |
|
|
|
redux13
Hello I'm New here!
Joined: 30 Nov 2012
Posts: 6
|
Posted:
Fri Nov 30, 2012 11:25 pm |
|
Hi
Nope - it was really basic; just said from CAPTAIN WAYNE GIBBS. Everything contained is in the message. If you click reply, you get the same stuff.
Glad to be of service. These have started springing up more and more so happy to send any your way. |
|
|
|
|
Nailgunner
Baiting Guru
Joined: 01 May 2008
Posts: 8727
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ
|
Posted:
Fri Nov 30, 2012 11:30 pm |
|
I mean the email source code, if you click "show original" in Gmail or "show headers" in some other webmails, you get a pile of code that shows outgoing and recieving IP addresses, routing info and tons of other stuff. This si what we use to get intel on lads. Often we don't learn much but sometimes it's a nice clue to what's going on. Worth knowing about |
_________________
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least" |
|
|
|
redux13
Hello I'm New here!
Joined: 30 Nov 2012
Posts: 6
|
Posted:
Fri Nov 30, 2012 11:34 pm |
|
Hello again
Sorry, completely showing myself up to be the scambaiting virgin I am.
Is this what you're after?
From CAPT. WAYNE GIBBS. Mon Nov 26 17:40:11 2012
X-Apparently-To: via 188.125.84.49; Mon, 26 Nov 2012 09:36:12 -0800
Return-Path: <[email protected]>
X-YahooFilteredBulk: 163.20.28.130
Received-SPF: none (domain of tres.ntpc.edu.tw does not designate permitted sender hosts)
X-YMailISG: hC03hvcWLDsOzoLJyifJlESFZaGjBGBGTuw0k1X0CRvB4h2b
kCadJ7g5PbjyaqXRHKp5G_4mfuss3EH8LDpiJAjAuPYQtASvb8wZ1EDAnNbs
nfDDCOjXjFHIXNmNhwejHlGcx8Z3jfCJSwkFyaabkzW5BhDigZjiIDjFtomr
6bR.BwKAConE2jR44McB.OmiryQZhabk3Yo5tEL9OlftzMmUFr7VAiCCjw32
nOHmzHFwhGCA2XogLxfn19BLa1FOrXkTZKikZgAX4JPZ0pRVIoQsbSK63aEn
UjLRQ_WRzE5px4DYZxJWnaHylbf05S44RIjIaer62zvqwhzmGDGKPTkfx6QG
RHIduQCek08BYJ1YwkOTwFfy7yA6TuIUVn11x1pJJwdSRa4N0QGEZxk7PnPg
TqMlA1dU7XfqwF.qP7s1I7sqo2SqLI9XA15_bAm53QtwBMiUnxFcTfDSd.gM
.crifTryJQQRwntKU91K2ako1SpqDzgnEGiKkKcWojAPGFl60Ll2HS1h1fCK
d0PZ5gJu._NmjAeqMxeWh2XNh5fx1TNP3cIi5aYhRHVVWgZ80jYBsZYuRdD0
CcGaDe.c0JQN7sALiX60986iHiRREucrMz5Aaydlr47HxF3F.7VG3RugY9kE
n6JQ_oav8Po9hkkdof0fYIXCzoH_fEIiD0abIwI45biogqBciTbjNkGKwBF6
jKTpXd1OCo8WLEjEOIsuk3DfFUcObdaKVoOTyvnZnLAYzt5fewRAbUkVBmgL
5Lw3z7mteYKSm5DQAWs48qJGYbFK3IJ0fI._p7gUiaqsbWW5kdF64knyqA5H
kcfVtWhE19zdooq2ufUake3ahtn3Z2M2GfSNaJ.cdHf0_uyPnphFCfYO1fVX
9zkwPfq7RyB3jmxr3KkgUaGqYbRPlhVNwur9z_2uISQC..fTDMsjtbStC9Pa
rHjt5UtFy7yXG5yN2PTzOqoDD8a6t56W1Wt3sF9xRmKJldRO8PbJ3BttKXGx
GuZo4GzM3nNAa66JGPqUoxFCtgSQ6mmjSfsXX7QDQEhnr8CxrwFvQRiWr2iV
FZuS_uCChZeQMg_ZRlYssXuOtKE9sHcg2.283LZriA--
X-Originating-IP: [163.20.28.130]
Authentication-Results: mta1029.bt.mail.ird.yahoo.com from=tres.ntpc.edu.tw; domainkeys=neutral (no sig); from=tres.ntpc.edu.tw; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO msa.tres.ntpc.edu.tw) (163.20.28.130)
by mta1029.bt.mail.ird.yahoo.com with SMTP; Mon, 26 Nov 2012 09:36:11 -0800
Received: (from nobody@localhost)
by msa.tres.ntpc.edu.tw (8.11.6/8.11.6) id qAQHeBn93451;
Mon, 26 Nov 2012 09:40:11 -0800 (PST)
(envelope-from [email protected])
Date: Mon, 26 Nov 2012 09:40:11 -0800 (PST)
Message-Id: <[email protected]>
X-Authentication-Warning: msa.tres.ntpc.edu.tw: nobody set sender to [email protected] using -f
From: "CAPT. WAYNE GIBBS." <[email protected]>
To:
Reply-To: [email protected]
Subject: Dear Friend
X-Mailer: NeoMail 1.24
X-IPAddress: 41.71.147.220
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 472 |
|
|
|
|
vonpaso xlura
Baiting Guru
Joined: 10 Apr 2011
Posts: 13781
Location: Bertcad, Lojbanistan
|
Posted:
Sat Dec 01, 2012 1:09 am |
|
Yes, those are the headers. Whois on that IP address gives:
[whois.twnic.net]
Netname: T-TP2RC.EDU.TW-NET
Netblock: 163.20.0.0/16
Administrator contact:
[email protected]
so that's the address to tell about the compromised account.
To bait it, you send an email to the Reply-To address. Do not report the Reply-To address to Yahoo; we want it to stay open, so that others who get email from the same scammer can google the address and know that it's a scam. |
_________________ ×12 ×3 ×3
unwashed
×163
×186
Accra - SH Cotonou
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
you are big fool by send a fake payment information and never you contact me again asshole .
your passgae bearing your ATM CATD ... Ant Terrorist Certificate ... legal verterbrate ... expartiate your meaning ... gets to your dwaignted address ... successful ofghw transfer |
|
|
|
Nailgunner
Baiting Guru
Joined: 01 May 2008
Posts: 8727
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ
|
Posted:
Sat Dec 01, 2012 1:29 am |
|
^^ Spot on, both of you
And hey presto, you just took a compromised email address out of action. As Vonpaso says, killing off regular webmail addresses like Yahoo, Gmail etc is counterproductive because we can post those addresses here and at Scamwarners and they become searchable by prospective victims. This saves people from getting robbed, which is great. Also, it costs a scammer nothing to make a new one.
Compromised email addresses from legitimate private companies, public sector bodies, .EDU addresses and similar ones that may lend credibility to a scam and which help to bypass spam filters are killed aggressively. Likewise, email only domains like fake bank domains are shot down in the 'fake banks' section. This will cause the lads some pain since they will have been carefully phished or purchased outright, and smashing them up has a considerable impact on their time and resources.
Also, try this yourself - go to http://www.iptrackeronline.com/email-header-analysis.php and cut and paste the entire header into the text box. The results are ... unsurprising This can give you a clue as to where the lads are and what devices and services they use. |
_________________
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least" |
|
|
|
next victim
Baiting Guru
Joined: 27 Mar 2011
Posts: 21158
|
Posted:
Sat Dec 01, 2012 1:33 am |
|
I went ahead and sent a report also in case nobody else has. |
_________________ 291+ x 78+ http://yahoonews01.zxq.net/
500 in 6 - 36 pink 11 black
Chairman's Xmas Parti 2012
Hana, Flip It, G spot, Rosy, Cynthia
- web store
Just read the posting on Eater. You are one sick motherf****r! -Alan
"The skull with bunny ears was a good enough warning" - Nailgunner
mentors- http://forum.419eater.com/forum/cherrie_mentor_program.php
This Derick moral monster! From http:/ /scamnewss.wordpress.com/2011/10/14/derrick-ratt-scammer-beware/ Vlad blog
http://tinyurl.com/btf7872 - Toolbox |
|
|
|
vonpaso xlura
Baiting Guru
Joined: 10 Apr 2011
Posts: 13781
Location: Bertcad, Lojbanistan
|
Posted:
Sat Dec 01, 2012 3:40 am |
|
Nailgunner wrote: |
This si what we use to get intel on lads. |
Can we get motorola on lads? |
_________________ ×12 ×3 ×3
unwashed
×163
×186
Accra - SH Cotonou
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
you are big fool by send a fake payment information and never you contact me again asshole .
your passgae bearing your ATM CATD ... Ant Terrorist Certificate ... legal verterbrate ... expartiate your meaning ... gets to your dwaignted address ... successful ofghw transfer |
|
|
|
Nailgunner
Baiting Guru
Joined: 01 May 2008
Posts: 8727
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ
|
Posted:
Sat Dec 01, 2012 3:43 am |
|
I've never seen it happen but we have goat milk and paint on them
@Next Victim - the more the merrier. |
_________________
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least" |
|
|
|
|