Porsche Hangout


By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here. - Internet Anti-Fraud Center - now open!

 How are they stealing all these email addys?

View next topic
View previous topic
Post new topicReply to topic
Author Message
Elite Baiter

Joined: 19 Jan 2009
Posts: 1440

PostPosted: Thu Mar 19, 2009 7:01 pm Reply with quoteBack to top

For the last few weeks I've noticed many of the scam emails are showing someone else's legit email addresses in the "From"line.

Silly lads try to distract me by putting **PLEASE REPLY TO (muguscammer)@hotmail** or whatever) right in the subject line, then mentioning many times in their blurb to only reply to THAT address. Guess the dumbasses think I wouldn't notice. Fool can't even spell his name right - Micheal?

Of course I email the real person and inform them their addy has been hijacked by scammers. Quite a few wrote back to say thanks.

Pretty soon it will be impossible to trace scam mail. Anyone else noticing this trend?

Sample: (Mr. C. was happy I let him know about this)

Assets: CONTACT ME ON THIS EMAIL : [email protected]
From: R*** C****** ([email protected])
Sent: March 15, 2009 4:26:57 AM

Dear Sir/Madam,
You have to contact the Email address: [email protected]

I know this will come to you as a surprise because you do not know me, I amBarrister Micheal Ben, the family attorney of theformer Delta state governor Chief James Onanefe Ibori who is presently in detention. My client has mandated me to seek for a trustworthy and capable person that willassist in repatriating his only secured fund that is already with a SecurityCompany, this fund was deposited by himself (Chief James Onanefe Ibori ) beforehis arrest. The true content of the package is $35m (£17m) USD all in 100.00bills. However, this deposit was tagged as family effects, as some of his assetshas been frozen and refrozen. As such I will advise you visit the link below formore details and clarification. Base on the above details, I advise on utmost confidentiality even if you arenot willing to help out, as this is his only securedfund Untouched at the moment. Please kindly furnish me with the following: (a) Your full names,(b) Yourcontact address,(c) Your phone and fax numberss,(d) Company name and address(ifany). Yours Faithfully,Barr. M1cheal Ben.(San)
Email : USE THIS EMAIL [email protected]
View user's profileSend private message
Master Baiter

Joined: 23 May 2008
Posts: 226

PostPosted: Thu Mar 19, 2009 7:04 pm Reply with quoteBack to top

When a program sends an email it is just putting everything in a certain format for you. If you know this format or "Header" you can make a script to send it how you want it. I can send you an email from Bill Gates if you want me to. I do not need access to his email for this to work. I could also take a mugu email and send out a 1,000 emails to other mugus from him.
View user's profileSend private message
never f*cking learns

Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard

PostPosted: Thu Mar 19, 2009 7:06 pm Reply with quoteBack to top

Yep - sadly the From address is separate to the Reply-To address. If you read the RFC for SMTP (basically the instructions for how to 'do' email) you'll see there's no burden of proof that you truly *are* from the email address you gave - this is because email works by passing the message from server to server, and each one can't check. This means it is a trivial job to forge the 'From' address Sad
View user's profileSend private message
Mr Tambourine Man
Sturborn Shit

Joined: 06 Jun 2008
Posts: 3386
Location: Magic swirlin' ship

PostPosted: Thu Mar 19, 2009 7:16 pm Reply with quoteBack to top

Spammers have been doing that for many years. It means than bounces and complaints go to the real owner of the spoofed address.
It's happened to me a couple of times. It doesn't usually last more than a couple of days though.


Closed lad accounts x 4
3 dead websites

is always Good when you have the zeal to be a hitwoman when you out of school,it makes you bold and reall and it makes you more high than any other of your friend.
you dont have a phone.that makes makes you joe butt. Fuck you and go find something to do man. Stop disturbing me please.
This is definitely why you will remain and die in poverty, ignorant of good things and easy acknowledgment of bad things and words. Shame on you, you wicked generation children.
i went you to no that this is not a cheld pray. i went you to get back to me
we are not scammer,we hate scammer as you do.scammer make out life harder and harder,a lot of people think we are scammer,in fact,we are not!! please trustt us
View user's profileSend private message
Baiting Guru

Joined: 04 May 2007
Posts: 2284
Location: Blowing bubbles at 130 fsw

PostPosted: Thu Mar 19, 2009 7:34 pm Reply with quoteBack to top

Yeah, one of my baiting mailboxes just received about 160 bounces from a scam email that someone had obviously sent using my email addy in the TO field. Kinda pissed me off. So naturally I started baiting the lad from another addy. Twisted Evil

Alex Mandl4: The past week has been the worst in my entire life, I have lost weight, I don't sleep at night, I left my job abruptly, and do you think it has been easy for?
Master Nicholas [email protected]: I must confess that i am higly obliged to be a cretin, it is a rare privilegde.
pony pony Safari = Mr. Mandl4 & Mr. Brown, 1480 total miles: Johannesburg to Gaborone; Gaborone to Maun; Back to Gaborone; back to Johannesburg.
Closed lad accounts x15 Malaysia X1 United Kingdom X1

Hello Kitty! <---TS certified.
View user's profileSend private message
Demented Opportunist

Joined: 04 Apr 2006
Posts: 14157
Location: Leading my wolf pack

PostPosted: Thu Mar 19, 2009 8:23 pm Reply with quoteBack to top

One of my catcher accounts got clogged up by several thousand bounces when a Lad put that email address in the FROM field of a cheque scam message.

So naturally I called for a mass bait on the mugu. This is still in progress...

I will heed the advice of a polite horse for it is written that more flies are caught with honey than vinegar... although assault carbines and monstrous wolves are still fun.

"I aim to misbehave."

Asena - Pretty Rose
United Kingdom United Kingdom United Kingdom United Kingdom Spain New Zealand Senegal Ghana Ghana Benin United Kingdom
Mortar x14 Closed lad accounts x 170
Safari x 3 - Oyenka Chidinma Lagos to Cotonou; Dickyboi Lagos to Accra; Femmy Lagos to Porto Novo
Sand Timer x 7: Dufus & Abavana/Capt Joseph Annan/Victor Walla/Ohene Agyekum/James Jeffrey/Peace Akpobor & John Mensah/Tony Kalaby & Addo Gilbert
View user's profileSend private message
Captain Pike
Baiting Guru

Joined: 08 Dec 2005
Posts: 2579
Location: Starbase 11

PostPosted: Thu Mar 19, 2009 8:35 pm Reply with quoteBack to top

I got this one check lad mad at me when he figured out that he wasn't getting the money. He threatened me with legal action. I wrote back to tell him that he was a big giant chicken, and that he should lay an egg for me. I also told him he needed to walk around like a chicken, bob his head back and forth, and flap his arms like wings while making clucking noises.

He then told me that I'd be very sorry for saying that.

Within three days there were 14000+ bounced messages to that account I was baiting him from.

It wasn't about a scam, it was actually a spam on some software product or something like that.

Mortar x13 Closed lad accounts x5 Sand Timer (393 days)

"On the 21st of April 2001, my client? His wife and their three children were involved in a plane crash of Union Transport Africans Flight Boeing 727 in Cotonou, Benin Republic on the December 26,2003" Barrister Olorunshogo Williams, 25 October 2004.

"I am in reciept of your mail,i want you to know that you are really getting on my nerves." Burt Hardley, Wellkang International, 20 November 2007

"Please worry, we have already advice the FBI and they don't need to call you. They are very brianliant and intelident. They will get you soon. " Mr. Paul Rogers, Global Medical Equipment, 20 November 2007

As of 26 February 2009, $2,231,983.53 of fake checks and money orders have been intercepted and removed from circulation.
View user's profileSend private messageSend e-mail
Display posts from previous:      
Post new topicReply to topic

 Jump to:   

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

E-Mail Header Analysis

All Content © 2003 -
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT