Author |
Message |
Ford
Not quite a Newb
Joined: 26 Dec 2009
Posts: 25
|
Posted:
Thu Jan 07, 2010 9:19 pm |
|
Hola
I received a typical russian scam email in my inbox last week. Person sent lovely model photos claiming to be in Moscow.
I hit the reply button after a couple of emails. Overall I received about 5 emails from the scammer. Last time I replied I got a postmaster error saying user doesn't have an account. My email wasn't delivered. I'm watching to see if another similar email appears under another account.
I would like to understand more about these email headers. So I have posted the header below from when the address was current. Could someone help me with which parts of the header are important? How do I analyse it?
Thanks
Ford
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MDtTQ0w9MA==
X-Message-Status: n:0
X-SID-PRA: Miss Olga <[email protected]>
X-Message-Info: JGTYoYF78jEgPEo9ODRFFNNpbwhe9l81lD3JgTF/DXp41c4uHWmLnL3v/32cNITgmSfwISfFC+3ohQRa6u/KlJZhxESzj09B
Received: from smtp105.plus.mail.re1.yahoo.com ([69.147.102.68]) by snt0-mc4-f12.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 6 Jan 2010 03:56:00 -0800
Received: (qmail 66254 invoked from network); 6 Jan 2010 11:55:59 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:Reply-To:X-Priority:Message-ID:To:Subject:In-Reply-To:References:MIME-Version:Content-Type;
b=MpuewvsNhA/K0KGHYZvf6uVwNWAgBRaisb25EanfRiUrSVRTJ5f6V+1Z1BIkN957bkT7YcmA2a/XRUR0/Vpu4ojBYqWa2IgSJ85mtfB5+55H6LO+Kdr1MeNnEW0uC/Y/cFpSnf2L28wESaCJbTznajHWqkwFOau7D7XUYd8jcjc= ;
Received: from ([email protected] with plain)
by smtp105.plus.mail.re1.yahoo.com with SMTP; 06 Jan 2010 03:55:43 -0800 PST
X-Yahoo-SMTP: deyojISswBAhSMkKIGXSl2Ff.SBUaw--
X-YMail-OSG: bCUSR5wVM1mPA9XbvQNAIgioHyyWcrgvmGW.RMbLVQxoGPqwV5.cU
X-Yahoo-Newman-Property: ymail-3
Date: Wed, 6 Jan 2010 16:49:35 +0500
From: Miss Olga <[email protected]>
Reply-To: Miss Olga <[email protected]>
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: Ford Prefect <[email protected]>
Subject: Olga here again,kiss!
In-Reply-To: <[email protected]>
References: <[email protected]> <[email protected]>,<[email protected]> <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------3E7ECB273C2590"
Return-Path: [email protected]
X-OriginalArrivalTime: 06 Jan 2010 11:56:00.0392 (UTC) FILETIME=[36E25880:01CA8EC7]
snipped long text string - JC |
_________________ x2 |
|
|
|
Vampiremerchant
Baiting Guru
Joined: 01 Nov 2009
Posts: 3227
Location: Scotland
|
Posted:
Fri Jan 08, 2010 7:02 am |
|
The Headers are pointing to Estonia
The following IP addresses were extracted from your headers:
IP Address Probable Country Additional Info
69.147.102.68 United States (Sunnyvale)* Whois Google DNSStuff Urgentmessage.org
80.79.118.220 Estonia (Tallinn)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address
The reason that it was coming back as a postmaster error is probably due to his abusing the account |
_________________ * Help Keep Eater Running - Click here to donate
x 35
x 100
(with thanks to Nigel Tuffnel)
My dear Brother , if I have to you to scam you, May the WROGHT of GOD be upon me and my generation |
|
|
|
Ford
Not quite a Newb
Joined: 26 Dec 2009
Posts: 25
|
Posted:
Fri Jan 08, 2010 8:28 am |
|
Hola
Thanks for that.
So the email is coming out of Estonia.
So the scammer is saying they are in Moscow ready to come to my airport (whereever that is because I've never told them). and want $950 USD dollars because they need to pay for their tickets and on the transfer form - through western union, I must say collection will be any bank (I select) in Moscow. My question is why would the scammer ask a victim for USD if they are supposedly in Moscow wouldn't they want the money in that denomination. Wouldn't that be a first clue to potential victim that something isn't right.
Also in the scammer's email they asked me to list a Moscow bank on the transfer form for them to collect the money. So the money will be collected by another criminal actually in Moscow, but why would they want me to pay $950.00 USD and not Moscow dollars?
Thanks
Ford |
_________________ x2 |
|
|
|
Myuutsu Ichigorei
Not quite a Newb
Joined: 30 Oct 2008
Posts: 22
|
Posted:
Wed Jan 13, 2010 6:32 am |
|
by Moscow dollars I assume you mean Rubels/Roubels the reason for this and why that they wouldn't assume that to be a giveaway is simple. Everywhere piratically accepts dollars. It is an airport that makes contant trips from many countries around the globe they woudl b e getting international travelers from nearly everywhere and since much of the tme American dollars and or Euros are pretty much standardized to a point of acceptance.
Other reasons why they might not say this spells scam is well It is asking for a trip to america it may be a trip to america through an american Company's plane thus their logic may say why woudldnt they pay in american currency to an american company. seems liek decent enough Vlad logic to me.
Finally Its Russia What is Russia famous for in Urban legends of Human trafficking, Mail order brides. Now consider the art of human trafficking or for that matter Mail order bride based scams.You cant say you are buying a human being Thats slavery Human trafficking Huge flags there. But you can say you are Paying for someone to have a decently expensive first class plane ticket. and for the profit margin (in the case of actual human trafficking) the person is sent in the cheapest transport.
The result It looks like you sent a person money for a plane trip and they just Used less and flew cheaper this is easier to get past the radar then Selling a person after all.
He big question though still remains WHy is it in USD instead of Rubles. This rule can exist in legal commerce too. If you are selling something and your buyers primarily buy and sell in Dollars and you primarily deal in Rubels then you have to decide what will maximize sales. Say if something Costs with conversion 800 dollars Nw lets assume 800 dollars is 400 rubles (I don't know the currency exchange rate so this is hypothetical) Now assume that it costs 900 dollars total to get 800 dollars converted to 400 rubles (Conversion feel of 100) Now assume that this has to be through a bank and this bank will also charge 100 to ship the money through in rubles thus total cost is 1000 and you have to go to a bank that does currency exchanges etc. thats a lot of hassle correct. Now take the other way you go to WU and send the 950 and they charge you 100 also Now thats 1050 but lots of less forms lot easier to send through WU and less hassle less paperwork and then the Person in russia does the conversion and as a resuilt he now instead of having an easy 400 rubles anyways now he has 400 also but he has gotten rid of a lot of the hassle. SO the economical business ask themself DO I want to price at 800 USD and they have to go through all the hassle costing total to them of 1000 or do I make the price 950 With total cost of 1050 with no hassle on their part. Even from a legit business perspective They can get more buys at the higher price because of the convenience.
long story short even in legit business asking the American to send in American dollars can raise sells in the end.
i dont know if thats hw world economic work but it is a legit excuse that most Americans would buy...god i hope the lads and vlads don't know enough to think like that to legitimize it. |
|
|
|
|
Ford
Not quite a Newb
Joined: 26 Dec 2009
Posts: 25
|
Posted:
Wed Jan 13, 2010 7:44 am |
|
Hola
Thanks for your explanation.
I understand better.
Ford |
_________________ x2 |
|
|
|
Skerrett
Master Baiter
Joined: 16 Jul 2007
Posts: 214
|
Posted:
Wed Jan 13, 2010 12:36 pm |
|
If you want to check email headers use APELORD - it allows you to put all the header in the box and it will analyse it for you.
Many Russians using proxies so the email may show up as being from Estonia / Italy / Germany or even the USA - suffice it to say that if they claim to be in Moscow and the header is not showing that location = SCAM.
Russians have used dollars as a currency there for many years so even if they collect dollars they can use them. A second point in asking for dollars is that the Rouble does not exist outside Russia . That way the government control the exchange rate not speculators. The exchange rate is closer to 35 roubles to a dollar by the way. Anyway they know that money transfer firms take a bigger commission than regular banks so can either spend the dollars or cash them elsewhere at a better rate.
Finally the letter telling you that they were ready to travel did not specify USA - it merely said "your country" so the script is generic and they use dollars as it is the most widely understood currency. What I mean is that if you lived in France / Italy / Australia you would have the same letter. |
_________________ Be Careful out there
Once the bait is over IMHO you should publish in an open forum or even when you have a few generic mass mails that cant identify your baiting persona -
Prevent the scammer making $$ from victims and that is a real victory, every single thank you from a victim your post alerts preventing a scammer making $$ should be considered a trophy too!!!
One such place is
http://www.romancescam.com
They have sections on Vlads and Lads
Any contact details or links I post are an open invitation to readers to jump on in and write to them
x2 |
|
|
|
Ford
Not quite a Newb
Joined: 26 Dec 2009
Posts: 25
|
Posted:
Sun Jan 17, 2010 9:42 am |
|
Hola
Thanks for that.
In further developments. I received another email from the 'same' person but to another of my email accounts.
This time my address had been spoofed so I couldn't reply and there was a link to a russian bride website.
http://vadesyhu.tumblr.com
Can this site be killed.
Ford |
_________________ x2 |
|
|
|
jacksmith97
Hello I'm New here!
Joined: 16 Jan 2010
Posts: 3
|
Posted:
Mon Jan 18, 2010 6:00 am |
|
I too get such weird mail having Spanish word instead of Russian. |
_________________ social bookmarking |
|
|
|
|