SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Lurker passing on an excellent scambaiting opportunity

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
redux13
Hello I'm New here!


Joined: 30 Nov 2012
Posts: 6


PostPosted: Fri Nov 30, 2012 9:51 pm Reply with quoteBack to top

Hi folks

As the title states; I am indeed a lurker having enjoyed many a time reading the exploits of 419 scambaiters.

Recently, I have started to receive weird spam, not the usual rubbish I get but of the sort that are from nigerian women needing doctors etc etc. I had deleted them instantly but another came through just recently and I thought this might interest someone looking for a good scambait.

I am not sure if allowed to post the message, it is pretty succint, nothing vulgar or offensive unless you count the fact this guy wants a trusted person to invest $43 million for him. The fact he's never met me makes him an excellent candidate.

I am not interested in the actual scambaiting, not for me I'm afraid - plus given my work - which involves detecting phishing etc (I've entered their sites in the past just to type a very sharp no thanks you filthy scammer into the passwords section - but not in those words, far less politely Very Happy )

I have the email and sender's address if anyone wants it.

Cheers
View user's profileSend private message
Joker
*** BANNED ***


Joined: 26 Jul 2012
Posts: 1123


PostPosted: Fri Nov 30, 2012 10:08 pm Reply with quoteBack to top

Post away on the email address and format before curiosity kills the cat in a violent wok related yet surprisingly delicious accident. Very Happy

You can also post it here in the surplus section:

http://forum.419eater.com/forum/viewforum.php?f=18

_________________
All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر
View user's profileSend private message
redux13
Hello I'm New here!


Joined: 30 Nov 2012
Posts: 6


PostPosted: Fri Nov 30, 2012 10:14 pm Reply with quoteBack to top

Here it is in all it's glory:

From: CAPT. WAYNE GIBBS. <[email protected]>
To:
Sent: Monday, 26 November 2012, 17:40
Subject: Dear Friend



Dear Friend

I hope my e-mail meets you well. I am in need of your assistance. My
name is CAPT. WAYNE GIBBS,of the Engineering Unit of US Military here in
Baghdad Iraq; we have about $45 Million US dollars that we want to move
out of the country in three digital boxes.
My partners and I need a Trustworthy person, whom we can rely on.
someone we can trust to receive the funds on our behalf.For investment.

REGARDS,
CAPT. WAYNE GIBBS.
Email:[email protected]

A true Belter indeedy. Laughing
View user's profileSend private message
Nailgunner
Moderator


Joined: 01 May 2008
Posts: 8709
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ


PostPosted: Fri Nov 30, 2012 10:28 pm Reply with quoteBack to top

Digital boxes, how nice, the old analogue boxes were getting a bit long in the tooth.

Do you have the email headers? sometimes helps to know where it came from.Plus this is a compromised .edu address so it needs reporting and flattening.

Thanks for sharing Smile

_________________
TV Star Elite Ninja Team Member Easter Egg 2012 Jack Boot Safari Closed lad accounts Mortar Tattoo United Kingdom Malaysia South Africa United States France Turkey Nigeria
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least"
View user's profileSend private messageSkype Name
redux13
Hello I'm New here!


Joined: 30 Nov 2012
Posts: 6


PostPosted: Fri Nov 30, 2012 11:25 pm Reply with quoteBack to top

Hi

Nope - it was really basic; just said from CAPTAIN WAYNE GIBBS. Everything contained is in the message. If you click reply, you get the same stuff.

Glad to be of service. These have started springing up more and more so happy to send any your way. Very Happy
View user's profileSend private message
Nailgunner
Moderator


Joined: 01 May 2008
Posts: 8709
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ


PostPosted: Fri Nov 30, 2012 11:30 pm Reply with quoteBack to top

I mean the email source code, if you click "show original" in Gmail or "show headers" in some other webmails, you get a pile of code that shows outgoing and recieving IP addresses, routing info and tons of other stuff. This si what we use to get intel on lads. Often we don't learn much but sometimes it's a nice clue to what's going on. Worth knowing about Wink

_________________
TV Star Elite Ninja Team Member Easter Egg 2012 Jack Boot Safari Closed lad accounts Mortar Tattoo United Kingdom Malaysia South Africa United States France Turkey Nigeria
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least"
View user's profileSend private messageSkype Name
redux13
Hello I'm New here!


Joined: 30 Nov 2012
Posts: 6


PostPosted: Fri Nov 30, 2012 11:34 pm Reply with quoteBack to top

Hello again

Sorry, completely showing myself up to be the scambaiting virgin I am.

Is this what you're after?

From CAPT. WAYNE GIBBS. Mon Nov 26 17:40:11 2012
X-Apparently-To: via 188.125.84.49; Mon, 26 Nov 2012 09:36:12 -0800
Return-Path: <[email protected]>
X-YahooFilteredBulk: 163.20.28.130
Received-SPF: none (domain of tres.ntpc.edu.tw does not designate permitted sender hosts)
X-YMailISG: hC03hvcWLDsOzoLJyifJlESFZaGjBGBGTuw0k1X0CRvB4h2b
kCadJ7g5PbjyaqXRHKp5G_4mfuss3EH8LDpiJAjAuPYQtASvb8wZ1EDAnNbs
nfDDCOjXjFHIXNmNhwejHlGcx8Z3jfCJSwkFyaabkzW5BhDigZjiIDjFtomr
6bR.BwKAConE2jR44McB.OmiryQZhabk3Yo5tEL9OlftzMmUFr7VAiCCjw32
nOHmzHFwhGCA2XogLxfn19BLa1FOrXkTZKikZgAX4JPZ0pRVIoQsbSK63aEn
UjLRQ_WRzE5px4DYZxJWnaHylbf05S44RIjIaer62zvqwhzmGDGKPTkfx6QG
RHIduQCek08BYJ1YwkOTwFfy7yA6TuIUVn11x1pJJwdSRa4N0QGEZxk7PnPg
TqMlA1dU7XfqwF.qP7s1I7sqo2SqLI9XA15_bAm53QtwBMiUnxFcTfDSd.gM
.crifTryJQQRwntKU91K2ako1SpqDzgnEGiKkKcWojAPGFl60Ll2HS1h1fCK
d0PZ5gJu._NmjAeqMxeWh2XNh5fx1TNP3cIi5aYhRHVVWgZ80jYBsZYuRdD0
CcGaDe.c0JQN7sALiX60986iHiRREucrMz5Aaydlr47HxF3F.7VG3RugY9kE
n6JQ_oav8Po9hkkdof0fYIXCzoH_fEIiD0abIwI45biogqBciTbjNkGKwBF6
jKTpXd1OCo8WLEjEOIsuk3DfFUcObdaKVoOTyvnZnLAYzt5fewRAbUkVBmgL
5Lw3z7mteYKSm5DQAWs48qJGYbFK3IJ0fI._p7gUiaqsbWW5kdF64knyqA5H
kcfVtWhE19zdooq2ufUake3ahtn3Z2M2GfSNaJ.cdHf0_uyPnphFCfYO1fVX
9zkwPfq7RyB3jmxr3KkgUaGqYbRPlhVNwur9z_2uISQC..fTDMsjtbStC9Pa
rHjt5UtFy7yXG5yN2PTzOqoDD8a6t56W1Wt3sF9xRmKJldRO8PbJ3BttKXGx
GuZo4GzM3nNAa66JGPqUoxFCtgSQ6mmjSfsXX7QDQEhnr8CxrwFvQRiWr2iV
FZuS_uCChZeQMg_ZRlYssXuOtKE9sHcg2.283LZriA--
X-Originating-IP: [163.20.28.130]
Authentication-Results: mta1029.bt.mail.ird.yahoo.com from=tres.ntpc.edu.tw; domainkeys=neutral (no sig); from=tres.ntpc.edu.tw; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO msa.tres.ntpc.edu.tw) (163.20.28.130)
by mta1029.bt.mail.ird.yahoo.com with SMTP; Mon, 26 Nov 2012 09:36:11 -0800
Received: (from [email protected])
by msa.tres.ntpc.edu.tw (8.11.6/8.11.6) id qAQHeBn93451;
Mon, 26 Nov 2012 09:40:11 -0800 (PST)
(envelope-from [email protected])
Date: Mon, 26 Nov 2012 09:40:11 -0800 (PST)
Message-Id: <[email protected]>
X-Authentication-Warning: msa.tres.ntpc.edu.tw: nobody set sender to [email protected] using -f
From: "CAPT. WAYNE GIBBS." <[email protected]>
To:
Reply-To: [email protected]
Subject: Dear Friend
X-Mailer: NeoMail 1.24
X-IPAddress: 41.71.147.220
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 472
View user's profileSend private message
vonpaso xlura
Different and Distinctive


Joined: 10 Apr 2011
Posts: 12246
Location: Bertcad, Lojbanistan


PostPosted: Sat Dec 01, 2012 1:09 am Reply with quoteBack to top

Yes, those are the headers. Whois on that IP address gives:
[whois.twnic.net]

Netname: T-TP2RC.EDU.TW-NET
Netblock: 163.20.0.0/16

Administrator contact:
[email protected]
so that's the address to tell about the compromised account.

To bait it, you send an email to the Reply-To address. Do not report the Reply-To address to Yahoo; we want it to stay open, so that others who get email from the same scammer can google the address and know that it's a scam.

_________________
Easter Egg 2012 United Kingdom×12 United States×3 Russia×3 CanadaNigeriaGermanyMalaysiaNetherlandsAustraliaTogo
United KingdomUnited KingdomCanada unwashed
Closed lad accounts×75
×110
Safari Accra - SH Cotonou
This is very frustrating ... their said they is know transaction ... I feel very ebasared right now ... I feel very dissapoited again
YOU CAN'T EVEN KEEP YOUR BULLSHIT SCAM STORIES STRAIGHT!! YOU AREN'T EVEN A SMART CRIMINAL!! YOU ARE GOING TO PRISON!!
E NO GO BETTER FOR YOUR MAMA NAA ME U DEY WYNE ABI GOD PUNISHED YOU AND YOUR GENERATION
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
View user's profileSend private messageSend e-mail
Nailgunner
Moderator


Joined: 01 May 2008
Posts: 8709
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ


PostPosted: Sat Dec 01, 2012 1:29 am Reply with quoteBack to top

^^ Spot on, both of you Thumbs up

And hey presto, you just took a compromised email address out of action. As Vonpaso says, killing off regular webmail addresses like Yahoo, Gmail etc is counterproductive because we can post those addresses here and at Scamwarners and they become searchable by prospective victims. This saves people from getting robbed, which is great. Also, it costs a scammer nothing to make a new one.
Compromised email addresses from legitimate private companies, public sector bodies, .EDU addresses and similar ones that may lend credibility to a scam and which help to bypass spam filters are killed aggressively. Likewise, email only domains like fake bank domains are shot down in the 'fake banks' section. This will cause the lads some pain since they will have been carefully phished or purchased outright, and smashing them up has a considerable impact on their time and resources.

Also, try this yourself - go to http://www.iptrackeronline.com/email-header-analysis.php and cut and paste the entire header into the text box. The results are ... unsurprising Rolling Eyes This can give you a clue as to where the lads are and what devices and services they use.

_________________
TV Star Elite Ninja Team Member Easter Egg 2012 Jack Boot Safari Closed lad accounts Mortar Tattoo United Kingdom Malaysia South Africa United States France Turkey Nigeria
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least"
View user's profileSend private messageSkype Name
next victim
Baiting Guru


Joined: 27 Mar 2011
Posts: 21168


PostPosted: Sat Dec 01, 2012 1:33 am Reply with quoteBack to top

I went ahead and sent a report also in case nobody else has.

_________________
Closed lad accounts 291+ x 78+ http://yahoonews01.zxq.net/
500 in 6 - 36 pink 11 black
Safari Chairman's Xmas Parti 2012
Sand Timer Hana, Flip It, G spot, Rosy, Cynthia
Cellphone - web store
Just read the posting on Eater. You are one sick motherf****r! Smile-Alan
"The skull with bunny ears was a good enough warning" - Nailgunner
mentors- http://forum.419eater.com/forum/cherrie_mentor_program.php
This Derick moral monster! From http:/ /scamnewss.wordpress.com/2011/10/14/derrick-ratt-scammer-beware/ Vlad blog
http://tinyurl.com/btf7872 - Toolbox
View user's profileSend private messageSkype Name
vonpaso xlura
Different and Distinctive


Joined: 10 Apr 2011
Posts: 12246
Location: Bertcad, Lojbanistan


PostPosted: Sat Dec 01, 2012 3:40 am Reply with quoteBack to top

Nailgunner wrote:
This si what we use to get intel on lads.

Can we get motorola on lads?

_________________
Easter Egg 2012 United Kingdom×12 United States×3 Russia×3 CanadaNigeriaGermanyMalaysiaNetherlandsAustraliaTogo
United KingdomUnited KingdomCanada unwashed
Closed lad accounts×75
×110
Safari Accra - SH Cotonou
This is very frustrating ... their said they is know transaction ... I feel very ebasared right now ... I feel very dissapoited again
YOU CAN'T EVEN KEEP YOUR BULLSHIT SCAM STORIES STRAIGHT!! YOU AREN'T EVEN A SMART CRIMINAL!! YOU ARE GOING TO PRISON!!
E NO GO BETTER FOR YOUR MAMA NAA ME U DEY WYNE ABI GOD PUNISHED YOU AND YOUR GENERATION
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
View user's profileSend private messageSend e-mail
Nailgunner
Moderator


Joined: 01 May 2008
Posts: 8709
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ


PostPosted: Sat Dec 01, 2012 3:43 am Reply with quoteBack to top

I've never seen it happen but we have goat milk and paint on them Very Happy

@Next Victim - Thumbs up the more the merrier.

_________________
TV Star Elite Ninja Team Member Easter Egg 2012 Jack Boot Safari Closed lad accounts Mortar Tattoo United Kingdom Malaysia South Africa United States France Turkey Nigeria
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least"
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT