Skip to main content

Scammers get personal with your friends

Like a efficient biological virus, spam and online scams continue to evolve and take on new forms that elude even the discerning person.
From: "Friends name"
Subject: "Vacation Problems..."
My Family and I are currently on vacation to Madrid (Spain),and we got mugged last night in an alley by a gang of thugs on my way back from shopping, everything i had on me including my cell phone, credit cards were all stolen,quite honestly it was beyond a dreadful experience for me but looking on the bright side  i was not seriously hurt or injured and i am still alive so that is whats important.

I've reported to the cops here and canceled all my cards,it appeared I had acted quickly enough or they almost would have succeeded in cleaning out my bank account. I'm really having some difficulties clearing my hotel bills and also need to pick up a voucher ticket at the counter for us to catch a flight back home in a couple of hours.

I was wondering if you could please loan me some money pending when i get things straighten out and I promise to refund as soon as we arrive home safely. All i need to get back is €1,300Euros.

Write me back and let me know how soon you can get it to us asap.

Your friend in the business
[my friends personal email signature]
Nigeria scam shirt from Deceptology.com
To be honest, my initial reaction was one of concern.  I'm not very familiar with my friend (more of an acquaintance) but it wouldn't entirely surprise me that they are on vacation and that this could happened.  Being a kind person and subscribing to the idea that I look for opportunities to deeply help my connections, I give it a thought.  Fortunately my better sense of suspicion sets in... so what to do?

Obviously I could just ask my friend if this is legit, but an email response only puts fuel to this fire.  I decided to play along to see how far this would go.  Here is a follow up response that the scammer sent me in another case:
I need a quick loan of $790 to get the Hotel bills settled and get a cab to the airport as soon as I get back home would def refund it back to you immediately...You can have the it wired on my name via Western Union.Here's my info below

Name: Daniel H***** Location:  63 Cannon Street
London, EC4N 5AA, UK

As soon as it is done, kindly get back to me with the confirmation number. Let me know when if you are heading to the WU outlet now???
In another case they tell me to wire money to a Western Union located in this dumpy looking neighborhood in Spain.  I suggest to help my friend by traveling out and getting them.  But after doing a little dialog, the scammer gives up or senses that I'm onto them and stops responding.

So how can you know for sure that this is a scam?

Fortunately most email service providers properly maintain the source IP address of the sending machine.  To view this, you must look at the raw original email message; in GMail do this by selecting "Show Original" in the message actions.  The raw message headers can be difficult to read, but look for something that looks like this:
Received: from [197.242.108.159] by web122905.mail.ne1.yahoo.com via HTTP; Sun, 16 Oct 2011 00:50:13 PDT
This directive identifies that Yahoo's mail server accepted the message to be sent via HTTP (web browser) from the IP 197.242.108.159.  You can run a reverse IP check at and it

The IP is delegated by Nigeria and currently allocated to a company called Cybercity Ebene on the African island of Mauritius.  So, unless my friend says that she being held as a Nigerian hostage, we can safely dismiss the authenticity of the message at this point.

WHOIS

I don't always dissect emails from my friends, but when I do.. I use whois.sc (aka domaintools).  Whois is a service that can retrieve information about the ownership of an IP or domain name.  It's very easy to type in the browser address bar, here are the two primary ways its works:
  http://whois.sc/[IP_address] i.e.: http://whois.sc/197.242.108.159
  http://whois.sc/[domainname.com] i.e.: http://whois.sc/esold.com


You just need to remember to use 'whois' and think about USC Football (my alma mater!)

Stay internet savvy my friends.

Comments

Anonymous said…
You actually make it seem so easy with your presentation but I find this matter to be really something that I think I would
never understand. It seems too complex and extremely broad for me.
I'm looking forward for your next post, I will try to get the hang of it!

Here is my web site; small business in yellow pages
Anonymous said…
What i don't understood is in truth how you're now not actually
a lot more well-preferred than you may be now. You are so intelligent.
You already know therefore significantly on the subject of this matter, made me individually consider it
from a lot of numerous angles. Its like men and women
don't seem to be involved except it is something to do with Woman gaga! Your individual stuffs outstanding. All the time maintain it up!

Feel free to surf to my web-site; posting term papers is improving education
Anonymous said…
What's up, the whole thing is going well here and ofcourse every one is sharing data, that's actually fine, keep up writing.


my page; film discussion questions for serpico
Anonymous said…
Hello There. I found your blog using msn. This is a really well written article.
I will be sure to bookmark it and return to read more of your useful information.
Thanks for the post. I'll definitely return.

my web blog: term paper sites
Anonymous said…
Hey there, You've done a fantastic job. I will certainly digg it and personally suggest to my friends. I am confident they will be benefited from this website.

my web blog - small business directory white pages
Anonymous said…
My developer is trying to persuade me to move to .net from PHP.
I have always disliked the idea because
of the expenses. But he's tryiong none the less. I've been using WordPress on various websites for about a year and am nervous about
switching to another platform. I have heard good things about blogengine.
net. Is there a way I can transfer all my wordpress posts
into it? Any help would be really appreciated!


Feel free to surf to my blog post :: computer repair Charlotte
Anonymous said…
I am really inspired with your writing skills as neatly as
with the structure on your weblog. Is that this a paid theme or did you customize it your self?
Either way stay up the nice high quality writing,
it is uncommon to see a nice blog like this one nowadays.
.

my page business lookup

Popular posts from this blog

Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)

Windows Networking Firewall failure Error Upon trying to open and configure the Windows built-in Firewall, you receive the error: "Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)" Cause is due to settings left in by "Routing and Remote Access" service. Even if the service is stopped, Windows will still report this error because the network card bindings are still being held by RRAS. Disable RRAS by opening the MMC for it and "Disable Remote Access and Routing". This can also be found by Right -clicking "My Computer", opening the Service and Application node. By Disabling RRAS in this way, the network protocol interface bindings are removed allowing for the Windows Firewall and Connection Sharing service to take over.

VB.Net code to control mouse movement and click

VB.Net code to perform mouse movements and clicks. Include references at the top of the class code file to Windows interface libraries: Public Declare Auto Function SetCursorPos Lib "User32.dll" (ByVal X As Integer, ByVal Y As Integer) As Integer Public Declare Auto Function GetCursorPos Lib "User32.dll" (ByRef lpPoint As Point) As Integer Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer) Some fixed constant values will be needed, so include these as basic names: Public Const MOUSEEVENTF_LEFTDOWN = &H2 Public Const MOUSEEVENTF_LEFTUP = &H4 Public Const MOUSEEVENTF_MIDDLEDOWN = &H20 Public Const MOUSEEVENTF_MIDDLEUP = &H40 Public Const MOUSEEVENTF_RIGHTDOWN = &H8 Public Const MOUSEEVENTF_RIGHTUP = &H10 Public Const MOUSEEVENTF_MOVE = &H1 This

Acrobat Reader is Slow to Open

When Adobe starts, the application scan its plugin folder. Each API file that is here is loaded into the application, taking additional load time and much more memory. You can safely prevent Adobe from using these. The developers and product managers at Adobe stuffed several goodies which most end-users rarely use. I recommend getting rid of most of these with the exception of Searching & Form entry. DWTips posted this, but I found the steps slightly different, here is what I recommend:: Close Adobe if it is open. Browse to the folder C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins Create a new folder named Optional Move all files (.api files) to Optional, except EWH32.api, Search.api and AcroForm.api. Now Adobe should starts much quicker.