Skip to main content

Scammers get personal with your friends

Like a efficient biological virus, spam and online scams continue to evolve and take on new forms that elude even the discerning person.
From: "Friends name"
Subject: "Vacation Problems..."
My Family and I are currently on vacation to Madrid (Spain),and we got mugged last night in an alley by a gang of thugs on my way back from shopping, everything i had on me including my cell phone, credit cards were all stolen,quite honestly it was beyond a dreadful experience for me but looking on the bright side  i was not seriously hurt or injured and i am still alive so that is whats important.

 I've reported to the cops here and canceled all my cards,it appeared I had acted quickly enough or they almost would have succeeded in cleaning out my bank account. I'm really having some difficulties clearing my hotel bills and also need to pick up a voucher ticket at the counter for us to catch a flight back home in a couple of hours.

 I was wondering if you could please loan me some money pending when i get things straighten out and I promise to refund as soon as we arrive home safely. All i need to get back is €1,300Euros.

 Write me back and let me know how soon you can get it to us asap.

 Your friend in the business
[my friends personal email signature]
Nigeria scam shirt from Deceptology.com
To be honest, my initial reaction was one of concern.  I'm not very familiar with my friend (more of an acquaintance) but it wouldn't entirely surprise me that they are on vacation and that this could happened.  Being a kind person and subscribing to the idea that I look for opportunities to deeply help my connections, I give it a thought.  Fortunately my better sense of suspicion sets in... so what to do?

Obviously I could just ask my friend if this is legit, but an email response only puts fuel to this fire.  I decided to play along to see how far this would go.  Here is a follow up response that the scammer sent me in another case:
I need a quick loan of $790 to get the Hotel bills settled and get a cab to the airport as soon as I get back home would def refund it back to you immediately...You can have the it wired on my name via Western Union.Here's my info below

Name: Daniel H***** Location:  63 Cannon Street
London, EC4N 5AA, UK

As soon as it is done, kindly get back to me with the confirmation number. Let me know when if you are heading to the WU outlet now???
In another case they tell me to wire money to a Western Union located in this dumpy looking neighborhood in Spain.  I suggest to help my friend by traveling out and getting them.  But after doing a little dialog, the scammer gives up or senses that I'm onto them and stops responding.

So how can you know for sure that this is a scam?

Fortunately most email service providers properly maintain the source IP address of the sending machine.  To view this, you must look at the raw original email message; in GMail do this by selecting "Show Original" in the message actions.  The raw message headers can be difficult to read, but look for something that looks like this:
Received: from [197.242.108.159] by web122905.mail.ne1.yahoo.com via HTTP; Sun, 16 Oct 2011 00:50:13 PDT
This directive identifies that Yahoo's mail server accepted the message to be sent via HTTP (web browser) from the IP 197.242.108.159.  You can run a reverse IP check at and it

The IP is delegated by Nigeria and currently allocated to a company called Cybercity Ebene on the African island of Mauritius.  So, unless my friend says that she being held as a Nigerian hostage, we can safely dismiss the authenticity of the message at this point.

WHOIS

I don't always dissect emails from my friends, but when I do.. I use whois.sc (aka domaintools).  Whois is a service that can retrieve information about the ownership of an IP or domain name.  It's very easy to type in the browser address bar, here are the two primary ways its works:
  http://whois.sc/[IP_address] i.e.: http://whois.sc/197.242.108.159
  http://whois.sc/[domainname.com] i.e.: http://whois.sc/esold.com

You just need to remember to use 'whois' and think about USC Football (my alma mater!)

Stay internet savvy my friends.

Comments

Anonymous said…
You actually make it seem so easy with your presentation but I find this matter to be really something that I think I would
never understand. It seems too complex and extremely broad for me.
I'm looking forward for your next post, I will try to get the hang of it!

Here is my web site; small business in yellow pages
7:55 AM
Anonymous said…
What i don't understood is in truth how you're now not actually
a lot more well-preferred than you may be now. You are so intelligent.
You already know therefore significantly on the subject of this matter, made me individually consider it
from a lot of numerous angles. Its like men and women
don't seem to be involved except it is something to do with Woman gaga! Your individual stuffs outstanding. All the time maintain it up!

Feel free to surf to my web-site; posting term papers is improving education
5:16 PM
Anonymous said…
What's up, the whole thing is going well here and ofcourse every one is sharing data, that's actually fine, keep up writing.


my page; film discussion questions for serpico
5:31 PM
Anonymous said…
Hello There. I found your blog using msn. This is a really well written article.
I will be sure to bookmark it and return to read more of your useful information.
Thanks for the post. I'll definitely return.

my web blog: term paper sites
8:07 PM
Anonymous said…
Hey there, You've done a fantastic job. I will certainly digg it and personally suggest to my friends. I am confident they will be benefited from this website.

my web blog - small business directory white pages
10:45 PM
Anonymous said…
My developer is trying to persuade me to move to .net from PHP.
I have always disliked the idea because
of the expenses. But he's tryiong none the less. I've been using WordPress on various websites for about a year and am nervous about
switching to another platform. I have heard good things about blogengine.
net. Is there a way I can transfer all my wordpress posts
into it? Any help would be really appreciated!


Feel free to surf to my blog post :: computer repair Charlotte
5:14 AM
Anonymous said…
I am really inspired with your writing skills as neatly as
with the structure on your weblog. Is that this a paid theme or did you customize it your self?
Either way stay up the nice high quality writing,
it is uncommon to see a nice blog like this one nowadays.
.

my page business lookup
6:22 AM
Post a Comment

Popular posts from this blog

Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)

Windows Networking Firewall failure Error Upon trying to open and configure the Windows built-in Firewall, you receive the error: "Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)" Cause is due to settings left in by "Routing and Remote Access" service. Even if the service is stopped, Windows will still report this error because the network card bindings are still being held by RRAS. Disable RRAS by opening the MMC for it and "Disable Remote Access and Routing". This can also be found by Right -clicking "My Computer", opening the Service and Application node. By Disabling RRAS in this way, the network protocol interface bindings are removed allowing for the Windows Firewall and Connection Sharing service to take over.
27 comments
Read more

VB.Net code to control mouse movement and click

VB.Net code to perform mouse movements and clicks. Include references at the top of the class code file to Windows interface libraries: Public Declare Auto Function SetCursorPos Lib "User32.dll" (ByVal X As Integer, ByVal Y As Integer) As Integer Public Declare Auto Function GetCursorPos Lib "User32.dll" (ByRef lpPoint As Point) As Integer Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer) Some fixed constant values will be needed, so include these as basic names: Public Const MOUSEEVENTF_LEFTDOWN = &H2 Public Const MOUSEEVENTF_LEFTUP = &H4 Public Const MOUSEEVENTF_MIDDLEDOWN = &H20 Public Const MOUSEEVENTF_MIDDLEUP = &H40 Public Const MOUSEEVENTF_RIGHTDOWN = &H8 Public Const MOUSEEVENTF_RIGHTUP = &H10 Public Const MOUSEEVENTF_MOVE = &H1 This
47 comments
Read more

Remove Acrobat Toolbar Plugin From Outlook and Office

After installing Acrobat Reader or Professional, a toolbar surfaces in Microsoft Office applications. It wouldn't be so bad except that even when you select to remove the Plugin, it comes right back after the office application restarts. Worse yet, the toolbar puts itself on a new line each time, reducing the usable window size. Since I rarely use this toolbar and would rather open Acrobat explicitly to use the print, email, or save as PDF features, I got rid of the toolbar. Adobe doesn't make this easy, forcing the toolbar to always be visible, unfortunately you have to modify the windows registry. Warning, don't casually modify the windows registry; since it effectivley controls Windows and most applications. 1. Begin by closing the office applications. 2. Then click start, Run, and type: regedit 3. Browse to the below registry keys and delete each one. Note that HKEY_LOCAL_MACHINE is referenced as HKLM in regedit. Outlook HKEY_LOCAL_MACHINE \Software\Adobe\Acrobat\PD
16 comments
Read more