[ RadSafe ] Scammer is using radsafe harvested addresses - beware

Dimiter Popoff didi at tgi-sci.com
Tue Mar 24 21:39:05 CDT 2015


I just got a private email looking as if it comes from one of our
regular posters (i.e. the From: field in the header was his, this is
quite easy to be spoofed by anybody).

The text was clearly a scam - I did not believe for a second this
person would send me such an email - so I looked harder to see what
did the scammer plan to do.

Turned out the clumsiest of things, he had set a different "Reply-to:"
field; so someone who would not bother checking would think he would
be replying to the legitimate address (the one in the "From:" field)
while in fact he would be replying to the other, scammers (designed to
look similar to the legit one) address from the "Reply-to:" field.

Clearly someone is targeting radsafe listmembers - beware.
If in doubt about the identity of emails received privately look
at the message header (look for something like "see original message",
"show full message", "show message header"). The header is typically
largish - 10 to 30 lines if not more. You have to locate the lines starting
with "From:" and "Reply-to:". If the email address (just the part containing
the @) in the Reply-to: field does not match the one in the "From:"
field it is likely a scam (it is still possible the Reply-to: could
be a legitimate address but you should be able to know/verify that).

Dimiter

------------------------------------------------------
Dimiter Popoff, TGI             http://www.tgi-sci.com
------------------------------------------------------
http://www.flickr.com/photos/didi_tgi/sets/72157600228621276/


Here is an excerpt from the message I got (the stolen identity hidden):

> Received: from User (S0106003048dfefd8.gv.shawcable.net [184.66.129.251])
> 	by mtaout-mab02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id DF4E03800009B;
> 	Tue, 24 Mar 2015 11:48:17 -0400 (EDT)
> Reply-To: **********@yahoo.com>
> From: ************ <********@***.com>
> Subject: ***********...................I need your Help
> Date: Tue, 24 Mar 2015 16:49:46 +0100
> 
>  I hope you get this on time. Sorry I didn’t inform you about my trip 
> to Philippines for a program because it was impromptu. The program was
> successful, but our journey has turned a disaster. We were robbed at 
> the park where we went for sight seeing and all my valuables were stolen
> including cash and cell phone and I sustained some cut on my right arm
> in the process, which is seriously painful.  I've reported to the Embassy
> here but their response was too casual. I am sorry if I am inconveniencing
> you, but my problem is my return flight leaves in few hours from now 
> and I am out of cash to settle my hotel bills and the hotel manager won't
> let me leave until I settle the bills, Please I need your help with a
> short loan, all I need is $1,920. I promise to repay you immediately 
> I return home. Please don’t inform anyone about my trip, am so embarrassed
> of myself already. Let me know if you can help me with the money.   
> 
> ************ ( the corect signature)
> 



More information about the RadSafe mailing list