by Diamond
Fri Jul 05, 2013 1:58 pm
Received two more scam emails today, almost the same text, just a bit different. An obvious scam to recruit mules who will forward stolen items and/or cash fake checks.
Here's the first message's text:
and here are the headers:
I don't see any sense in posting the second message since it shows the same sender and the text is almost identical. I think you've got the idea.
Here's the first message's text:
We just received your CV from careerbuilder.com and would like to know if you are still job hunting? Our company will be glad to offer you a remote position of Trainee Freight Forwarding Agent. We are accepting applications for employment in order to hire 2-3 people in different states, yet each candidate must be able to fill in immediately.
Position summary:
- Able to receive incoming packages up to 50 lbs at your home address NO PO BOX.
- Verify and keep notes on incoming and outgoing shipments and prepare orders for shipping.
- Own desk, PC, printer, Internet connection. Computer literate, good with MS Office.
- Base salary: $700 per week $36k annually. Bonus: $30 per each order processed within the deadline. NOTE: Trainee FF Agents are only entitled to bonus during the first one month trial period.
- Minimum 25 years of age, high school diploma or GED.
- Own car or pick-up with valid driver's license.
- Responsible and reliable.
Kindly get back to us via email at your earliest convenience so that we can forward you full job summary and guidance on how to get started.
P.S. NO fees or up-front fees apply!
Kind regards,
NNRRU team
and here are the headers:
Received: by 10.76.19.11 with SMTP id a11csp158204oae; Fri, 5 Jul 2013 09:16:48 -0700 (PDT)
X-Received: by 10.58.181.225 with SMTP id dz1mr7286659vec.95.1373041008691; Fri, 05 Jul 2013 09:16:48 -0700 (PDT)
Return-Path: <[email protected]>
Received: from sapper.ethii.com ([208.43.75.193]) by mx.google.com with ESMTPS id to9si2495067vdc.32.2013.07.05.09.16.48 for <[email protected]> (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 05 Jul 2013 09:16:48 -0700 (PDT)
Received-SPF: neutral (google.com: 208.43.75.193 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=208.43.75.193;
Authentication-Results: mx.google.com; spf=neutral (google.com: 208.43.75.193 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from ravings by sapper.ethii.com with local (Exim 4.80.1) (envelope-from <[email protected]>) id 1Uv8gi-0007C3-93 for [email protected];
Fri, 05 Jul 2013 22:16:48 +0600
To: [email protected]
Subject: =?UTF-8?B?V2UgYXJlIENvbnRyYWN0aW5nLiBJbmZvIEF0dGFjaGVk?=
X-PHP-Script: ravings.co.uk/wp-includes/wp.modules.php for 64.27.23.80
From: [email protected]
Reply-To: [email protected]
Errors-To: [email protected]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <[email protected]>
Sender: <[email protected]>
Date: Fri, 05 Jul 2013 22:16:48 +0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sapper.ethii.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [9295 9292] / [47 12]
X-AntiAbuse: Sender Address Domain - sapper.ethii.com
X-Get-Message-Sender-Via: sapper.ethii.com: authenticated_id: ravings/only user confirmed/virtual account not confirmed
I don't see any sense in posting the second message since it shows the same sender and the text is almost identical. I think you've got the idea.