by carseller
Tue May 24, 2011 10:53 am
I received a scam email via autotrader.com. The email headers are not useful because the message is relayed through autotrader. Unfortunately, the IP address of the "buyer" is not provided by autotrader, so I replied to the scammer to get confirmation.
Here is the initial message from the scammer. It contains the usual red flags (grammar, punctuation, references to the "item").
I sent a generic reply that I knew would not be read. Here is the followup message, with headers. The IP resolves to South Africa. I found it humourous that the message was sent a few minutes after my original reply, yet the scammer apologizes for the late response. The message also contains the standard poor spelling and grammar.
Here is the initial message from the scammer. It contains the usual red flags (grammar, punctuation, references to the "item").
Hello. Do you still want to sale this item ? What is the final price? Get back to me if is still available. Let me know the condition of item Thanks
I sent a generic reply that I knew would not be read. Here is the followup message, with headers. The IP resolves to South Africa. I found it humourous that the message was sent a few minutes after my original reply, yet the scammer apologizes for the late response. The message also contains the standard poor spelling and grammar.
Received: by 10.220.176.130 with SMTP id be2cs97838vcb;
Tue, 24 May 2011 06:54:47 -0700 (PDT)
Received: by 10.42.177.74 with SMTP id bh10mr9560484icb.331.1306245286907;
Tue, 24 May 2011 06:54:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail-iy0-f195.google.com (mail-iy0-f195.google.com [209.85.210.195])
by mx.google.com with ESMTPS id bf2si16199160icb.85.2011.05.24.06.54.45
(version=TLSv1/SSLv3 cipher=OTHER);
Tue, 24 May 2011 06:54:45 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.210.195 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=209.85.210.195;
Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.210.195 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: by mail-iy0-f195.google.com with SMTP id 20so1417730iyi.2
for xxxx; Tue, 24 May 2011 06:54:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.119.105 with SMTP id y41mr3405481ibq.27.1306245285623;
Tue, 24 May 2011 06:54:45 -0700 (PDT)
Received: by 10.231.167.130 with HTTP; Tue, 24 May 2011 06:54:45 -0700 (PDT)
X-Originating-IP: [41.132.5.190]
In-Reply-To: xxxx
References: xxxx
Date: Tue, 24 May 2011 15:54:45 +0200
Message-ID: <[email protected]>
Subject: Re: Important Sales Lead from AutoTrader
From: Jonney Rogers <[email protected]>
To: xxxx
Content-Type: text/plain; charset=ISO-8859-1
Thanks for the prompt response.. Am very sorry for the late response
...I am ready to buy it now for birthday gift for my brother and i am
at sea at the moment as i am a marine engineer and due to the nature
of my work, phone calls making and visiting of website are restricted
but i squeezed out time to check this advert and send you an email
regarding it. I really want it to be a surprise for my brother so i
wont let him know anything about it until it gets delivered to him, i
am sure he will be more than happy with it. I insisted on PayPal
because i don't have access to my bank account online as i don't have
internet banking, but i can pay from my PayPal, as i have my bank a/c
attached to it, i will need you to give me your PayPal email address
and the price so i can make the payments asap for it and please if you
don't have PayPal account yet, it is very easy to set upgo to
http://www.PayPal.com. and get it set up, after you have set it up i will
only need the e-mail address you use for registration with PayPal so
as to put the money through.,
Thanks
--
Hello.
Do you still want to sale this item ?
Get back to me if is still available.
Let me know the condition of item
Thanks