by Faizan Docherty
Thu Aug 21, 2014 4:31 pm
This email was sent to one of my relatives. The scammer is using Facebook to "personalize" the email with his name.
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 2.2.3.50
Originating ISP: Orange
City: Rennes
Country of Origin: France
* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>@gmail.com
Received: by 10.229.232.136 with SMTP id ju8csp643305qcb;
Tue, 19 Aug 2014 12:31:43 -0700 (PDT)
X-Received: by 10.68.111.193 with SMTP id ik1mr46415499pbb.145.1408476703488;
Tue, 19 Aug 2014 12:31:43 -0700 (PDT)
Return-Path: <[email protected]>
Received: from smtpin.mx.facebook.com (smtpout038.ash2.facebook.com. [66.220.157.101])
by mx.google.com with ESMTP id dn9si3680284pdb.153.2014.08.19.12.31.43
for <snipped>@gmail.com>;
Tue, 19 Aug 2014 12:31:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 66.220.157.101 as permitted sender) client-ip=66.220.157.101;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 66.220.157.101 as permitted sender) smtp.mail=forward+Ac3RuaW1vY2tzQGdtYWls ... cebook.com;
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Return-Path: <[email protected]>
DKIM-Signature: <snipped>;
X-Original-To: <snipped>@facebook.com
Authentication-Results: smtpin.mx.facebook.com x-tls.subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com"; auth=pass (cipher=DHE-RSA-AES128-SHA)
Authentication-Results: smtpin.mx.facebook.com; spf=pass smtp.mailfrom=gmail.com
Received-SPF: pass (smtpin.mx.facebook.com: domain gmail.com designates 74.125.82.194 as permitted sender)
Authentication-Results: smtpin.mx.facebook.com; dkim=pass header.d=gmail.com
Received: from [74.125.82.194] ([74.125.82.194:64858] helo=mail-we0-f194.google.com)
by 10.102.107.23 (envelope-from <[email protected]>)
(ecelerity 2.2.3.50 r(45166/45167)) with ESMTPS (cipher=DHE-RSA-AES128-SHA
subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com")
id 5B/BC-18342-916A3F35; Tue, 19 Aug 2014 12:31:38 -0700
Received: by mail-we0-f194.google.com with SMTP id u56so2399220wes.9
for <snipped>@facebook.com>; Tue, 19 Aug 2014 12:31:36 -0700 (PDT)
DKIM-Signature: <snipped>
MIME-Version: 1.0
X-Received: by 10.180.107.170 with SMTP id hd10mr9081200wib.77.1408476696289;
Tue, 19 Aug 2014 12:31:36 -0700 (PDT)
Received: by 10.194.137.6 with HTTP; Tue, 19 Aug 2014 12:31:36 -0700 (PDT)
Date: Tue, 19 Aug 2014 19:31:36 +0000
Message-ID: <CAMpUjWWHOpJ9TV01cFLVMEUY3JTm1hd4V=AXY_h=rzsd5CeHUQ@mail.gmail.com>
Subject: Dear <Last name snipped>,, respond immediately
From: Johnson Pattaego <[email protected]>
To: [email protected]
Content-Type: text/plain; charset=UTF-8
Bcc: <snipped>@facebook.com
Dear <Last name snipped>,
I am Barrister Johnson Pattaego,I contacted you to assist in
repatriating the fund valued at USD $14 million left behind by my late
client Mr.Alexander <Last name snipped> before it gets confiscated by the (Bank)
here in Lome-Togo.
I wait for your favorable response today at [email protected]
Regards.
Barr Johnson Pattaego Esq
Contact me at [email protected]
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
