Just go the following e-mail. anybody want to bet on whether its a scam or not?
Good day,
We browsed through your web page and we are interested in ordering some of your products,we are located in Thailand,we will like to know if you have the items in stocks,so kindly get back to me with the right contact person email,phone # and confirmation of website so that we can place my order quickly, and i want to know if you have your own personal shipper or can the order be picked up at your store,please advise so that we can proceed by going ahead to place the order.
If you have a copy of "whois", do a lookup on every IP address in the headers. If you don't have it, post the headers here - it might be an interesting (and educational) exercise...
As much as it smells like a scam, I would probably be tempted to follow up on it. Ask 'em what they want, and how they intend to pay. If they want to pick it up in person, well...
look a little wierd to me, but I don't know enough about them to know.
Received: from horizon.host-care.com ([66.7.205.91]) by isp.att.net (frfwmxc08) with ESMTP id ; Thu, 21 May 2009 16:07:10 +0000 X-Originating-IP: [66.7.205.91] Received: from nobody by horizon.host-care.com with local (Exim 4.69) (envelope-from ) id 1M7AnX-0004nV-Ag for snipped-for-privacy@bellsouth.net; Thu, 21 May 2009 12:07:11 -0400
I treat each and everyone of these like the real thing. I don't send anything until the money has cleared the local bank and the issuing bank. However much you send over the amount of the invoice I keep as a tip, that is done upfront. I don't add laptops to the orders either.
With Thunderbird I choose "View" then "Message Source" and get a window displaying all the text of a received e-mail. The headers are all the lines before the message itself. For example:
Received-SPF: none (No spf1 record for (yahoo.com) ) client-ip=98.136.44.51; envelope-from=; x-ip-name=n75.bullet.mail.sp1.yahoo_com; X-Default-Received-SPF: pass (Last token {ptr:%{d2}} (res=PASS)) client-ip=98.136.44.51; envelope-from=; x-ip-name=n75.bullet.mail.sp1.yahoo_com; Received: from n75.bullet.mail.sp1.yahoo.com (unverified [98.136.44.51]) by surge.jtmweb.com (SurgeMail 3.9e) with ESMTP id 36445513-1776515 for ; Thu, 02 Apr 2009 11:20:08 -0500 Return-Path: X-Verify-SMTP: Host 98.136.44.51 sending to us was not listening Received: from [216.252.122.219] by n75.bullet.mail.sp1.yahoo.com with NNFMP; 02 Apr 2009 16:20:01 -0000 Received: from [67.195.9.82] by t4.bullet.sp1.yahoo.com with NNFMP; 02 Apr 2009 16:20:01 -0000 Received: from [67.195.9.99] by t2.bullet.mail.gq1.yahoo.com with NNFMP;
Received: from [41.210.5.68] by web110012.mail.gq1.yahoo.com via HTTP; Thu, 02 Apr 2009 09:20:00 PDT
X-Mailer: YahooMailClassic/5.2.15 YahooMailWebService/0.7.289.1 Date: Thu, 2 Apr 2009 09:20:00 -0700 (PDT) From: Joseph Brown Subject: Urgent To: undisclosed recipients: ; MIME-Version: 1.0 X-Originating-IP: 98.136.44.51 X-Rcpt-To:
That's all probably going to turn ugly in everybody's news clients, but a quick lookup of 41.210.5.68 (the server from whom Yahoo! got the e-mail) turns out to be a server in Accra-North, Ghana - an unlikely entry point for a message from a "customer" who claimed to be in Australia!
The "X-Originating-IP" may not actually be what you're after.
It takes a little getting used to, but the mystery fades quickly with use. Since you're running Windows (I looked in /your/ headers to see that), you can do a quick Google search on "win32whois" and find a place from which you can download the lookup utility.
Your right nothing at all, what I am doing is sorta profileing these people from thier letter. I may be wrong and they may turn out to be the best customers I have or ever will have. However If it looks like a snake I treat it like a posinious variety until I know for sure.
DEFINITELY a scam. If you want some really entertaining reading on these email scams try this website:
formatting link
I know someone who participates in these "scam baits" and it's truly hysterical the lengths the scammers will go to in order to get at your money. For the most part, they're not the sharpest tools in your shed.
Somebody may. It's still popular. I got one on Craigslist about a tool I was selling, local pick up only. This woman, who spelled her name differently in two emails, wanted to buy te tool "right away," please answer with photos and reason for selling. The ad had two photos in it, and my reason for selling comes under the heading of MYOFB. I let her know it was still for sale. Next, two days later--remember "right away"--I get an email wanting to send a check, have her shipper, etc. SOSDD. Sunday morning, I was at a friend's house to check on his pregnant bulldog and her progress, and we looked at this email from an ebay listing. Guess who showed up, same name first time, exact same wording, same second reply, same name misspelling.
Not sure about your bank, but mine won't transfer funds to another account without a signed request from me.
In spite of that, my SOP calls for the customer's bank to e-mail me directly for the transfer-to account information. If the bank is using a gmail return address...
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.