New Kind Of Scam ?

[mike802]

I had a customer contact me vi e-mail asking what credit cards I accepted and if I shipped over seas.  I told him what cards I accepted and that I would be willing to ship over seas.  Next e-mail I get he wants the address to my web site so he can choose what products he wants, I give him the address.  Then he e-mails me with a list of products and asks me to quote on shipping.  I total his order and tell him I need a shipping address to give him a quote.  He gets back to me and wants me to use a shipper by the name of World Wide Logistics Solutions.  I googled the company and they look on the level, he says he will give me his cc info as soon as I quote him the order total including shipping.

For some reason this whole thing smells fishy.  Anyone ever hear of, or done business with World Wide Logistics Solutions?  The customer is supposedly in Australia, his English is alright in the first e-mails, but in the last one its like a different person typing and the grammar is all off.  So far I cant see the angle if this is a scam.

[Gregg @ Keystone Sewing]

This "New Kind of Scam" seem fairly old hat to me!

I could go on an on but;

Inform the buyer that you will do EVERYTHING within your power to confirm he is ligit, including varfying his CC.

If he is legit, then he has nothing to worry about right?

Don't make ths misake of thinking that if you get a CC payment you are in the clear, with money in the bank.  They can always reverse charges, cancel payment, or a bunch of things you never heard of. 

Even threaten to ask for direct bank transfer (most succure).  He is a serious buyer, right? 

999 times out of 1,000, they will bail.

[ajlelectronics]

It is an absolutely standard scam. If you check the sending IP in the email header, you will find that it does not come from an Australian server. Most likely you will find that it points to the Ivory Coast where a large proportion of these scams originate.

If the OP didn't know of your website etc before you told him about it, how does he know that he wants your products?

The way it works is this....

OP makes a good size order. He gives you the CC details which will all check out. You are asked to take the extra money to pay the legitimate shipper's fee. You do all this and the goods are despatched and you admire your new bank balance.

Then...

The credit card is reversed because it has been reported stolen. So you are now out the goods, shipping and the money.

[mike802]

I see what you guys are saying and figured it would come to something like that eventually.  I don't figure why he wants me to use a different shipper?  It is going to take me alot of extra work to work with a different shipper, I have an account with Fed Ex and am all set up to work with them, thinking of just telling him we ship with Fed Ex and see where this leads from there.  Defiantly think I will let him know I plan on checking up on him.

[ajlelectronics]

I see what you guys are saying and figured it would come to something like that eventually.  I don't figure why he wants me to use a different shipper?  

Likely to be that they allow pickup from depot, so the consignment is untraceable. Otherwise you would be able to find out where the goods got delivered.

The chances of it being legit are tiny. Post me up the header of the email if you would, or PM it to me direct. In your email client, click "view source" and copy, paste it into a new email.  The header looks like this...

From - Mon Jul 19 12:01:18 2010
X-Account-Key: account2
X-UIDL: 0LzdOI-1P6L7B1wji-014meR
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <bounced@freebiegifts.co.uk>
Delivery-Date: Mon, 19 Jul 2010 12:53:28 +0200
Received: from freebiegifts.co.uk (ds7091.dedicated.turbodns.co.uk [94.136.45.35])
   by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis)
   id 0LzdOI-1P6L7B1wji-014meR for John.Smith@a.co.uk; Mon, 19 Jul 2010 12:53:23 +0200
Received: from freebiegifts.co.uk ([86.133.82.7]) by ds7091.dedicated.turbodns.co.uk with MailEnable ESMTP; Mon, 19 Jul 2010 10:56:18 +0100
Reply-To: help@freebiegifts.co.uk
Message-ID: <a7e3431390b8f7d8be1523ae334e50f5@freebiegifts.co.uk>
From: "Freebie Gift Offers Help" <help@freebiegifts.co.uk>
To: <John.Smith@a.co.uk>
Subject: JUSTIN BIEBER EXCLUSIVE OFFER!
Date: Mon, 19 Jul 2010 11:53:08 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=SPLITOR00A_001_6555598D"
X-UI-Junk: AutoMaybeJunk -4 (BAY);

The IP adress shown in red is the sending IP and you can put that into dnsstuff or Samspade etc to investigate it.

[ajlelectronics]

Quite co-incidentally, I just received this....

From - Mon Jul 19 20:52:00 2010
X-Account-Key: account2
X-UIDL: 0MMEE1-1Ogiju37L3-008d2h
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <anonymous@ks307287.kimsufi.com>
Delivery-Date: Mon, 19 Jul 2010 21:51:32 +0200
Received: from ks307287.kimsufi.com (ks307287.kimsufi.com [94.23.228.116])
   by mx.kundenserver.de (node=mxbap3) with ESMTP (Nemesis)
   id 0MMEE1-1Ogiju37L3-008d2h for solitaires@s.co.uk; Mon, 19 Jul 2010 21:51:31 +0200
Received: (qmail 8835 invoked by uid 48); 19 Jul 2010 08:10:01 +0100
Date: 19 Jul 2010 08:10:01 +0100
Message-ID: <20100719071001.8833.qmail@ks307287.kimsufi.com>
To: solitaires@spews.co.uk
Subject:
From: Vindas <vindasmark41@gmail.com>
Reply-To: vindasmark41@gmail.com
MIME-Version: 1.0
X-UI-Junk: AutoMaybeJunk -22 (BAY);
  V01:LE8A1NkW:S0eaYo87teyZUFT0XzTEByPsivPbPbs1bnzbzNLAlpIvp7NuCvd
  jB9nm2WvcfXO7cjgN7qa5HEDPH3OR7wp9F07z1qSTkASNuGIOWnf1If/r1IKCKAG
  tz/fZnZ6cNz/G2S2/t8br5s9E1utV68o8dkXmn8rpexHrzqR1zz9hI3WhP2xGg6S
  O+g8Q7SpKfz+w19R4osFYJ7ARL8TAN85yPvCQAEvv3bYupGvGnWfJ/BdyRnjjMqH
  VkpT2easpeO/vQcEjiH6gIqZhgtNWLHN6FvwXZ+D1HRUha5bgzYfdHckzuXYolbW
  JnYwoI3xZAjb2
Envelope-To: incoming@i.co.uk

Content-Type: text/plain

Content-Transfer-Encoding: 8bit




Good day sir/ma,



    I will like to book for rooms in your place for my clients who will be



coming to your country and  will like to stay in your place for some days



for research and business purpose. I will really appreciate it if you can



kindly get back to me with an urgent reply to my reservation details listed



below.



Below are the of reservation details .



Room Type: 3 Standard single rooms.



Check in date: 15/9/ 2010



Check out date: 22/9/ 2010



Number of guest: 3 people.



Days of stay... 7 days



Guest Names



Mr Lucas moore



Mr Bill Martins



Mrs. marian taylor





        Kindly get back to me as soon as possible with the total cost of the entire

booking. And also let me know if you accept credit cards for payment so that

I can forward my credit card details to you for the payment. Note that all

payment for the reservation shall be charged before the arrival of my

clients.



Thanks



Best Regards



  Vindas



Notice the gmail return address for a start. Secondly, I have no connection with any hotel.

The IP address check shows this...

This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '94.23.192.0 - 94.23.255.255'

inetnum:        94.23.192.0 - 94.23.255.255
netname:        OVH
descr:          OVH SAS
descr:          Dedicated Servers
descr:          http://www.ovh.com
country:        FR
admin-c:        OK217-RIPE
tech-c:         OTC2-RIPE
status:         ASSIGNED PA
mnt-by:         OVH-MNT
changed:        ***@ovh.net 20090402
source:         RIPE

role:           OVH Technical Contact
address:        OVH SAS
address:        140, Quai du Sartel
address:        59100 Roubaix
address:        France
e-mail:         ***@ovh.net
admin-c:        OK217-RIPE
tech-c:         GM84-RIPE
nic-hdl:        OTC2-RIPE
remarks:        ========================================
remarks:        support : *******@ovh.com
remarks:        0 899 701 761 begin_of_the_skype_highlighting              0 899 701 761      end_of_the_skype_highlighting (france only)
remarks:        ========================================
remarks:        troubles:
remarks:        + network : *****@ovh.net
remarks:        + spam    : http://www.spam-rbl.com
remarks:        ========================================
remarks:        peering : ***@ovh.net
remarks:        prefix 213.186.32.0/19
remarks:        prefix 213.251.128.0/18
remarks:        - FreeIX (1Gbs) 213.228.3.244
remarks:        - PariX (1Gbs) 198.32.247.104
remarks:        - SfinX (1Gbs) 194.68.129.144
remarks:        ========================================
notify:         ***@ovh.net
abuse-mailbox:  *****@ovh.net
mnt-by:         OVH-MNT
changed:        ***@ovh.net 20051012
source:         RIPE

person:         Octave Klaba
address:        OVH SAS
address:        140, quai du sartel
address:        59100 Roubaix
address:        France
phone:          +33 3 20 20 09 57        +33 3 20 20 09 57     
fax-no:         +33 3 20 20 09 58
e-mail:         ***@ovh.net
nic-hdl:        OK217-RIPE
abuse-mailbox:  *****@ovh.net
mnt-by:         OVH-MNT
changed:        ***@ovh.net 20051012
source:         RIPE

% Information related to '94.23.0.0/16AS16276'

route:          94.23.0.0/16
descr:          OVH ISP
descr:          Paris, France
origin:         AS16276
notify:         ***@ovh.net
mnt-by:         OVH-MNT
changed:        ***@ovh.net 20080715
source:         RIPE


If you feel minded to report the scammer, the info is in this example page. In *this* case, abuse at ovh etc

[mike802]

Does this help?


Return-Path: tonylagerback@hotmail.com
Received: from imta30.emeryville.ca.mail.comcast.net (LHLO
imta30.emeryville.ca.mail.comcast.net) (76.96.27.233) by
sz0026.wc.mail.comcast.net with LMTP; Sat, 17 Jul 2010 18:38:19 +0000 (UTC)
Received: from snt0-omc2-s4.snt0.hotmail.com ([65.55.90.79])
   by imta30.emeryville.ca.mail.comcast.net with comcast
   id j6eH1e01V1ijV0p0W6eJ8G; Sat, 17 Jul 2010 18:38:18 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=1.1 cv=04NR9mjOBUT5Mysml0IJVYLMfqeUsI0LWTFAGih9JQE=
c=1 sm=1 a=rC4E6a2-jpEA:10 a=2Szoo5r42BwA:10 a=dq7dw3a9-voA:10
a=DPdd6oeZAAAA:8 a=zpkL91DfRNXaNOEOutIA:9 a=VTtMrE79reTkP-TvFlAA:7
a=iQRq5iER9NBhCy5CJqa5qmU88gwA:4 a=wPNLvfGTeEIA:10 a=-fjtycKGSpfALGbi:21
a=jI49X_9nAHvryl1O:21 a=1BhJMatzFhqNnjbA7-EA:9 a=XN2aSsFjPSjlUb5EQ70A:7
a=_Y9vrT8n6pyCAMDokaCG74vK_FEA:4 a=hOrOrHI8tBIHG9FB:21 a=HwWLkuCTDf7gHLuz:21
a=dUYTaMmO0cb34G+xyo+vnA==:117
Received: from SNT125-W35 ([65.55.90.73]) by snt0-omc2-s4.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Sat, 17 Jul 2010 11:38:17 -0700
Message-ID: <SNT125-W35A09CD3932F74E9888C26B5BD0@phx.gbl>
Return-Path: tonylagerback@hotmail.com
Content-Type: multipart/alternative;
   boundary="_6715b2fb-b21a-45e5-b95d-b4314f61addd_"
X-Originating-IP: [41.217.65.13]
From: tony lagerback <tonylagerback@hotmail.com>
To: <mjamsdeninc@comcast.net>
Subject: RE: Order Inquiry
Date: Sat, 17 Jul 2010 14:38:17 -0400
Importance: Normal
In-Reply-To:
<2045733331.147050.1279308255886.JavaMail.root@sz0026a.westchester.pa.mail.comcast.net>
References:
<SNT125-W37D0D83747AB003D65C0ACB5BC0@phx.gbl>,<2045733331.147050.1279308255886.JavaMail.root@sz0026a.westchester.pa.mail.comcast.net>
MIME-Version: 1.0
X-OriginalArrivalTime: 17 Jul 2010 18:38:17.0805 (UTC) FILETIME=[393747D0:01CB25DF]

--_6715b2fb-b21a-45e5-b95d-b4314f61addd_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Dear Mike=2C

Thanks for your reply=2C I really appreciate it. The products I will like =
to purchase from your store are listed below:

3 pieces of  Three Leg Table Lamp colours cherry=2C walnut and mahogany
3 pieces of Prototype Table Lamp
2 pieces of Bobbin Lamp colours cherry=2C walnut

Kindly get back to me with the total cost of my order including the shippin=
g cost to Queensland Australia=2C so that I can forward my credit card deta=
ils to you as soon as possible.

Hope to read from you soon.

Best Regards
Tony Lagerback




                    =20
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with H=
otmail.=20
http://www.windowslive.com/campaign/thenewbusy?tile=3Dmulticalendar&ocid=3D=
PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5=

--_6715b2fb-b21a-45e5-b95d-b4314f61addd_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
--></style>
</head>
<body class=3D'hmmessage'>
Dear Mike=2C

&nbsp=3BThanks for your reply=2C I really appreciate it=
. The products I will like to purchase from your store are listed below:<br=
>
3 pieces of&nbsp=3B Three Leg Table Lamp colours cherry=2C walnut and =
mahogany
3 pieces of Prototype Table Lamp
2 pieces of Bobbin Lamp col=
ours cherry=2C walnut

Kindly get back to me with the total cost of m=
y order including the shipping cost to Queensland Australia=2C so that I ca=
n forward my credit card details to you as soon as possible.

Hope to=
read from you soon.

Best Regards
Tony Lagerback



<=
br>                     
The New Busy think 9 to 5 is a cute idea. Combin=
e multiple calendars with Hotmail.  <a href=3D'http://www.windowslive.com/c=
ampaign/thenewbusy?tile=3Dmulticalendar&ocid=3DPID28326::T:WLMTAGL:ON:WL:en=
-US:WM_HMP:042010_5' target=3D'_new'>Get busy.</a></body>
</html>=

--_6715b2fb-b21a-45e5-b95d-b4314f61addd_--

[JuneC]

I'd set up an escrow bank account and have them wire-transfer the funds to that account.  Once cleared, then ship the goods.  I'd never accept a credit card for overseas shipment for all the reasons stated above.  Also, his English grammar is too bad for someone from Australia. 

June

[sofadoc]

  Also, his English grammar is too bad for someone from Australia. 

June

The bad grammar is part of the scam. The idea is to make you believe that HE is the naive one.

[sunshine_n_pc]

My husband has a check right now for $20K on his computer cork board for  "payment" for his car that was being sold for $12K.  We knew it was a scam but he played along (I told him not to).  Check arrived, he checked it out with the bank and the company that issued the check.  The account was good and the money was available.  However, when he checked with the issuing company, they said the account wasn't being used and no one in the company had purchased the car. 

Checks, even cashier checks, can clear your bank and then several weeks later, when the check hits the "originating" bank they are found to be fake.  It then comes back to YOU to repay the money.  Not a good thing.

[PDQ]

Does this help?

X-Originating-IP: [41.217.65.13]
From: tony lagerback <tonylagerback@hotmail.com>

NIGERIA

Enough said.  ;D

[ajlelectronics]

X-Originating-IP: [41.217.65.13]
From: tony lagerback <tonylagerback@hotmail.com>

NIGERIA

Enough said.  ;D
[/quote]

OK I see the route, but it looks like I am reading the header upside down then?

The top line is the last IP from which it goes to the mail server, but of course that doesn't mean it was the injection point. The Hotmail makes it easy with
X-Originating-IP: [41.217.65.13] of course.

[gene]

You can google and read about the history of Nigeria email scams - it's interesting.

Folks in Nigeria would go to coffee houses that had computers and internet connections. They would spend all day sending out emails like these. Drinking coffee and knowing that they were stealing. The Nigerian government allowed it because it was bringing in money to their economy.

Eventually, international pressure got the government to take some action.

What amazes me is how many people must fall for these scams in order for them to be profitable to the people running the scams.

I'm going to buy your car for 12k, but I trust you so much that I will send you a check for 20k and you cash it and just send me back the extra 8k and I will pick up the car in a week??? Wow! It feels so good to know that some stranger trusts me.

Gene

[mike802]

How did you guys get Nigeria?  I tried it and came up with Wichita Kansas!  Still a long ways from Australia.

[sofadoc]

I'm going to buy your car for 12k, but I trust you so much that I will send you a check for 20k and you cash it and just send me back the extra 8k and I will pick up the car in a week???

My wife sees this several times a week at the bank where she works. When they come in with one of those 20k checks to verify it. She tells them it's a scam, but they REFUSE to believe it. They send out an 8k  check from their OWN account.
My wife tries to do a follow-up by asking them what happened the next time they come in. Most of them are too embarressed to admit that they've been had. They usually say something like "Oh, everything came out fine", while staring at the floor.